Commit 241fc4d4 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

astakos: replace CookieAuthenticationMiddleware with a view decorator

reverse commits ab30f5f163a13dfc7f9bec4d263208dd35f09d16 &
1439d6383113b151b6a3316e320a0418fa30d421

decorate also ``django.contrib.auth.views`` utilized by
astakos
parent 61191b7d
......@@ -46,7 +46,7 @@ import astakos.im.messages as astakos_messages
logger = logging.getLogger(__name__)
class Cookie():
class CookieHandler():
def __init__(self, request, response=None):
cookies = getattr(request, 'COOKIES', {})
cookie = unquote(cookies.get(COOKIE_NAME, ''))
......@@ -106,10 +106,6 @@ class Cookie():
def fix(self, response=None):
self.response = response or self.response
try:
api_call = getattr(self.request, 'api_call', False)
if api_call:
return
if self.user.is_authenticated():
if not self.is_set or not self.is_valid:
self.__set()
......
# Copyright 2011 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from django.http import HttpResponse
from astakos.im.cookie import Cookie
class CookieAuthenticationMiddleware(object):
def process_request(self, request):
cookie = Cookie(request)
if cookie.is_valid:
return
response = HttpResponse(status=302)
response['Location'] = request.get_full_path()
cookie.fix(response)
return response
def process_response(self, request, response):
cookie = Cookie(request, response)
# if the user authentication status has changed during the processing
# set/delete the cookie appropriately
if not cookie.is_valid:
cookie.fix()
return response
......@@ -681,7 +681,7 @@ class AstakosUser(User):
return url
def get_password_reset_url(self, token_generator=default_token_generator):
return reverse('django.contrib.auth.views.password_reset_confirm',
return reverse('astakos.im.target.local.password_reset_confirm',
kwargs={'uidb36':int_to_base36(self.id),
'token':token_generator.make_token(self)})
......
......@@ -56,6 +56,7 @@ from astakos.im import settings
from astakos.im import auth_providers
from astakos.im.target import add_pending_auth_provider, get_pending_key, \
handle_third_party_signup, handle_third_party_login, init_third_party_session
from astakos.im.decorators import cookie_fix
import logging
import time
......@@ -111,6 +112,7 @@ def login(request):
@requires_auth_provider('google')
@require_http_methods(["GET", "POST"])
@cookie_fix
def authenticated(
request,
template='im/third_party_check_local.html',
......
......@@ -56,6 +56,7 @@ from astakos.im import settings
from astakos.im import auth_providers
from astakos.im.target import add_pending_auth_provider, get_pending_key, \
handle_third_party_signup, handle_third_party_login, init_third_party_session
from astakos.im.decorators import cookie_fix
import astakos.im.messages as astakos_messages
......@@ -74,6 +75,7 @@ authenticate_url = 'https://www.linkedin.com/uas/oauth/authorize'
@requires_auth_provider('linkedin')
@require_http_methods(["GET", "POST"])
@cookie_fix
def login(request):
init_third_party_session(request)
resp, content = client.request(request_token_url, "GET")
......@@ -97,6 +99,7 @@ def login(request):
@requires_auth_provider('linkedin', login=True)
@require_http_methods(["GET", "POST"])
@cookie_fix
def authenticated(
request,
template='im/third_party_check_local.html',
......
