siteminder testing header issue

8 years ago · 0e80e85665
--- a/edivorce/apps/core/middleware/bceid_middleware.py
+++ b/edivorce/apps/core/middleware/bceid_middleware.py
@ -20,19 +20,23 @@ class BceidMiddleware(object):

        localdev = settings.DEPLOYMENT_TYPE == 'localdev'

        # get SiteMinder variables from the headers first, then from the session
        smgov_userguid = request.META.get('HTTP_SMGOV_USERGUID', request.session.get('SMGOV_USERGUID',False))
        smgov_userdisplayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', request.session.get('SMGOV_USERDISPLAYNAME', False))

        # make sure the request didn't bypass the proxy
        if not localdev and not self.__request_came_from_proxy(request):
            print("Redirecting to " + settings.PROXY_BASE_URL + request.path, file=sys.stderr)
            return redirect(settings.PROXY_BASE_URL + request.path)

        if not localdev and request.META.get('HTTP_SM_USERDN', False):
        if not localdev and smgov_userguid:

            # 1. Real BCeID user / logged in
            request.bceid_user = BceidUser(
                guid=request.META.get('HTTP_SM_USERDN'),
                guid=smgov_userguid,
                is_authenticated=True,
                user_type='BCEID',
                first_name=request.META.get('HTTP_SM_USER'),
                first_name=smgov_userdisplayname,
                last_name=''
            )

--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@ -8,6 +8,10 @@ handler500 = 'core.views.main.server_error'
 urlpatterns = [
    # url(r'^guide$', styleguide.guide),
    url(r'^api/response$', api.UserResponseHandler.as_view()),

    # todo: remove this line once SMGOV headers are working
    url(r'^login/headers$', system.headers),

    url(r'^login', main.login, name="login"),
    url(r'^bceid', localdev.bceid, name="bceid"),
    url(r'^register$', main.register, name="register"),
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@ -93,6 +93,15 @@ def login(request):
    if settings.DEPLOYMENT_TYPE == 'localdev' and not request.session.get('fake-bceid-guid'):
        return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
    else:
        # Save SiteMinder headers to session variables.  /login* is the only actual
        # SiteMinder-protected part of the site, so the headers aren't availabale anywhere else
        if request.META.get('HTTP_SMGOV_USERGUID', ''):
            request.session['SMGOV_USERGUID'] = request.META.get('HTTP_SMGOV_USERGUID')

        if request.META.get('HTTP_SMGOV_USERDISPLAYNAME', ''):
            request.session['SMGOV_USERDISPLAYNAME'] = request.META.get('HTTP_SMGOV_USERDISPLAYNAME')

        # get the Guid that was set in the middleware
        guid = request.bceid_user.guid

        if guid is None: