From a042a1da6df1a835ecde5840b794de80d9c2fbb3 Mon Sep 17 00:00:00 2001 From: Josue Kouka Date: Wed, 20 Jan 2016 16:24:08 +0100 Subject: [PATCH] archimed user account webservice (#9517) --- mandayejs/mandaye/utils.py | 12 ++++++ mandayejs/mandaye/views.py | 11 ++---- mandayejs/settings.py | 1 + mandayejs/sites/archimed/urls.py | 23 ++++++++++++ mandayejs/sites/archimed/views.py | 77 +++++++++++++++++++++++++++++++++++++++ mandayejs/urls.py | 6 +++ 6 files changed, 122 insertions(+), 8 deletions(-) create mode 100644 mandayejs/sites/archimed/urls.py create mode 100644 mandayejs/sites/archimed/views.py diff --git a/mandayejs/mandaye/utils.py b/mandayejs/mandaye/utils.py index 25e5aa2..396f607 100644 --- a/mandayejs/mandaye/utils.py +++ b/mandayejs/mandaye/utils.py @@ -54,3 +54,15 @@ def get_password_field(): except (IndexError,): return None +def get_login_info(request, credentials): + """Returns + """ + app_settings = get_app_settings() + + return { + 'address': request.build_absolute_uri(app_settings.SITE_LOGIN_PATH), + 'cookies': [], + 'locators': [ credentials.to_login_info() ], + 'auth_checker': app_settings.SITE_AUTH_CHECKER, + 'form_submit_element': app_settings.SITE_FORM_SUBMIT_ELEMENT + } diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py index 656995a..3be54e3 100644 --- a/mandayejs/mandaye/views.py +++ b/mandayejs/mandaye/views.py @@ -41,7 +41,7 @@ from django.template import RequestContext, Template from .models import UserCredentials from mandayejs.mandaye.forms import FormFactory -from mandayejs.mandaye.utils import exec_phantom, cookie_builder +from mandayejs.mandaye.utils import exec_phantom, cookie_builder, get_login_info from mandayejs.applications import get_app_settings app_settings = get_app_settings() @@ -140,13 +140,8 @@ def post_login_do(request, *args, **kwargs): except (UserCredentials.DoesNotExist,): return HttpResponseRedirect(resolve_url('associate')) - login_info = { - 'address': request.build_absolute_uri(app_settings.SITE_LOGIN_PATH), - 'cookies': [], - 'locators': [ credentials.to_login_info() ], - 'auth_checker': getattr(app_settings, 'SITE_AUTH_CHECKER'), - 'form_submit_element': getattr(app_settings, 'SITE_FORM_SUBMIT_ELEMENT') - } + login_info = get_login_info(request, credentials) + logger.debug(login_info) login_info['locators'] = [ credentials.to_login_info(decrypt=True)] result = exec_phantom(login_info) diff --git a/mandayejs/settings.py b/mandayejs/settings.py index 0d7a935..1791268 100644 --- a/mandayejs/settings.py +++ b/mandayejs/settings.py @@ -54,6 +54,7 @@ INSTALLED_APPS = ( 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', + 'rest_framework', 'mandayejs.mandaye', 'mandayejs.sites.duonet', 'mandayejs.sites.archimed', diff --git a/mandayejs/sites/archimed/urls.py b/mandayejs/sites/archimed/urls.py new file mode 100644 index 0000000..8bf8fe9 --- /dev/null +++ b/mandayejs/sites/archimed/urls.py @@ -0,0 +1,23 @@ +# mandayejs - saml reverse proxy +# Copyright (C) 2015 Entr'ouvert +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from django.conf.urls import patterns, include, url + +from mandayejs.sites.archimed.views import account + +urlpatterns = patterns('', + url(r'account/(?P[\w+]*)/$', account, name='archimed-account-detail'), +) diff --git a/mandayejs/sites/archimed/views.py b/mandayejs/sites/archimed/views.py new file mode 100644 index 0000000..87668c6 --- /dev/null +++ b/mandayejs/sites/archimed/views.py @@ -0,0 +1,77 @@ +# mandayejs - saml reverse proxy +# Copyright (C) 2015 Entr'ouvert +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from __future__ import absolute_import + +import logging +import requests +from requests.cookies import RequestsCookieJar + +from django.contrib.auth.models import User +from django.shortcuts import get_object_or_404 + +from rest_framework import status +from rest_framework.views import APIView +from rest_framework.response import Response + +from mandayejs.mandaye.models import UserCredentials +from mandayejs.mandaye.utils import exec_phantom, cookie_builder, get_login_info +from mandayejs.applications import get_app_settings + + +class AccountDetails(APIView): + """Archimed user's account details + """ + + def get(self, request, *args, **kwargs): + app_settings = get_app_settings() + + username = kwargs['username'] + user = get_object_or_404(User, username=username) + credentials = get_object_or_404(UserCredentials, user=user) + + login_info = get_login_info(request, credentials) + login_info['locators'] = [ credentials.to_login_info(decrypt=True)] + result = exec_phantom(login_info) + + if result.get('result') != 'ok': + return Response(status=status.HTTP_401_UNAUTHORIZED) + + session = requests.session() + r_cookies = RequestsCookieJar() + + for cookie in result.get('cookies'): + r_cookies.set( + cookie['name'], + cookie['value'], + domain=cookie['domain'], + path=cookie['path'], + secure=cookie['secure'] + ) + session.cookies = r_cookies + + headers = { + 'Content-Type': 'application/json', + } + content = '{"codeConfig":"", "xslPath":"Services/LectorShortAccount.xslt"}' + url = request.build_absolute_uri('/DEFAULT/Ermes/Services/ILSClient.svc/RetrieveAccount') + + request_response = session.post(url, headers=headers, data=content, verify=False) + + return Response(request_response) + + +account = AccountDetails.as_view() diff --git a/mandayejs/urls.py b/mandayejs/urls.py index 8a3c303..764421a 100644 --- a/mandayejs/urls.py +++ b/mandayejs/urls.py @@ -13,11 +13,13 @@ # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from __future__ import absolute_import from django.conf.urls import patterns, include, url from django.contrib import admin from django.conf import settings + urlpatterns = patterns('', url(r'^_mandaye/panel$', 'mandayejs.mandaye.views.panel', name='panel'), url(r'^_mandaye/associate/$', 'mandayejs.mandaye.views.associate', name='associate'), @@ -30,3 +32,7 @@ urlpatterns = patterns('', if 'mellon' in settings.INSTALLED_APPS: urlpatterns += patterns('', url(r'^_mandaye/accounts/mellon/', include('mellon.urls'))) +if 'mandayejs.sites.archimed' in settings.INSTALLED_APPS: + urlpatterns += patterns('', + url(r'^_mandaye/archimed/', include('mandayejs.sites.archimed.urls')), + ) -- 2.7.0.rc3