1 # this somehow is not used anymore - should it not be ?
2 from django.core.context_processors import csrf
3 from django.http import HttpResponseRedirect
4 from django.contrib.auth import authenticate, login, logout, get_user_model
5 from django.template import RequestContext
6 from django.shortcuts import render_to_response
7 from django.shortcuts import render
10 from unfold.loginrequired import FreeAccessView
12 from manifold.core.query import Query
13 #from manifoldapi.manifoldapi import execute_query
14 # LDAP query admin // If transfer this code to actions.py maybe don't need more execute_admin_query
15 from manifoldapi.manifoldapi import execute_query, execute_admin_query
16 # Edelberto - LDAP XXX
17 from portal.models import PendingUser
18 from django.contrib.auth.models import User #Pedro
19 from portal.actions import create_pending_user, create_user, create_user_in_ldap, clear_user_creds
20 from registrationview import RegistrationView
21 from random import randint
22 from hashlib import md5
23 from django.contrib.sites.models import Site
28 from manifoldapi.manifoldresult import ManifoldResult
29 from ui.topmenu import topmenu_items, the_user
30 from myslice.configengine import ConfigEngine
32 from myslice.theme import ThemeView
34 # Edelberto LDAP authentication XXX
37 class HomeView (FreeAccessView, ThemeView):
38 template_name = 'home-view.html'
40 # expose this so we can mention the backend URL on the welcome page
41 def default_env (self):
43 'MANIFOLD_URL':ConfigEngine().manifold_url(),
46 def post (self,request):
47 env = self.default_env()
48 env['theme'] = self.theme
49 env['section'] = "Dashboard"
51 username = request.POST.get('username').lower()
52 password = request.POST.get('password')
54 # LDAP form - If FIBRE, then get the possibilite to authenticate using usernameldap
55 #if self.theme == 'fibre':
56 #usernameldap = request.POST.get('usernameldap')
57 #token = {'usernameldap': usernameldap, 'username': username ,'password': password, 'request': request}
59 ##################################################
60 ########## XXX Edelberto 010914 XXX
61 #################################################
62 ## first you must open a connection to the server
65 l = ldap.initialize("ldap://10.128.0.50:389")
66 # Bind/authenticate with a root user to search all objects
67 l.simple_bind_s("cn=Manager,dc=br,dc=fibre","fibre2013")
69 l.protocol_version = ldap.VERSION3
70 except ldap.LDAPError, e:
75 searchScope = ldap.SCOPE_SUBTREE
76 ## retrieve all attributes
77 retrieveAttributes = None
78 #retrieveAttributes = ['userEnable']
79 searchFilter = "uid=" + username
85 if username != "admin":
86 ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
88 result_type, result_data = l.result(ldap_result_id, 0)
89 if (result_data == []):
90 print "User doesnt exist in LDAP"
93 if result_type == ldap.RES_SEARCH_ENTRY:
94 result_set.append(result_data)
96 result_set.append(result_data)
97 # TRUE or FALSE for userEnable attribute
98 userEnable = result_set[0][0][1]['userEnable'][0]
99 if userEnable == 'TRUE':
102 print "In LDAP and Enabled"
104 dn = result_set[0][0][0]
106 l.simple_bind_s(dn,password)
108 print "User password OK"
112 print "User password WRONG"
114 if in_ldap and enabled and pwd:
115 ldap_mail = result_set[0][0][1]['mail'][0]
117 user_exists = Query().get('local:user') \
119 .filter_by('email', '==', username)
120 results = execute_admin_query(request, user_exists)
121 print "DEBUG: %s" % user_exists
123 print "DEBUG: user exists on MySlice DBs"
125 print "DEBUG: user NOT exists on MySlice DBs"
127 cn = result_set[0][0][1]['cn'][0]
129 sn = result_set[0][0][1]['sn'][0]
131 fname = sn.split(' ')[0]
132 lname = sn.split(' ')[1]
136 #authority_hrn = 'fibre' + '.' + username.split('@')[1]
137 authority_hrn = 'fibre'
145 # user_hrn = 'fibre' + '.' + username.split('@')[1] + '.' + username
146 user_hrn = 'fibre' + '.' + username
149 # Based on registrationview
153 current_site = Site.objects.get_current()
154 current_site = current_site.domain
157 post_email = ldap_mail
158 salt = randint(1,100000)
159 email_hash = md5(str(salt)+post_email).hexdigest()
163 'first_name' : fname,
165 'organization' : authority_hrn,
166 'authority_hrn' : authority_hrn,
168 'username' : username,
169 'password' : password,
170 'current_site' : current_site,
171 'email_hash' : email_hash,
173 'user_hrn' : user_hrn,
174 'reasons' : 'already exists in the LDAP',
176 'validation_link': 'https://' + current_site + '/portal/email_activation/'+ email_hash
181 UserModel = get_user_model()
182 if (re.search(r'^[\w+\s.@+-]+$', user_request['first_name']) == None):
183 errors.append('First name may contain only letters, numbers, spaces and @/./+/-/_ characters.')
