astakos: replace CookieAuthenticationMiddleware with a view decorator

reverse commits ab30f5f163a13dfc7f9bec4d263208dd35f09d16 &
1439d6383113b151b6a3316e320a0418fa30d421

decorate also ``django.contrib.auth.views`` utilized by
astakos

snf-astakos-app/astakos/im/cookie.py

@@ -46,7 +46,7 @@ import astakos.im.messages as astakos_messages
 logger = logging.getLogger(__name__)
 
 
-class Cookie():
+class CookieHandler():
     def __init__(self, request, response=None):
         cookies = getattr(request, 'COOKIES', {})
         cookie = unquote(cookies.get(COOKIE_NAME, ''))
@@ -106,10 +106,6 @@ class Cookie():
     def fix(self, response=None):
         self.response = response or self.response
         try:
-            api_call = getattr(self.request, 'api_call', False)
-            if api_call:
-                return
-
             if self.user.is_authenticated():
                 if not self.is_set or not self.is_valid:
                     self.__set()

snf-astakos-app/astakos/im/middleware.py

-# Copyright 2011 GRNET S.A. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-#   1. Redistributions of source code must retain the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer.
-#
-#   2. Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials
-#      provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
-# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
-# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# The views and conclusions contained in the software and
-# documentation are those of the authors and should not be
-# interpreted as representing official policies, either expressed
-# or implied, of GRNET S.A.
-
-from django.http import HttpResponse
-
-from astakos.im.cookie import Cookie
-
-
-class CookieAuthenticationMiddleware(object):
-    def process_request(self, request):
-        cookie = Cookie(request)
-        if cookie.is_valid:
-            return
-
-        response = HttpResponse(status=302)
-        response['Location'] = request.get_full_path()
-        cookie.fix(response)
-        return response
-
-    def process_response(self, request, response):
-        cookie = Cookie(request, response)
-        # if the user authentication status has changed during the processing
-        # set/delete the cookie appropriately
-        if not cookie.is_valid:
-            cookie.fix()
-        return response

snf-astakos-app/astakos/im/models.py

@@ -681,7 +681,7 @@ class AstakosUser(User):
         return url
 
     def get_password_reset_url(self, token_generator=default_token_generator):
-        return reverse('django.contrib.auth.views.password_reset_confirm',
+        return reverse('astakos.im.target.local.password_reset_confirm',
                           kwargs={'uidb36':int_to_base36(self.id),
                                   'token':token_generator.make_token(self)})
 

snf-astakos-app/astakos/im/target/google.py

@@ -56,6 +56,7 @@ from astakos.im import settings
 from astakos.im import auth_providers
 from astakos.im.target import add_pending_auth_provider, get_pending_key, \
     handle_third_party_signup, handle_third_party_login, init_third_party_session
+from astakos.im.decorators import cookie_fix
 
 import logging
 import time
@@ -111,6 +112,7 @@ def login(request):
 
 @requires_auth_provider('google')
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def authenticated(
     request,
     template='im/third_party_check_local.html',

snf-astakos-app/astakos/im/target/linkedin.py

@@ -56,6 +56,7 @@ from astakos.im import settings
 from astakos.im import auth_providers
 from astakos.im.target import add_pending_auth_provider, get_pending_key, \
     handle_third_party_signup, handle_third_party_login, init_third_party_session
+from astakos.im.decorators import cookie_fix
 
 import astakos.im.messages as astakos_messages
 
@@ -74,6 +75,7 @@ authenticate_url       = 'https://www.linkedin.com/uas/oauth/authorize'
 
 @requires_auth_provider('linkedin')
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def login(request):
     init_third_party_session(request)
     resp, content = client.request(request_token_url, "GET")
@@ -97,6 +99,7 @@ def login(request):
 