......@@ -41,6 +41,8 @@ from django.views.decorators.http import require_http_methods
from django.core.urlresolvers import reverse
from django.contrib.auth.decorators import login_required
import django.contrib.auth.views as django_auth_views
from astakos.im.util import prepare_response, get_query
from astakos.im.views import requires_anonymous, signed_terms_required
from astakos.im.models import PendingThirdPartyUser
......@@ -52,6 +54,7 @@ import astakos.im.messages as astakos_messages
from astakos.im.views import requires_auth_provider
from astakos.im import settings
from astakos.im import auth_providers as auth
from astakos.im.decorators import cookie_fix
from ratelimit.decorators import ratelimit
......@@ -63,6 +66,7 @@ rate = str(retries) + '/m'
@require_http_methods(["GET", "POST"])
@csrf_exempt
@requires_anonymous
@cookie_fix
@ratelimit(field='username', method='POST', rate=rate)
def login(request, on_failure='im/login.html'):
"""
......@@ -133,20 +137,42 @@ def login(request, on_failure='im/login.html'):
@require_http_methods(["GET"])
@cookie_fix
def password_reset_done(request, *args, **kwargs):
messages.success(request, _(astakos_messages.PASSWORD_RESET_DONE))
return HttpResponseRedirect(reverse('index'))
@require_http_methods(["GET"])
@cookie_fix
def password_reset_confirm_done(request, *args, **kwargs):
messages.success(request, _(astakos_messages.PASSWORD_RESET_CONFIRM_DONE))
return HttpResponseRedirect(reverse('index'))
@cookie_fix
def password_reset(request, *args, **kwargs):
kwargs['post_reset_redirect'] = reverse(
'astakos.im.target.local.password_reset_done')
return django_auth_views.password_reset(request, *args, **kwargs)
@cookie_fix
def password_reset_confirm(request, *args, **kwargs):
kwargs['post_reset_redirect'] = reverse(
'astakos.im.target.local.password_reset_complete')
return django_auth_views.password_reset_confirm(request, *args, **kwargs)
@cookie_fix
def password_reset_complete(request, *args, **kwargs):
return django_auth_views.password_reset_complete(request, *args, **kwargs)
@require_http_methods(["GET", "POST"])
@signed_terms_required
@login_required
@cookie_fix
@requires_auth_provider('local', login=True)
def password_change(request, template_name='registration/password_change_form.html',
post_change_redirect=None, password_change_form=ExtendedPasswordChangeForm):
......
......@@ -45,6 +45,7 @@ from urlparse import urlunsplit, urlsplit, parse_qsl
from astakos.im.settings import COOKIE_DOMAIN
from astakos.im.util import restrict_next
from astakos.im.functions import login as auth_login, logout
from astakos.im.decorators import cookie_fix
import astakos.im.messages as astakos_messages
......@@ -54,6 +55,7 @@ logger = logging.getLogger(__name__)
@require_http_methods(["GET", "POST"])
@cookie_fix
def login(request):
"""
If there is no ``next`` request parameter redirects to astakos index page
......
......@@ -57,6 +57,7 @@ from astakos.im import auth_providers
from astakos.im import settings
from astakos.im.target import add_pending_auth_provider, get_pending_key, \
handle_third_party_signup, handle_third_party_login, init_third_party_session
from astakos.im.decorators import cookie_fix
import astakos.im.messages as astakos_messages
import logging
......@@ -78,6 +79,7 @@ class Tokens:
@requires_auth_provider('shibboleth')
@require_http_methods(["GET", "POST"])
@cookie_fix
def login(
request,
template='im/third_party_check_local.html',
......
......@@ -57,6 +57,7 @@ from astakos.im import settings
from astakos.im import auth_providers
from astakos.im.target import add_pending_auth_provider, get_pending_key, \
handle_third_party_signup, handle_third_party_login, init_third_party_session
from astakos.im.decorators import cookie_fix
import astakos.im.messages as astakos_messages
......@@ -73,6 +74,7 @@ authenticate_url = 'https://api.twitter.com/oauth/authenticate'
@requires_auth_provider('twitter')
@require_http_methods(["GET", "POST"])
@cookie_fix
def login(request):
init_third_party_session(request)
force_login = request.GET.get('force_login',
......@@ -104,6 +106,7 @@ def login(request):
@requires_auth_provider('twitter', login=True)
@require_http_methods(["GET", "POST"])
@cookie_fix
def authenticated(
request,
template='im/third_party_check_local.html',
......
......@@ -17,6 +17,6 @@
<div class="form-row submit clearfix">
<input type="submit" class="submit altcol" value="SUBMIT" />
<a class="extra-link" href="{% url django.contrib.auth.views.password_reset %}">Forgot your password?</a>
<a class="extra-link" href="{% url astakos.im.target.local.password_reset %}">Forgot your password?</a>
</div>
</form>
\ No newline at end of file
</form>
......@@ -20,7 +20,7 @@
<div class="form-row submit clearfix">
<input type="submit" class="submit altcol" value="SUBMIT" />
<a class="extra-link" href="{% url django.contrib.auth.views.password_reset %}">Forgot your password?</a>
<a class="extra-link" href="{% url astakos.im.target.local.password_reset %}">Forgot your password?</a>
</div>
</div>
</form>
......
{% extends "im/email.txt" %}
lfjlajlsflfjl
{% block en_content %}
To reset your password for {{ BRANDING_COMPANY_NAME|upper }}'s {{ BRANDING_SERVICE_NAME }}, you can use the link: {{ url }}.
