Commit 320f57a6 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

Updated shibboleth workflow (enable user change email before activation)

Refs: #3041
parent 356a7817
......@@ -92,7 +92,6 @@ ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT 'Password reset on %s alpha2 testing
ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN True Enforce token renewal on password change/reset. If set to False, user can optionally decide
whether to renew the token or not.
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION True Permit local account migration to third party account
ASTAKOS_THIRDPARTY_ACC_ADDITIONAL_FIELDS {'first_name':None, 'last_name':None} The additional user fields appearing during the second step of third party account creation
=========================================== ============================================================================= ===========================================================================================
Administrator functions
......
......@@ -55,7 +55,7 @@ from astakos.im.models import (
from astakos.im.settings import (INVITATIONS_PER_LEVEL, DEFAULT_FROM_EMAIL,
BASEURL, SITENAME, RECAPTCHA_PRIVATE_KEY, DEFAULT_CONTACT_EMAIL,
RECAPTCHA_ENABLED, LOGGING_LEVEL, PASSWORD_RESET_EMAIL_SUBJECT,
NEWPASSWD_INVALIDATE_TOKEN, THIRDPARTY_ACC_ADDITIONAL_FIELDS
NEWPASSWD_INVALIDATE_TOKEN
)
from astakos.im.widgets import DummyWidget, RecaptchaWidget
from astakos.im.functions import send_change_email
......@@ -193,7 +193,7 @@ class ThirdPartyUserCreationForm(forms.ModelForm):
)
class Meta:
model = AstakosUser
fields = ['email', 'third_party_identifier']
fields = ['email', 'third_party_identifier', 'first_name', 'last_name']
def __init__(self, *args, **kwargs):
"""
......@@ -219,16 +219,6 @@ class ThirdPartyUserCreationForm(forms.ModelForm):
% (reverse('latest_terms'), _("the terms"))
self.fields['has_signed_terms'].label = \
mark_safe("I agree with %s" % terms_link_html)
default = fields_for_model(
self._meta.model,
THIRDPARTY_ACC_ADDITIONAL_FIELDS.keys()
)
for fname, field in THIRDPARTY_ACC_ADDITIONAL_FIELDS.iteritems():
if field:
self.fields[fname] = field
self.fields.setdefault(fname, default.get(fname))
self.initial[fname] = getattr(self.instance, fname, None)
def clean_email(self):
email = self.cleaned_data['email']
......
......@@ -154,8 +154,8 @@ class AstakosUser(User):
self.activation_sent = None
super(AstakosUser, self).save(**kwargs)
# set group if does not exist
groupname = 'shibboleth' if self.provider == 'shibboleth' else 'default'
# set default group if does not exist
groupname = 'default'
if groupname not in self.__groupnames:
try:
group = Group.objects.get(name = groupname)
......
......@@ -122,11 +122,4 @@ PASSWORD_RESET_EMAIL_SUBJECT = getattr(settings, 'ASTAKOS_PASSWORD_RESET_EMAIL_S
NEWPASSWD_INVALIDATE_TOKEN = getattr(settings, 'ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN', True)
# Permit local account migration
ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
# A dictionary describing the additional user fields appearing during the second step of third party account creation
from django import forms
THIRDPARTY_ACC_ADDITIONAL_FIELDS = getattr(settings, 'ASTAKOS_THIRDPARTY_ACC_ADDITIONAL_FIELDS', {
'first_name':None,
'last_name':None,
})
\ No newline at end of file
ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
\ No newline at end of file
......@@ -78,28 +78,30 @@ def login(
tokens = request.META
try:
eppn = tokens.get(Tokens.SHIB_EPPN)
if not eppn:
raise KeyError(_('Missing unique token in request'))
if Tokens.SHIB_DISPLAYNAME in tokens:
realname = tokens[Tokens.SHIB_DISPLAYNAME]
elif Tokens.SHIB_CN in tokens:
realname = tokens[Tokens.SHIB_CN]
elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
else:
raise KeyError(_('Missing user name in request'))
except KeyError, e:
extra_context['login_form'] = LoginForm(request=request)
messages.error(request, e)
return render_response(
login_template,
context_instance=get_context(request, extra_context)
)
# try:
# eppn = tokens.get(Tokens.SHIB_EPPN)
# if not eppn:
# raise KeyError(_('Missing unique token in request'))
# if Tokens.SHIB_DISPLAYNAME in tokens:
# realname = tokens[Tokens.SHIB_DISPLAYNAME]
# elif Tokens.SHIB_CN in tokens:
# realname = tokens[Tokens.SHIB_CN]
# elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
# realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
# else:
# raise KeyError(_('Missing user name in request'))
# except KeyError, e:
# extra_context['login_form'] = LoginForm(request=request)
# messages.error(request, e)
# return render_response(
# login_template,
# context_instance=get_context(request, extra_context)
# )
#
# affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '')
# email = tokens.get(Tokens.SHIB_MAIL, '')
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '')
