2017-09-13 01:57:31 +02:00
|
|
|
from django.contrib import messages
|
|
|
|
from django.contrib.auth import authenticate, login
|
|
|
|
from django.contrib.auth.decorators import permission_required
|
2017-09-26 22:18:39 +02:00
|
|
|
from django.contrib.auth.models import User
|
2017-09-25 17:16:19 +02:00
|
|
|
from django.contrib.auth.views import redirect_to_login
|
2018-10-06 12:35:49 +02:00
|
|
|
from django.contrib.messages.views import SuccessMessageMixin
|
2017-09-25 17:16:19 +02:00
|
|
|
from django.core.urlresolvers import reverse, reverse_lazy
|
2017-09-13 01:57:31 +02:00
|
|
|
from django.db.models import Prefetch
|
2017-09-25 17:16:19 +02:00
|
|
|
from django.http import QueryDict
|
|
|
|
from django.shortcuts import redirect, render
|
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
from django.views.decorators.http import require_http_methods
|
2018-10-06 12:35:49 +02:00
|
|
|
from django.views.generic import View
|
2017-09-13 01:57:31 +02:00
|
|
|
from django.views.generic.edit import CreateView, UpdateView
|
|
|
|
|
|
|
|
from .forms import GroupForm
|
2017-09-26 22:18:39 +02:00
|
|
|
from .models import GenericTeamToken, Group
|
2017-09-13 01:57:31 +02:00
|
|
|
|
|
|
|
|
2017-09-25 17:16:19 +02:00
|
|
|
class GenericLoginView(View):
|
|
|
|
"""
|
|
|
|
View to authenticate as kfet generic user.
|
|
|
|
|
|
|
|
It is a 2-step view. First, issue a token if user is a team member and send
|
|
|
|
him to the logout view (for proper disconnect) with callback url to here.
|
|
|
|
Then authenticate the token to log in as the kfet generic user.
|
|
|
|
|
|
|
|
Token is stored in COOKIES to avoid share it with the authentication
|
|
|
|
provider, which can be external. Session is unusable as it will be cleared
|
|
|
|
on logout.
|
|
|
|
"""
|
|
|
|
|
2018-10-06 12:35:49 +02:00
|
|
|
TOKEN_COOKIE_NAME = "kfettoken"
|
|
|
|
|
|
|
|
@method_decorator(require_http_methods(["GET", "POST"]))
|
2017-09-25 17:16:19 +02:00
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
|
|
token = request.get_signed_cookie(self.TOKEN_COOKIE_NAME, None)
|
|
|
|
if not token:
|
2018-10-06 12:35:49 +02:00
|
|
|
if not request.user.has_perm("kfet.is_team"):
|
2017-09-25 17:16:19 +02:00
|
|
|
return redirect_to_login(request.get_full_path())
|
|
|
|
|
2018-10-06 12:35:49 +02:00
|
|
|
if request.method == "POST":
|
2017-09-25 17:16:19 +02:00
|
|
|
# Step 1: set token and logout user.
|
|
|
|
return self.prepare_auth()
|
|
|
|
else:
|
|
|
|
# GET request should not change server/client states. Send a
|
|
|
|
# confirmation template to emit a POST request.
|
2018-10-06 12:35:49 +02:00
|
|
|
return render(
|
|
|
|
request,
|
|
|
|
"kfet/confirm_form.html",
|
|
|
|
{
|
|
|
|
"title": _("Ouvrir une session partagée"),
|
|
|
|
"text": _(
|
|
|
|
"Êtes-vous sûr·e de vouloir ouvrir une session "
|
|
|
|
"partagée ?"
|
|
|
|
),
|
|
|
|
},
|
|
|
|
)
|
2017-09-25 17:16:19 +02:00
|
|
|
else:
|
|
|
|
# Step 2: validate token.
|
|
|
|
return self.validate_auth(token)
|
|
|
|
|
|
|
|
def prepare_auth(self):
|
|
|
|
# Issue token.
|
|
|
|
token = GenericTeamToken.objects.create_token()
|
|
|
|
|
|
|
|
# Prepare callback of logout.
|
|
|
|
here_url = reverse(login_generic)
|
2018-10-06 12:35:49 +02:00
|
|
|
if "next" in self.request.GET:
|
2017-09-25 17:16:19 +02:00
|
|
|
# Keep given next page.
|
|
|
|
here_qd = QueryDict(mutable=True)
|
2018-10-06 12:35:49 +02:00
|
|
|
here_qd["next"] = self.request.GET["next"]
|
|
|
|
here_url += "?{}".format(here_qd.urlencode())
|
2017-09-25 17:16:19 +02:00
|
|
|
|
2018-10-06 12:35:49 +02:00
|
|
|
logout_url = reverse("cof-logout")
|
2017-09-25 17:16:19 +02:00
|
|
|
logout_qd = QueryDict(mutable=True)
|
2018-10-06 12:35:49 +02:00
|
|
|
logout_qd["next"] = here_url
|
|
|
|
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
|
2017-09-25 17:16:19 +02:00
|
|
|
|
|
|
|
resp = redirect(logout_url)
|
2018-10-06 12:35:49 +02:00
|
|
|
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)
|
2017-09-25 17:16:19 +02:00
|
|
|
return resp
|
|
|
|
|
|
|
|
def validate_auth(self, token):
|
|
|
|
# Authenticate with GenericBackend.
|
|
|
|
user = authenticate(request=self.request, kfet_token=token)
|
|
|
|
|
|
|
|
if user:
|
|
|
|
# Log in generic user.
|
|
|
|
login(self.request, user)
|
2018-10-06 12:35:49 +02:00
|
|
|
messages.success(
|
|
|
|
self.request, _("K-Fêt — Ouverture d'une session partagée.")
|
|
|
|
)
|
2017-09-25 17:16:19 +02:00
|
|
|
resp = redirect(self.get_next_url())
|
|
|
|
else:
|
|
|
|
# Try again.
|
|
|
|
resp = redirect(self.request.get_full_path())
|
|
|
|
|
|
|
|
# Prevents blocking due to an invalid COOKIE.
|
|
|
|
resp.delete_cookie(self.TOKEN_COOKIE_NAME)
|
|
|
|
return resp
|
2017-09-13 01:57:31 +02:00
|
|
|
|
2017-09-25 17:16:19 +02:00
|
|
|
def get_next_url(self):
|
2018-10-06 12:35:49 +02:00
|
|
|
return self.request.GET.get("next", reverse("kfet.kpsul"))
|
2017-09-13 01:57:31 +02:00
|
|
|
|
|
|
|
|
2017-09-25 17:16:19 +02:00
|
|
|
login_generic = GenericLoginView.as_view()
|
2017-09-13 01:57:31 +02:00
|
|
|
|
|
|
|
|
2018-10-06 12:35:49 +02:00
|
|
|
@permission_required("kfet.manage_perms")
|
2017-09-13 01:57:31 +02:00
|
|
|
def account_group(request):
|
|
|
|
user_pre = Prefetch(
|
2018-10-06 12:35:49 +02:00
|
|
|
"user_set", queryset=User.objects.select_related("profile__account_kfet")
|
2017-09-13 01:57:31 +02:00
|
|
|
)
|
2019-01-14 22:41:38 +01:00
|
|
|
groups = Group.objects.prefetch_related("permissions", user_pre)
|
2018-10-06 12:35:49 +02:00
|
|
|
return render(request, "kfet/account_group.html", {"groups": groups})
|
2017-09-13 01:57:31 +02:00
|
|
|
|
|
|
|
|
2017-09-26 22:18:39 +02:00
|
|
|
class BaseAccountGroupFormViewMixin:
|
2017-09-13 01:57:31 +02:00
|
|
|
model = Group
|
|
|
|
form_class = GroupForm
|
2019-01-14 22:41:38 +01:00
|
|
|
template_name = "kfet/account_group_form.html"
|
2018-10-06 12:35:49 +02:00
|
|
|
success_url = reverse_lazy("kfet.account.group")
|
2017-09-13 01:57:31 +02:00
|
|
|
|
|
|
|
|
2019-01-14 22:41:38 +01:00
|
|
|
class AccountGroupFormViewMixin(SuccessMessageMixin, BaseAccountGroupFormViewMixin):
|
2017-09-26 22:18:39 +02:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class AccountGroupCreate(AccountGroupFormViewMixin, CreateView):
|
2019-01-14 22:41:38 +01:00
|
|
|
success_message = "Nouveau groupe : %(name)s"
|
2017-09-26 22:18:39 +02:00
|
|
|
|
|
|
|
|
|
|
|
class AccountGroupUpdate(AccountGroupFormViewMixin, UpdateView):
|
2018-10-06 12:35:49 +02:00
|
|
|
success_message = "Groupe modifié : %(name)s"
|