{% endblock %}
{% block en_note %}{% endblock%}
\ No newline at end of file
{% block en_note %}{% endblock%}
......@@ -14,7 +14,7 @@ Password reset
{% if "local" in im_modules %}
<form action="{% url django.contrib.auth.views.password_reset %}" method="post"
<form action="{% url astakos.im.target.local.password_reset %}" method="post"
class="login innerlabels">{% csrf_token %}
<h2 class="formheader"><span>RESET PASSWORD</span></h2>
<p>An email will be sent to the address you specify, containing a link that
......
......@@ -91,17 +91,15 @@ if settings.EMAILCHANGE_ENABLED:
if 'local' in settings.IM_MODULES:
urlpatterns += patterns(
'astakos.im.target',
url(r'^local/?$', 'local.login'),
url(r'^password_change/?$', 'local.password_change', {
'astakos.im.target.local',
url(r'^local/?$', 'login'),
url(r'^password_change/?$', 'password_change', {
'post_change_redirect':'profile',
'password_change_form':ExtendedPasswordChangeForm},
name='password_change'),
url(r'^local/password_reset/done$', 'local.password_reset_done'),
url(r'^local/password_reset/done$', 'password_reset_done'),
url(r'^local/reset/confirm/done$',
'local.password_reset_confirm_done')
)
urlpatterns += patterns('django.contrib.auth.views',
'password_reset_confirm_done'),
url(r'^local/password_reset/?$', 'password_reset', {
'email_template_name':'registration/password_email.txt',
'password_reset_form':ExtendedPasswordResetForm,
......
......@@ -113,6 +113,7 @@ from astakos.im import auth_providers as auth
from snf_django.lib.db.transaction import commit_on_success_strict
from astakos.im.ctx import ExceptionHandler
from astakos.im import quotas
from astakos.im.decorators import cookie_fix
logger = logging.getLogger(__name__)
......@@ -211,6 +212,7 @@ def valid_astakos_user_required(func):
@require_http_methods(["GET", "POST"])
@cookie_fix
@signed_terms_required
def index(request, login_template_name='im/login.html', profile_template_name='im/profile.html', extra_context=None):
"""
......@@ -251,6 +253,7 @@ def index(request, login_template_name='im/login.html', profile_template_name='i
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def update_token(request):
"""
......@@ -264,6 +267,7 @@ def update_token(request):
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
@transaction.commit_manually
def invite(request, template_name='im/invitations.html', extra_context=None):
......@@ -338,6 +342,7 @@ def invite(request, template_name='im/invitations.html', extra_context=None):
@require_http_methods(["GET", "POST"])
@required_auth_methods_assigned(allow_access=True)
@login_required
@cookie_fix
@signed_terms_required
def edit_profile(request, template_name='im/profile.html', extra_context=None):
"""
......@@ -427,6 +432,7 @@ def edit_profile(request, template_name='im/profile.html', extra_context=None):
@transaction.commit_manually
@require_http_methods(["GET", "POST"])
@cookie_fix
def signup(request, template_name='im/signup.html', on_success='index',
extra_context=None, activation_backend=None):
"""
......@@ -573,6 +579,7 @@ def signup(request, template_name='im/signup.html', on_success='index',
@require_http_methods(["GET", "POST"])
@required_auth_methods_assigned(allow_access=True)
@login_required
@cookie_fix
@signed_terms_required
def feedback(request, template_name='im/feedback.html', email_template_name='im/feedback_mail.txt', extra_context=None):
"""
......@@ -623,6 +630,7 @@ def feedback(request, template_name='im/feedback.html', email_template_name='im/
@require_http_methods(["GET"])
@cookie_fix
def logout(request, template='registration/logged_out.html',
extra_context=None):
"""
......@@ -663,6 +671,7 @@ def logout(request, template='registration/logged_out.html',
@require_http_methods(["GET", "POST"])
@cookie_fix
@transaction.commit_manually
def activate(request, greeting_email_template_name='im/welcome_email.txt',
helpdesk_email_template_name='im/helpdesk_notification.txt'):
......@@ -711,6 +720,7 @@ def activate(request, greeting_email_template_name='im/welcome_email.txt',
@require_http_methods(["GET", "POST"])
@cookie_fix
def approval_terms(request, term_id=None,
template_name='im/approval_terms.html', extra_context=None):
extra_context = extra_context or {}
......@@ -768,6 +778,7 @@ def approval_terms(request, term_id=None,
@require_http_methods(["GET", "POST"])
@cookie_fix
@transaction.commit_manually
def change_email(request, activation_key=None,
email_template_name='registration/email_change_email.txt',
......@@ -849,6 +860,7 @@ def change_email(request, activation_key=None,
)
@cookie_fix
def send_activation(request, user_id, template_name='im/login.html',
extra_context=None):
......@@ -876,6 +888,7 @@ def send_activation(request, user_id, template_name='im/login.html',