email = tokens.get(Tokens.SHIB_MAIL, '')
eppn, realname, affiliation, email = 'shibboleth1', 'shib Boleth', '', ''
try:
user = AstakosUser.objects.get(
......@@ -115,9 +117,20 @@ def login(
message = _('Your request is pending activation')
messages.error(request, message)
else:
url = reverse('send_activation', kwargs={'user_id':user.id})
message = _('You have not followed the activation link. \
<a href="%s">Provide new email?</a>' % url)
urls = {}
urls['send_activation'] = reverse(
'send_activation',
kwargs={'user_id':user.id}
)
urls['signup'] = reverse(
'shibboleth_signup',
args= [user.username]
)
message = _(
'You have not followed the activation link. \
<a href="%(send_activation)s">Resend activation email?</a> or \
<a href="%(signup)s">Provide new email?</a>' % urls
)
messages.error(request, message)
return render_response(login_template,
login_form = LoginForm(request=request),
......@@ -143,15 +156,13 @@ def login(
else:
if not ENABLE_LOCAL_ACCOUNT_MIGRATION:
url = reverse(
'astakos.im.target.shibboleth.signup'
'shibboleth_signup',
args= [user.username]
)
parts = list(urlsplit(url))
parts[3] = urlencode({'key': user.username})
url = urlunsplit(parts)
return HttpResponseRedirect(url)
else:
template = signup_template
extra_context['key'] = user.username
extra_context['username'] = user.username
extra_context['provider']='shibboleth'
return render_response(
......@@ -163,33 +174,34 @@ def login(
@requires_anonymous
def signup(
request,
username,
backend=None,
on_creation_template='im/third_party_registration.html',
extra_context=None
):
extra_context = extra_context or {}
username = request.GET.get('key')
if not username:
return HttpResponseBadRequest(_('Missing key parameter.'))
try:
pending = PendingThirdPartyUser.objects.get(username=username)
except BaseException, e:
logger.exception(e)
return HttpResponseBadRequest(_('Invalid key.'))
try:
user = AstakosUser.objects.get(username=username)
except BaseException, e:
logger.exception(e)
return HttpResponseBadRequest(_('Invalid key.'))
else:
d = pending.__dict__
d.pop('_state', None)
d.pop('id', None)
user = AstakosUser(**d)
try:
backend = backend or get_backend(request)
except ImproperlyConfigured, e:
messages.error(request, e)
else:
extra_context['form'] = backend.get_signup_form(
provider='shibboleth',
instance=user
)
try:
backend = backend or get_backend(request)
except ImproperlyConfigured, e:
messages.error(request, e)
else:
extra_context['form'] = backend.get_signup_form(
provider='shibboleth',
instance=user
)
extra_context['provider']='shibboleth'
return render_response(
on_creation_template,
......
......@@ -13,8 +13,8 @@
{% if "local" in im_modules %}
<div class="form-stacked">
<h2><span>Already have an account?</span></h2>
<a href="{% url astakos.im.views.index %}?key={{key}}">YES</a>
<a href="{% url astakos.im.target.shibboleth.signup %}?key={{key}}">NO</a>
<a href="{% url astakos.im.views.index %}?key={{username}}">YES</a>
<a href="{% url shibboleth_signup username %}">NO</a>
</div>
{% endif %}
{% endblock %}
\ No newline at end of file
......@@ -56,7 +56,7 @@ urlpatterns = patterns('astakos.im.views',
if EMAILCHANGE_ENABLED:
urlpatterns += patterns('astakos.im.views',
url(r'^email_change/?$', 'change_email', {}, name='email_change'),
url(r'^email_change/confirm/(?P<activation_key>\w+)/', 'change_email', {},
url(r'^email_change/confirm/(?P<activation_key>\w+)/?$', 'change_email', {},
name='email_change_confirm')
)
......@@ -88,7 +88,7 @@ if INVITATIONS_ENABLED:
if 'shibboleth' in IM_MODULES:
urlpatterns += patterns('astakos.im.target',
url(r'^login/shibboleth/?$', 'shibboleth.login'),
url(r'^login/shibboleth/signup/?$', 'shibboleth.signup')
url(r'^shibboleth/signup/(\w+)/?$', 'shibboleth.signup', {}, 'shibboleth_signup')
)
if 'twitter' in IM_MODULES:
......
......@@ -115,10 +115,4 @@
# NEWPASSWD_INVALIDATE_TOKEN = getattr(settings, 'ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN', True)
# Permit local account migration
# ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
# A dictionary describing the additional user fields appearing during the second step of third party account creation
# THIRDPARTY_ACC_ADDITIONAL_FIELDS = getattr(settings, 'ASTAKOS_THIRDPARTY_ACC_ADDITIONAL_FIELDS', {
# 'first_name':None,
# 'last_name':None,
# })
\ No newline at end of file
# ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True)
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment