3
from threading import Thread
3
5
from django import shortcuts
4
6
from django.conf import settings
7
from django.contrib.auth import REDIRECT_FIELD_NAME
5
8
from django.contrib.auth.views import (login as django_login,
6
9
logout_then_login as django_logout)
7
10
from django.contrib.auth.decorators import login_required
8
11
from django.views.decorators.debug import sensitive_post_parameters
9
12
from django.utils.functional import curry
13
from django.utils.http import is_safe_url
10
14
from django.views.decorators.cache import never_cache
11
15
from django.views.decorators.csrf import csrf_protect
13
17
from keystoneclient.v2_0 import client as keystone_client
18
from keystoneclient import exceptions as keystone_exceptions
15
20
from .forms import Login
16
21
from .user import set_session_from_user, create_user_from_token
38
43
form = curry(Login, initial=initial)
45
extra_context = {'redirect_field_name': REDIRECT_FIELD_NAME}
40
47
if request.is_ajax():
41
48
template_name = 'auth/_login.html'
42
extra_context = {'hide': True}
49
extra_context['hide'] = True
44
51
template_name = 'auth/login.html'
47
53
res = django_login(request,
48
54
template_name=template_name,
52
58
# will erase it if we set it earlier.
53
59
if request.user.is_authenticated():
54
60
set_session_from_user(request, request.user)
61
regions = dict(Login.get_region_choices())
55
62
region = request.user.endpoint
56
region_name = dict(Login.get_region_choices()).get(region)
63
region_name = regions.get(region)
57
64
request.session['region_endpoint'] = region
58
65
request.session['region_name'] = region_name
62
69
def logout(request):
70
if 'token_list' in request.session:
71
t = Thread(target=delete_all_tokens,
72
args=(list(request.session['token_list']),))
63
74
""" Securely logs a user out. """
64
75
return django_logout(request)
78
def delete_all_tokens(token_list):
79
for token_tuple in token_list:
81
endpoint = token_tuple[0]
82
token = token_tuple[1]
83
client = keystone_client.Client(endpoint=endpoint,
85
client.tokens.delete(token=token)
86
except keystone_exceptions.ClientException as e:
87
LOG.info('Could not delete token')
68
def switch(request, tenant_id):
91
def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
69
92
""" Switches an authenticated user from one tenant to another. """
70
93
LOG.debug('Switching to tenant %s for user "%s".'
71
94
% (tenant_id, request.user.username))
72
95
endpoint = request.user.endpoint
73
96
client = keystone_client.Client(endpoint=endpoint)
74
token = client.tokens.authenticate(tenant_id=tenant_id,
75
token=request.user.token.id)
76
user = create_user_from_token(request, token, endpoint)
77
set_session_from_user(request, user)
78
return shortcuts.redirect(settings.LOGIN_REDIRECT_URL)
98
token = client.tokens.authenticate(tenant_id=tenant_id,
99
token=request.user.token.id)
100
except keystone_exceptions.ClientException:
102
LOG.exception('An error occurred while switching sessions.')
104
# Ensure the user-originating redirection url is safe.
105
# Taken from django.contrib.auth.views.login()
106
redirect_to = request.REQUEST.get(redirect_field_name, '')
107
if not is_safe_url(url=redirect_to, host=request.get_host()):
108
redirect_to = settings.LOGIN_REDIRECT_URL
111
user = create_user_from_token(request, token, endpoint)
112
set_session_from_user(request, user)
113
return shortcuts.redirect(redirect_to)