 @requires_auth_provider('linkedin', login=True)
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def authenticated(
     request,
     template='im/third_party_check_local.html',

snf-astakos-app/astakos/im/target/local.py

@@ -41,6 +41,8 @@ from django.views.decorators.http import require_http_methods
 from django.core.urlresolvers import reverse
 from django.contrib.auth.decorators import login_required
 
+import django.contrib.auth.views as django_auth_views
+
 from astakos.im.util import prepare_response, get_query
 from astakos.im.views import requires_anonymous, signed_terms_required
 from astakos.im.models import PendingThirdPartyUser
@@ -52,6 +54,7 @@ import astakos.im.messages as astakos_messages
 from astakos.im.views import requires_auth_provider
 from astakos.im import settings
 from astakos.im import auth_providers as auth
+from astakos.im.decorators import cookie_fix
 
 from ratelimit.decorators import ratelimit
 
@@ -63,6 +66,7 @@ rate = str(retries) + '/m'
 @require_http_methods(["GET", "POST"])
 @csrf_exempt
 @requires_anonymous
+@cookie_fix
 @ratelimit(field='username', method='POST', rate=rate)
 def login(request, on_failure='im/login.html'):
     """
@@ -133,20 +137,42 @@ def login(request, on_failure='im/login.html'):
 
 
 @require_http_methods(["GET"])
+@cookie_fix
 def password_reset_done(request, *args, **kwargs):
     messages.success(request, _(astakos_messages.PASSWORD_RESET_DONE))
     return HttpResponseRedirect(reverse('index'))
 
 
 @require_http_methods(["GET"])
+@cookie_fix
 def password_reset_confirm_done(request, *args, **kwargs):
     messages.success(request, _(astakos_messages.PASSWORD_RESET_CONFIRM_DONE))
     return HttpResponseRedirect(reverse('index'))
 
 
+@cookie_fix
+def password_reset(request, *args, **kwargs):
+    kwargs['post_reset_redirect'] = reverse(
+            'astakos.im.target.local.password_reset_done')
+    return django_auth_views.password_reset(request, *args, **kwargs)
+
+
+@cookie_fix
+def password_reset_confirm(request, *args, **kwargs):
+    kwargs['post_reset_redirect'] = reverse(
+            'astakos.im.target.local.password_reset_complete')
+    return django_auth_views.password_reset_confirm(request, *args, **kwargs)
+
+
+@cookie_fix
+def password_reset_complete(request, *args, **kwargs):
+    return django_auth_views.password_reset_complete(request, *args, **kwargs)
+
+
 @require_http_methods(["GET", "POST"])
 @signed_terms_required
 @login_required
+@cookie_fix
 @requires_auth_provider('local', login=True)
 def password_change(request, template_name='registration/password_change_form.html',
                     post_change_redirect=None, password_change_form=ExtendedPasswordChangeForm):

snf-astakos-app/astakos/im/target/redirect.py

@@ -45,6 +45,7 @@ from urlparse import urlunsplit, urlsplit, parse_qsl
 from astakos.im.settings import COOKIE_DOMAIN
 from astakos.im.util import restrict_next
 from astakos.im.functions import login as auth_login, logout
+from astakos.im.decorators import cookie_fix
 
 import astakos.im.messages as astakos_messages
 
@@ -54,6 +55,7 @@ logger = logging.getLogger(__name__)
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def login(request):
     """
     If there is no ``next`` request parameter redirects to astakos index page

snf-astakos-app/astakos/im/target/shibboleth.py

@@ -57,6 +57,7 @@ from astakos.im import auth_providers
 from astakos.im import settings
 from astakos.im.target import add_pending_auth_provider, get_pending_key, \
     handle_third_party_signup, handle_third_party_login, init_third_party_session
+from astakos.im.decorators import cookie_fix
 
 import astakos.im.messages as astakos_messages
 import logging
@@ -78,6 +79,7 @@ class Tokens:
 
 @requires_auth_provider('shibboleth')
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def login(
     request,
     template='im/third_party_check_local.html',

snf-astakos-app/astakos/im/target/twitter.py

@@ -57,6 +57,7 @@ from astakos.im import settings
 from astakos.im import auth_providers
 from astakos.im.target import add_pending_auth_provider, get_pending_key, \
     handle_third_party_signup, handle_third_party_login, init_third_party_session
+from astakos.im.decorators import cookie_fix
 
 import astakos.im.messages as astakos_messages
 
@@ -73,6 +74,7 @@ authenticate_url = 'https://api.twitter.com/oauth/authenticate'
 
 @requires_auth_provider('twitter')
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def login(request):
     init_third_party_session(request)
     force_login = request.GET.get('force_login',
@@ -104,6 +106,7 @@ def login(request):
 
 @requires_auth_provider('twitter', login=True)
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def authenticated(
     request,
     template='im/third_party_check_local.html',

snf-astakos-app/astakos/im/templates/im/auth/local_login_form.html

@@ -17,6 +17,6 @@
     
     <div class="form-row submit clearfix">
         <input type="submit" class="submit altcol" value="SUBMIT" />
-        <a class="extra-link" href="{% url django.contrib.auth.views.password_reset %}">Forgot your password?</a>
+        <a class="extra-link" href="{% url astakos.im.target.local.password_reset %}">Forgot your password?</a>
     </div>
-</form> 
\ No newline at end of file
+</form>

snf-astakos-app/astakos/im/templates/im/auth/local_login_prompt.html

@@ -20,7 +20,7 @@
     
     <div class="form-row submit clearfix">
         <input type="submit" class="submit altcol" value="SUBMIT" />
-        <a class="extra-link" href="{% url django.contrib.auth.views.password_reset %}">Forgot your password?</a>
+        <a class="extra-link" href="{% url astakos.im.target.local.password_reset %}">Forgot your password?</a>
       </div>
     </div>
   </form>

snf-astakos-app/astakos/im/templates/registration/password_email.txt

 {% extends "im/email.txt" %}
 
+lfjlajlsflfjl
  
 {% block en_content %}
 To reset your password for {{ BRANDING_COMPANY_NAME|upper }}'s {{ BRANDING_SERVICE_NAME }}, you can use the  link: {{ url }}.
 {% endblock %}
 
-{% block en_note %}{% endblock%}
\ No newline at end of file
+{% block en_note %}{% endblock%}

snf-astakos-app/astakos/im/templates/registration/password_reset_form.html

@@ -14,7 +14,7 @@ Password reset
      {% if "local" in im_modules %}
      
      	
-        <form action="{% url django.contrib.auth.views.password_reset %}" method="post"
+        <form action="{% url astakos.im.target.local.password_reset %}" method="post"
             class="login innerlabels">{% csrf_token %}
             <h2 class="formheader"><span>RESET PASSWORD</span></h2>
             <p>An email will be sent to the address you specify, containing a link that

snf-astakos-app/astakos/im/urls.py

@@ -91,17 +91,15 @@ if settings.EMAILCHANGE_ENABLED:
 
 if 'local' in settings.IM_MODULES:
     urlpatterns += patterns(
-        'astakos.im.target',
-        url(r'^local/?$', 'local.login'),
-        url(r'^password_change/?$', 'local.password_change', {
+        'astakos.im.target.local',
+        url(r'^local/?$', 'login'),
+        url(r'^password_change/?$', 'password_change', {
             'post_change_redirect':'profile',
             'password_change_form':ExtendedPasswordChangeForm},
             name='password_change'),
-        url(r'^local/password_reset/done$', 'local.password_reset_done'),
+        url(r'^local/password_reset/done$', 'password_reset_done'),
         url(r'^local/reset/confirm/done$',
-            'local.password_reset_confirm_done')
-    )
-    urlpatterns += patterns('django.contrib.auth.views',
+            'password_reset_confirm_done'),
         url(r'^local/password_reset/?$', 'password_reset', {
             'email_template_name':'registration/password_email.txt',
             'password_reset_form':ExtendedPasswordResetForm,

snf-astakos-app/astakos/im/views.py

@@ -113,6 +113,7 @@ from astakos.im import auth_providers as auth
 from snf_django.lib.db.transaction import commit_on_success_strict
 from astakos.im.ctx import ExceptionHandler
 from astakos.im import quotas
+from astakos.im.decorators import cookie_fix
 
 logger = logging.getLogger(__name__)
 
@@ -211,6 +212,7 @@ def valid_astakos_user_required(func):
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @signed_terms_required
 def index(request, login_template_name='im/login.html', profile_template_name='im/profile.html', extra_context=None):
     """
@@ -251,6 +253,7 @@ def index(request, login_template_name='im/login.html', profile_template_name='i
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def update_token(request):
     """
@@ -264,6 +267,7 @@ def update_token(request):
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 @transaction.commit_manually
 def invite(request, template_name='im/invitations.html', extra_context=None):
@@ -338,6 +342,7 @@ def invite(request, template_name='im/invitations.html', extra_context=None):
 @require_http_methods(["GET", "POST"])
 @required_auth_methods_assigned(allow_access=True)
 @login_required
+@cookie_fix
 @signed_terms_required
 def edit_profile(request, template_name='im/profile.html', extra_context=None):
     """
@@ -427,6 +432,7 @@ def edit_profile(request, template_name='im/profile.html', extra_context=None):
 
 @transaction.commit_manually
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def signup(request, template_name='im/signup.html', on_success='index',
            extra_context=None, activation_backend=None):
     """
@@ -573,6 +579,7 @@ def signup(request, template_name='im/signup.html', on_success='index',
 @require_http_methods(["GET", "POST"])
 @required_auth_methods_assigned(allow_access=True)
 @login_required
+@cookie_fix
 @signed_terms_required
 def feedback(request, template_name='im/feedback.html', email_template_name='im/feedback_mail.txt', extra_context=None):
     """
@@ -623,6 +630,7 @@ def feedback(request, template_name='im/feedback.html', email_template_name='im/
 
 
 @require_http_methods(["GET"])
+@cookie_fix
 def logout(request, template='registration/logged_out.html',
            extra_context=None):
     """
@@ -663,6 +671,7 @@ def logout(request, template='registration/logged_out.html',
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @transaction.commit_manually
 def activate(request, greeting_email_template_name='im/welcome_email.txt',
              helpdesk_email_template_name='im/helpdesk_notification.txt'):
@@ -711,6 +720,7 @@ def activate(request, greeting_email_template_name='im/welcome_email.txt',
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 def approval_terms(request, term_id=None,
                    template_name='im/approval_terms.html', extra_context=None):
     extra_context = extra_context or {}
@@ -768,6 +778,7 @@ def approval_terms(request, term_id=None,
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @transaction.commit_manually
 def change_email(request, activation_key=None,
                  email_template_name='registration/email_change_email.txt',
@@ -849,6 +860,7 @@ def change_email(request, activation_key=None,
     )
 
 
+@cookie_fix
 def send_activation(request, user_id, template_name='im/login.html',
                     extra_context=None):
 
@@ -876,6 +888,7 @@ def send_activation(request, user_id, template_name='im/login.html',
 
 
 @require_http_methods(["GET"])
+@cookie_fix
 @valid_astakos_user_required
 def resource_usage(request):
 
@@ -907,6 +920,7 @@ def resource_usage(request):
 
 # TODO: action only on POST and user should confirm the removal
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def remove_auth_provider(request, pk):
     try:
@@ -922,6 +936,7 @@ def remove_auth_provider(request, pk):
         raise PermissionDenied
 
 
+@cookie_fix
 def how_it_works(request):
     return render_response(
         'im/how_it_works.html',
@@ -1124,6 +1139,7 @@ def _resources_catalog(for_project=False, for_usage=False):
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_add(request):
     user = request.user
@@ -1174,6 +1190,7 @@ def project_add(request):
 
