| 72 |
72 |
def get_next_url(self, default=None):
|
| 73 |
73 |
return self.get_state('next_url', default=default)
|
| 74 |
74 |
|
|
75 |
def show_message_status_is_not_success(self, profile, prefix):
|
|
76 |
status_codes, idp_message = utils.get_status_codes_and_message(profile)
|
|
77 |
args = [u'%s: status is not success codes: %r', prefix, status_codes]
|
|
78 |
if idp_message:
|
|
79 |
args[0] += u' message: %s'
|
|
80 |
args.append(idp_message)
|
|
81 |
self.log.warning(*args)
|
|
82 |
|
| 75 |
83 |
|
| 76 |
84 |
class LoginView(ProfileMixin, LogMixin, View):
|
| 77 |
85 |
def get_idp(self, request):
|
| ... | ... | |
| 107 |
115 |
except (lasso.LoginStatusNotSuccessError,
|
| 108 |
116 |
lasso.ProfileStatusNotSuccessError,
|
| 109 |
117 |
lasso.ProfileRequestDeniedError):
|
| 110 |
|
status = login.response.status
|
| 111 |
|
a = status
|
| 112 |
|
while a.statusCode:
|
| 113 |
|
status_codes.append(a.statusCode.value)
|
| 114 |
|
a = a.statusCode
|
| 115 |
|
args = ['SAML authentication failed: status is not success codes: %r', status_codes]
|
| 116 |
|
if status.statusMessage:
|
| 117 |
|
idp_message = status.statusMessage.decode('utf-8')
|
| 118 |
|
args[0] += ' message: %r'
|
| 119 |
|
args.append(status.statusMessage)
|
| 120 |
|
self.log.warning(*args)
|
|
118 |
self.show_message_status_is_not_success(login, 'SAML authentication failed')
|
| 121 |
119 |
except lasso.Error, e:
|
| 122 |
120 |
return HttpResponseBadRequest('error processing the authentication response: %r' % e)
|
| 123 |
121 |
else:
|
| ... | ... | |
| 201 |
199 |
utils.get_seconds_expiry(
|
| 202 |
200 |
attributes['session_not_on_or_after']))
|
| 203 |
201 |
else:
|
|
202 |
self.log.warning('user %r (NameID is %r) is inactive, login refused', unicode(user),
|
|
203 |
attributes['name_id_content'])
|
| 204 |
204 |
return render(request, 'mellon/inactive_user.html', {
|
| 205 |
205 |
'user': user,
|
| 206 |
206 |
'saml_attributes': attributes})
|
| 207 |
207 |
else:
|
|
208 |
self.log.warning('no user found for NameID %r', attributes['name_id_content'])
|
| 208 |
209 |
return render(request, 'mellon/user_not_found.html',
|
| 209 |
210 |
{'saml_attributes': attributes})
|
| 210 |
211 |
request.session['lasso_session_dump'] = login.session.dump()
|
| ... | ... | |
| 427 |
428 |
auth.logout(request)
|
| 428 |
429 |
try:
|
| 429 |
430 |
logout.processResponseMsg(request.META['QUERY_STRING'])
|
|
431 |
except lasso.ProfileStatusNotSuccessError:
|
|
432 |
self.show_message_status_is_not_success(logout, 'SAML logout failed')
|
| 430 |
433 |
except lasso.LogoutPartialLogoutError:
|
| 431 |
434 |
self.log.warning('partial logout')
|
| 432 |
435 |
except lasso.Error, e:
|
| 433 |
|
self.log.error('unable to process a logout response %r', e)
|
|
436 |
self.log.warning('unable to process a logout response: %s', e)
|
| 434 |
437 |
return HttpResponseRedirect(resolve_url(settings.LOGIN_REDIRECT_URL))
|
| 435 |
438 |
next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL))
|
| 436 |
439 |
return HttpResponseRedirect(next_url)
|
| 437 |
|
-
|