coip/apps/auth/views.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

'''
Created on Jul 5, 2010

@author: leifj
'''
from django.http import HttpResponseRedirect
from coip.apps.userprofile.models import UserProfile
from django.contrib.auth.models import User
from coip.apps.auth.utils import anonid
from coip.apps.name.models import lookup

def meta(request,attr):
    v = request.META.get(attr)
    values = v.split(";")
    return values[0]

def accounts_login_federated(request):
    if request.user.is_authenticated():
        profile = UserProfile.objects.get_or_create(identifier=request.user.username)
        if profile.user:
            request.user = profile.user
        else:
            profile.identifier = request.user.username
            request.user = User(username=anonid())
            request.user.save()
            profile.user = request.user
            
        update = False
        cn = meta(request,'HTTP_CN')
        if not cn:
            cn = meta(request,'HTTP_DISPLAYNAME')
        if not cn:
            fn = meta(request,'HTTP_GIVENNAME')
            ln = meta(request,'HTTP_SN')
            cn = "%s %s" % (fn,ln)
        if not cn:
            cn = profile.identifier
            
        mail = meta(request,'HTTP_MAIL')
        
        for attrib_name, meta_value in (('display_name',cn),('email',mail)):
            attrib_value = getattr(profile, attrib_name)
            if meta_value and not attrib_value:
                setattr(profile,attrib_name,meta_value)
                update = True
                
        if request.user.password == "":
            request.user.password = "(not used for federated logins)"
            update = True
            
        if update:
            request.user.save()
            profile.save()
            
        #autocreate a few personal namespaces
        lookup('user:'+profile.identifier,True,'system:anyuser#l '+request.user+'#rw')
        lookup(request.user,True,'system:anyuser#l '+request.user+'#rw')
            
        next = request.session.get("after_login_redirect", None)
        if next is not None:
            return HttpResponseRedirect(next)
    else:
        pass
    return HttpResponseRedirect("/")

def logout(request):
    from django.contrib.auth import logout
    logout(request) 
    return HttpResponseRedirect("/Shibboleth.sso/Logout")