 
 @require_http_methods(["GET"])
+@cookie_fix
 @valid_astakos_user_required
 def project_list(request):
     projects = ProjectApplication.objects.user_accessible_projects(request.user).select_related()
@@ -1192,6 +1209,7 @@ def project_list(request):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_app_cancel(request, application_id):
     next = request.GET.get('next')
@@ -1226,6 +1244,7 @@ def _project_app_cancel(request, application_id):
 
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_modify(request, application_id):
 
@@ -1288,11 +1307,13 @@ def project_modify(request, application_id):
     return redirect(next)
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_app(request, application_id):
     return common_detail(request, application_id, project_view=False)
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_detail(request, chain_id):
     return common_detail(request, chain_id)
@@ -1389,6 +1410,7 @@ def common_detail(request, chain_or_app_id, project_view=True):
             })
 
 @require_http_methods(["GET", "POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_search(request):
     q = request.GET.get('q', '')
@@ -1432,6 +1454,7 @@ def project_search(request):
         })
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_join(request, chain_id):
     next = request.GET.get('next')
@@ -1462,6 +1485,7 @@ def _project_join(request, chain_id):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_leave(request, chain_id):
     next = request.GET.get('next')
@@ -1490,6 +1514,7 @@ def _project_leave(request, chain_id):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_cancel(request, chain_id):
     next = request.GET.get('next')
@@ -1516,6 +1541,7 @@ def _project_cancel(request, chain_id):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_accept_member(request, chain_id, memb_id):
 
@@ -1541,6 +1567,7 @@ def _project_accept_member(request, chain_id, memb_id):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_remove_member(request, chain_id, memb_id):
 
@@ -1565,6 +1592,7 @@ def _project_remove_member(request, chain_id, memb_id):
 
 
 @require_http_methods(["POST"])
+@cookie_fix
 @valid_astakos_user_required
 def project_reject_member(request, chain_id, memb_id):
 
@@ -1591,6 +1619,7 @@ def _project_reject_member(request, chain_id, memb_id):
 @require_http_methods(["POST"])
 @signed_terms_required
 @login_required
+@cookie_fix
 def project_app_approve(request, application_id):
 
     if not request.user.is_project_admin():
@@ -1617,6 +1646,7 @@ def _project_app_approve(request, application_id):
 @require_http_methods(["POST"])
 @signed_terms_required
 @login_required
+@cookie_fix
 def project_app_deny(request, application_id):
 
     reason = request.POST.get('reason', None)
@@ -1646,6 +1676,7 @@ def _project_app_deny(request, application_id, reason):
 @require_http_methods(["POST"])
 @signed_terms_required
 @login_required
+@cookie_fix
 def project_app_dismiss(request, application_id):
     try:
         app = ProjectApplication.objects.get(id=application_id)
@@ -1676,6 +1707,7 @@ def _project_app_dismiss(request, application_id):
 @require_http_methods(["GET"])
 @required_auth_methods_assigned(allow_access=True)
 @login_required
+@cookie_fix
 @signed_terms_required
 def landing(request):
     context = {'services': Service.catalog(orderfor='dashboard')}

snf-astakos-app/astakos/synnefo_settings.py

@@ -69,7 +69,6 @@ context_processors = [
 middlware_classes = [
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'astakos.im.middleware.CookieAuthenticationMiddleware',
     'synnefo.lib.middleware.LoggingConfigMiddleware',
     'synnefo.lib.middleware.SecureMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',

snf-django-lib/snf_django/lib/api/__init__.py

@@ -97,9 +97,6 @@ def api_method(http_method=None, token_required=True, user_required=True,
                     request.user_uniq = user_info["uuid"]
                     request.user = user_info
 
-                # Mark request as api call
-                request.api_call = True
-
                 # Get the response object
                 response = func(request, *args, **kwargs)