Moved peer lookup and user profile creation into custom user_login function

flowspec/views.py

@@ -27,6 +27,8 @@ from django.forms.models import model_to_dict
 
 from flowspy.flowspec.forms import * 
 from flowspy.flowspec.models import *
+from flowspy.peers.models import *
+
 from registration.models import RegistrationProfile
 
 from copy import deepcopy
@@ -213,9 +215,9 @@ def user_login(request):
     try:
         error_username = False
         error_orgname = False
-        error_affiliation = False
+        error_entitlement = False
         error_mail = False
-        has_affiliation = False
+        has_entitlement = False
         error = ''
         username = request.META['HTTP_EPPN']
         if not username:
@@ -224,11 +226,11 @@ def user_login(request):
         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
-        affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
-        if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
-            has_affiliation = True
-        if not has_affiliation:
-            error_affiliation = True
+        entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
+        if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
+            has_entitlement = True
+        if not has_entitlement:
+            error_entitlement = True
         if not organization:
             error_orgname = True
         if not mail:
@@ -237,11 +239,11 @@ def user_login(request):
             error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
         if error_orgname:
             error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
-        if error_affiliation:
+        if error_entitlement:
             error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
         if error_mail:
             error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
-        if error_username or error_orgname or error_affiliation or error_mail:
+        if error_username or error_orgname or error_entitlement or error_mail:
             return render_to_response('error.html', {'error': error, "missing_attributes": True},
                                   context_instance=RequestContext(request))
         try:
@@ -249,8 +251,14 @@ def user_login(request):
             user_exists = True
         except:
             user_exists = False
-        user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
+        user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail)
         if user is not None:
+            try:
+                peer = Peer.objects.get(domain_name=organization)
+                up = UserProfile.objects.get_or_create(user=user,peer=peer)
+            except:
+                error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue"
+                return render_to_response('error.html', {'error': error})
             if not user_exists:
                 user_activation_notify(user)
             if user.is_active:
@@ -286,7 +294,7 @@ def user_activation_notify(user):
     send_new_mail(settings.EMAIL_SUBJECT_PREFIX + subject, 
                               message, settings.SERVER_EMAIL,
                              get_peer_techc_mails(user), [])
-    
+
 @login_required
 @never_cache
 def add_rate_limit(request):