184 if (re.search(r'^[\w+\s.@+-]+$', user_request['last_name']) == None):
185 errors.append('Last name may contain only letters, numbers, spaces and @/./+/-/_ characters.')
186 if (re.search(r'^[\w,]+$' , username) == None):
187 errors.append('Username may contain only letters,numbers and -/_ characters.')
188 # checking in django_db !!
189 if PendingUser.objects.filter(email__iexact = user_request['email']):
190 errors.append('Email is pending for validation. Please provide a new email address.')
191 if User.objects.filter(username__iexact = user_request['username']):
192 errors.append('This username is already in use, try another one')
193 # Does the user exist in Manifold?
194 user_query = Query().get('local:user').select('user_id','email')
195 user_details = execute_admin_query(request, user_query)
196 for user_detail in user_details:
197 if user_detail['email'] == user_request['email']:
198 errors.append('Email already registered in Manifold. Please provide a new email address.')
199 # Does the user exist in sfa? [query is very slow!!]
200 #user_query = Query().get('user').select('user_hrn','user_email')
201 # XXX Test based on the user_hrn is quick
202 #user_query = Query().get('user').select('user_hrn','user_email').filter_by('user_hrn','==',user_request['user_hrn'])
203 user_query = Query().get('user').select('user_hrn','user_email').filter_by('user_hrn','==',user_hrn)
204 user_details_sfa = execute_admin_query(request, user_query)
206 #if 'generate' in wsgi_request.POST['question']:
207 user_request['auth_type'] = 'managed'
209 # XXX Common code, dependency ?
210 from Crypto.PublicKey import RSA
211 private = RSA.generate(1024)
213 # Example: private_key = '-----BEGIN RSA PRIVATE KEY-----\nMIIC...'
214 # Example: public_key = 'ssh-rsa AAAAB3...'
215 user_request['private_key'] = private.exportKey()
216 user_request['public_key'] = private.publickey().exportKey(format='OpenSSH')
218 # XXX Verify if errors exist - After!
220 create_user_in_ldap(request, user_request, user_detail)
221 #create_pending_user(request, user_request, user_detail)
223 #create_user(request, user_request)
225 env['state'] = "LDAP associated. Please, login again."
226 return render_to_response(self.template, env, context_instance=RequestContext(request))
230 env['state'] = "Access denied. Verify LDAP userEnable and password."
231 return render_to_response(self.template, env, context_instance=RequestContext(request))
236 print "In LDAP but Disabled"
237 env['state'] = "Access denied. Verify LDAP userEnable."
238 return render_to_response(self.template, env, context_instance=RequestContext(request))
241 except ldap.LDAPError, e:
245 if in_ldap and enabled and pwd or username=="admin":
247 ################################################################################
248 ### XXX Edelberto LDAP auth end XXX
249 ###############################################################################
250 # Follow original code
251 ## pass request within the token, so manifold session key can be attached to the request session.