@require_http_methods(["GET"])
@cookie_fix
@valid_astakos_user_required
def resource_usage(request):
......@@ -907,6 +920,7 @@ def resource_usage(request):
# TODO: action only on POST and user should confirm the removal
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def remove_auth_provider(request, pk):
try:
......@@ -922,6 +936,7 @@ def remove_auth_provider(request, pk):
raise PermissionDenied
@cookie_fix
def how_it_works(request):
return render_response(
'im/how_it_works.html',
......@@ -1124,6 +1139,7 @@ def _resources_catalog(for_project=False, for_usage=False):
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def project_add(request):
user = request.user
......@@ -1174,6 +1190,7 @@ def project_add(request):
@require_http_methods(["GET"])
@cookie_fix
@valid_astakos_user_required
def project_list(request):
projects = ProjectApplication.objects.user_accessible_projects(request.user).select_related()
......@@ -1192,6 +1209,7 @@ def project_list(request):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_app_cancel(request, application_id):
next = request.GET.get('next')
......@@ -1226,6 +1244,7 @@ def _project_app_cancel(request, application_id):
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def project_modify(request, application_id):
......@@ -1288,11 +1307,13 @@ def project_modify(request, application_id):
return redirect(next)
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def project_app(request, application_id):
return common_detail(request, application_id, project_view=False)
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def project_detail(request, chain_id):
return common_detail(request, chain_id)
......@@ -1389,6 +1410,7 @@ def common_detail(request, chain_or_app_id, project_view=True):
})
@require_http_methods(["GET", "POST"])
@cookie_fix
@valid_astakos_user_required
def project_search(request):
q = request.GET.get('q', '')
......@@ -1432,6 +1454,7 @@ def project_search(request):
})
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_join(request, chain_id):
next = request.GET.get('next')
......@@ -1462,6 +1485,7 @@ def _project_join(request, chain_id):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_leave(request, chain_id):
next = request.GET.get('next')
......@@ -1490,6 +1514,7 @@ def _project_leave(request, chain_id):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_cancel(request, chain_id):
next = request.GET.get('next')
......@@ -1516,6 +1541,7 @@ def _project_cancel(request, chain_id):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_accept_member(request, chain_id, memb_id):
......@@ -1541,6 +1567,7 @@ def _project_accept_member(request, chain_id, memb_id):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_remove_member(request, chain_id, memb_id):
......@@ -1565,6 +1592,7 @@ def _project_remove_member(request, chain_id, memb_id):
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def project_reject_member(request, chain_id, memb_id):
......@@ -1591,6 +1619,7 @@ def _project_reject_member(request, chain_id, memb_id):
@require_http_methods(["POST"])
@signed_terms_required
@login_required
@cookie_fix
def project_app_approve(request, application_id):
if not request.user.is_project_admin():
......@@ -1617,6 +1646,7 @@ def _project_app_approve(request, application_id):
@require_http_methods(["POST"])
@signed_terms_required
@login_required
@cookie_fix
def project_app_deny(request, application_id):
reason = request.POST.get('reason', None)
......@@ -1646,6 +1676,7 @@ def _project_app_deny(request, application_id, reason):
@require_http_methods(["POST"])
@signed_terms_required
@login_required
@cookie_fix
def project_app_dismiss(request, application_id):
try:
app = ProjectApplication.objects.get(id=application_id)
......@@ -1676,6 +1707,7 @@ def _project_app_dismiss(request, application_id):
@require_http_methods(["GET"])
@required_auth_methods_assigned(allow_access=True)
@login_required
@cookie_fix
@signed_terms_required
def landing(request):
context = {'services': Service.catalog(orderfor='dashboard')}
......
......@@ -69,7 +69,6 @@ context_processors = [
middlware_classes = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'astakos.im.middleware.CookieAuthenticationMiddleware',
'synnefo.lib.middleware.LoggingConfigMiddleware',
'synnefo.lib.middleware.SecureMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
......
......@@ -97,9 +97,6 @@ def api_method(http_method=None, token_required=True, user_required=True,
request.user_uniq = user_info["uuid"]
request.user = user_info
# Mark request as api call
request.api_call = True
# Get the response object
response = func(request, *args, **kwargs)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment