cc1  v2.1
CC1 source code docs
 All Classes Namespaces Files Functions Variables Pages
admin.py
Go to the documentation of this file.
1 # -*- coding: utf-8 -*-
2 # @COPYRIGHT_begin
3 #
4 # Copyright [2010-2014] Institute of Nuclear Physics PAN, Krakow, Poland
5 #
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
9 #
10 # http://www.apache.org/licenses/LICENSE-2.0
11 #
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 #
18 # @COPYRIGHT_end
19 
20 ##
21 # @package src.wi.views.user.admin
22 #
23 # @author Piotr Wójcik
24 # @date 31.01.2014
25 #
26 
27 import re
28 
29 from django.contrib.sites.models import RequestSite
30 from django.http import HttpResponseRedirect
31 from django.shortcuts import render_to_response
32 from django.template import RequestContext
33 from django.utils.translation import ugettext as _
34 
35 from wi import settings as wi_settings
36 from wi.forms.user import CMAuthenticationForm
37 from wi.utils import REDIRECT_FIELD_NAME
38 from wi.utils.auth import cm_login, cm_logout
39 from wi.utils.decorators import django_view, user_permission
40 from wi.utils.views import prep_data
41 
42 
43 @django_view
44 @user_permission
45 ##
46 #
47 # CM panel login page handling.
48 #
49 def cma_login(request, template_name='admin_cm/login.html',
50  redirect_field_name=REDIRECT_FIELD_NAME,
51  authentication_form=CMAuthenticationForm):
52  rest_data = prep_data({'cms': 'guest/cluster/list_names/'}, request.session)
53 
54  redirect_to = request.REQUEST.get(redirect_field_name, '')
55  if request.method == 'POST':
56  form = authentication_form(request, data=request.POST, rest_data=rest_data)
57  if form.is_valid():
58  if not redirect_to or ' ' in redirect_to:
59  redirect_to = wi_settings.LOGIN_REDIRECT_URL
60 
61  # Heavier security check -- redirects to http://example.com should
62  # not be allowed, but things like /view/?param=http://example.com
63  # should be allowed. This regex checks if there is a '//' *before*
64  # a question mark.
65  elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
66  redirect_to = wi_settings.LOGIN_REDIRECT_URL
67 
68  # Okay, security checks complete. Log the user in.
69  cm_passwd = form.cleaned_data['password']
70  cm_id = form.cleaned_data['cm']
71 
72  cm_login(request.session, cm_passwd, cm_id)
73 
74  if redirect_to == '/':
75  redirect_to = '/admin_cm/'
76  return HttpResponseRedirect(redirect_to)
77  else:
78  form = authentication_form(request, rest_data=rest_data)
79 
80  request.session.set_test_cookie()
81  current_site = RequestSite(request)
82  return render_to_response(template_name,
83  {'form': form,
84  redirect_field_name: redirect_to,
85  'site': current_site,
86  'site_name': current_site.name},
87  context_instance=RequestContext(request))
88 
89 
90 @django_view
91 @user_permission
92 ##
93 #
94 # Logs out and redirects to the right next page (\c next_page).
95 #
96 def cma_logout(request, next_page=None,
97  template_name='admin_cm/logged_out.html',
98  redirect_field_name=REDIRECT_FIELD_NAME):
99  cm_logout(request.session)
100  if next_page is None:
101  redirect_to = request.REQUEST.get(redirect_field_name, '')
102  if redirect_to:
103  return HttpResponseRedirect(redirect_to)
104  else:
105  return render_to_response(template_name,
106  {'title': _('Logged out')},
107  context_instance=RequestContext(request))
108  else:
109  # Redirect to this page until the session has been cleared.
110  return HttpResponseRedirect(next_page or request.path)
111