252 token = {'username': username, 'password': password, 'request': request}
254 # our authenticate function returns either
255 # . a ManifoldResult - when something has gone wrong, like e.g. backend is unreachable
256 # . a django User in case of success
257 # . or None if the backend could be reached but the authentication failed
258 auth_result = authenticate(token=token)
259 # use one or two columns for the layout - not logged in users will see the login prompt
260 # high-level errors, like connection refused or the like
261 if isinstance (auth_result, ManifoldResult):
262 manifoldresult = auth_result
263 # let's use ManifoldResult.__repr__
264 env['state']="%s"%manifoldresult
266 return render_to_response(self.template,env, context_instance=RequestContext(request))
267 # user was authenticated at the backend
268 elif auth_result is not None:
274 if request.user.is_authenticated():
275 env['person'] = self.request.user
276 env['username'] = self.request.user
278 ## check user is pi or not
279 platform_query = Query().get('local:platform').select('platform_id','platform','gateway_type','disabled')
280 account_query = Query().get('local:account').select('user_id','platform_id','auth_type','config')
285 platform_details = execute_query(self.request, platform_query)
286 account_details = execute_query(self.request, account_query)
287 for platform_detail in platform_details:
288 for account_detail in account_details:
289 if platform_detail['platform_id'] == account_detail['platform_id']:
290 if 'config' in account_detail and account_detail['config'] is not '':
291 account_config = json.loads(account_detail['config'])
292 if 'myslice' in platform_detail['platform']:
293 acc_auth_cred = account_config.get('delegated_authority_credentials','N/A')
295 if acc_auth_cred=={} or acc_auth_cred=='N/A':
302 return render_to_response(self.template,env, context_instance=RequestContext(request))
304 env['state'] = "Your account is not active, please contact the site admin."
305 env['layout_1_or_2']="layout-unfold2.html"
307 return render_to_response(self.template,env, context_instance=RequestContext(request))
310 env['state'] = "Your username and/or password were incorrect."
312 return render_to_response(self.template, env, context_instance=RequestContext(request))
314 def get (self, request, state=None):
315 env = self.default_env()
317 if request.user.is_authenticated():
318 ## check user is pi or not
319 platform_query = Query().get('local:platform').select('platform_id','platform','gateway_type','disabled')
320 account_query = Query().get('local:account').select('user_id','platform_id','auth_type','config')
321 # XXX Something like an invalid session seems to make the execute fail sometimes, and thus gives an error on the main page
322 platform_details = execute_query(self.request, platform_query)
323 account_details = execute_query(self.request, account_query)
324 for platform_detail in platform_details:
325 for account_detail in account_details:
326 if 'platform_id' in platform_detail:
327 if platform_detail['platform_id'] == account_detail['platform_id']:
328 if 'config' in account_detail and account_detail['config'] is not '':
329 account_config = json.loads(account_detail['config'])
330 if 'myslice' in platform_detail['platform']:
331 acc_auth_cred = account_config.get('delegated_authority_credentials','N/A')
333 if acc_auth_cred=={} or acc_auth_cred=='N/A':
339 env['person'] = self.request.user
343 env['theme'] = self.theme
344 env['section'] = "Dashboard"
347 env['username']=the_user(request)
348 env['topmenu_items'] = topmenu_items(None, request)
349 if state: env['state'] = state
350 elif not env['username']: env['state'] = None
351 # use one or two columns for the layout - not logged in users will see the login prompt
353 # account_query = Query().get('local:account').select('user_id','platform_id','auth_type','config')
354 # account_details = execute_query(self.request, account_query)
355 # for account_detail in account_details:
356 # account_config = json.loads(account_detail['config'])
357 # platform_name = platform_detail['platform']
358 # if 'myslice' in platform_detail['platform']:
359 # acc_user_cred = account_config.get('delegated_user_credential','N/A')
360 # acc_slice_cred = account_config.get('delegated_slice_credentials','N/A')
361 # acc_auth_cred = account_config.get('delegated_authority_credentials','N/A')
363 # if 'N/A' not in acc_user_cred:
364 # exp_date = re.search('<expires>(.*)</expires>', acc_user_cred)
366 # user_exp_date = exp_date.group(1)
367 # user_cred_exp_list.append(user_exp_date)
369 # my_users = [{'cred_exp': t[0]}
370 # for t in zip(user_cred_exp_list)]
373 # if 'N/A' not in acc_slice_cred:
374 # for key, value in acc_slice_cred.iteritems():
375 # slice_list.append(key)
376 # # get cred_exp date
377 # exp_date = re.search('<expires>(.*)</expires>', value)
379 # exp_date = exp_date.group(1)
380 # slice_cred_exp_list.append(exp_date)
382 # my_slices = [{'slice_name': t[0], 'cred_exp': t[1]}
383 # for t in zip(slice_list, slice_cred_exp_list)]
385 # if 'N/A' not in acc_auth_cred:
386 # for key, value in acc_auth_cred.iteritems():
387 # auth_list.append(key)
389 # exp_date = re.search('<expires>(.*)</expires>', value)
391 # exp_date = exp_date.group(1)
392 # auth_cred_exp_list.append(exp_date)
395 return render_to_response(self.template, env, context_instance=RequestContext(request))