Merged with f7985a4

8 years ago · 2b7d797a71
--- a/edivorce/apps/core/middleware/bceid_middleware.py
+++ b/edivorce/apps/core/middleware/bceid_middleware.py
@ -1,14 +1,15 @@
 import uuid

 from ipaddress import ip_address, ip_network
 from django.conf import settings
 from django.shortcuts import redirect


 class BceidUser(object):
    def __init__(self, guid, first_name, last_name, type, is_authenticated):
    def __init__(self, guid, first_name, last_name, user_type, is_authenticated):
        self.guid = guid
        self.first_name = first_name
        self.last_name = last_name
        self.type = type
        self.type = user_type
        self.is_authenticated = is_authenticated


@ -18,36 +19,65 @@ class BceidMiddleware(object):
        # make the FORCE_SCRIPT_NAME available in templates
        request.proxy_root_path = settings.FORCE_SCRIPT_NAME

        # todo: Make sure the request is coming from the justice proxy (via IP/host check)
        localdev = settings.DEPLOYMENT_TYPE == 'localdev'

        # make sure the request didn't bypass the proxy
        if not localdev and not self.__request_came_from_proxy(request):
            return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME)

        # 1. Real BCeID user
        if not localdev and request.META.get('HTTP_SM_USERDN', '') != '':

        # todo: parse the siteminder headers and stick them into a dictionary request.bceid_user
            # 1. Real BCeID user / logged in
            request.bceid_user = BceidUser(
                guid=request.META.get('HTTP_SM_USERDN', ''),
                is_authenticated=True,
                user_type='BCEID',
                first_name='Bud',
                last_name='Bundy'
            )

        if request.session.get('fake-bceid-guid', False):
        elif localdev and request.session.get('fake-bceid-guid', False):

            # 2. Fake BCeID user
            # 2. Fake BCeID user / logged in
            request.bceid_user = BceidUser(
                guid=request.session.get('fake-bceid-guid', ''),
                is_authenticated=True,
                type='FAKE',
                user_type='FAKE',
                first_name='Kelly',
                last_name='Bundy'
            )
        else:

            # 3.  Anonymous User
        else:

            # 3.  Anonymous User / not logged in
            if request.session.get('anon-guid', False):
                request.session['anon-guid'] = uuid.uuid4().urn[9:]

            request.bceid_user = BceidUser(
                guid=request.session.get('anon-guid'),
                is_authenticated=False,
                type='ANONYMOUS',
                user_type='ANONYMOUS',
                first_name='',
                last_name=''
            )

    def process_response(self, request, response):
        return response


    def __request_came_from_proxy(self, request):
        """
        Validate that the request is coming from inside the BC Government data centre
        """
        # allow all OpenShift health checks
        if request.path == settings.FORCE_SCRIPT_NAME + 'health':
            return True

        bcgov_network = ip_network(settings.BCGOV_NETWORK)
        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '')
        forwarded_for = x_forwarded_for.split(',')

        for ip in forwarded_for:
            if ip_address(ip) in bcgov_network:
                return True
        return False
--- a/edivorce/apps/core/migrations/0008_auto_20170227_2125.py
+++ b/edivorce/apps/core/migrations/0008_auto_20170227_2125.py
@ -0,0 +1,19 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

 from django.db import migrations, models


 class Migration(migrations.Migration):

    dependencies = [
        ('core', '0007_auto_20170210_1702'),
    ]

    operations = [
        migrations.AlterField(
            model_name='bceiduser',
            name='user_guid',
            field=models.CharField(max_length=50, unique=True, db_index=True),
        ),
    ]
--- a/edivorce/apps/core/migrations/0009_merge.py
+++ b/edivorce/apps/core/migrations/0009_merge.py
@ -0,0 +1,15 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

 from django.db import migrations, models


 class Migration(migrations.Migration):

    dependencies = [
        ('core', '0008_auto_20170227_2125'),
        ('core', '0008_auto_20170224_0259'),
    ]

    operations = [
    ]
--- a/edivorce/apps/core/migrations/0010_auto_20170228_2038.py
+++ b/edivorce/apps/core/migrations/0010_auto_20170228_2038.py
@ -0,0 +1,19 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

 from django.db import migrations, models


 class Migration(migrations.Migration):

    dependencies = [
        ('core', '0009_merge'),
    ]

    operations = [
        migrations.AlterField(
            model_name='bceiduser',
            name='user_guid',
            field=models.CharField(max_length=200, db_index=True, unique=True),
        ),
    ]
--- a/edivorce/apps/core/models.py
+++ b/edivorce/apps/core/models.py
@ -11,7 +11,7 @@ class BceidUser(models.Model):
    BCeID user table
    """

    user_guid = models.CharField(db_index=True, max_length=36, unique=True, blank=False)
    user_guid = models.CharField(db_index=True, max_length=200, unique=True, blank=False)
    """ BCEID identifier for user """

    date_joined = models.DateTimeField(default=timezone.now)
--- a/edivorce/apps/core/templates/localdev/debug.html
+++ b/edivorce/apps/core/templates/localdev/debug.html
@ -0,0 +1,16 @@
 <html>
 <head>
    <title>Debug</title>
 </head>

 <body>

 {% for k, v in request.META.items %}
    {% if k.isupper %}
        {{ k }} = {{ v }}<br/>
    {% endif %}
 {% endfor %}

 </body>

 </html>
--- a/edivorce/apps/core/templates/pdf/form1.html
+++ b/edivorce/apps/core/templates/pdf/form1.html
@ -473,6 +473,8 @@
                </tr>
            </tbody>
        </table>
        <hr />
        <small>Printed on {% now "F jS, Y" %} from https://justice.gov.bc.ca/divorce</small>
    </div>
 </body>

--- a/edivorce/apps/core/templates/pdf/form35.html
+++ b/edivorce/apps/core/templates/pdf/form35.html
@ -109,7 +109,8 @@
        <p class="text-right">
            <span class="form-entry not-complete">[<em>type or print name</em>]</span>
        </p>

        <hr />
        <small>Printed on {% now "F jS, Y" %} from https://justice.gov.bc.ca/divorce</small>
    </div>

 </body>
--- a/edivorce/apps/core/templates/pdf/form36.html
+++ b/edivorce/apps/core/templates/pdf/form36.html
@ -59,8 +59,9 @@
                </tr>
            </tbody>
        </table>

 </div>
        <hr />
        <small>Printed on {% now "F jS, Y" %} from https://justice.gov.bc.ca/divorce</small>
    </div>
 </body>

 </html>
--- a/edivorce/apps/core/templates/pdf/form38.html
+++ b/edivorce/apps/core/templates/pdf/form38.html
@ -199,8 +199,9 @@
        <p>
            <span class="form-entry not-complete">&nbsp;</span>[<em>print name or affix stamp of commissioner</em>]<span class="form-entry not-complete">&nbsp;</span>
        </p>

 </div>
        <hr />
        <small>Printed on {% now "F jS, Y" %} from https://justice.gov.bc.ca/divorce</small>
    </div>
 </body>

 </html>
--- a/edivorce/apps/core/templates/pdf/form52.html
+++ b/edivorce/apps/core/templates/pdf/form52.html
@ -144,9 +144,8 @@
                </td>
            </tr>
        </table>



        <hr />
        <small>Printed on {% now "F jS, Y" %} from https://justice.gov.bc.ca/divorce</small>
    </div>
 </body>

--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@ -11,6 +11,10 @@ urlpatterns = [
    url(r'^logout', main.logout, name="logout"),
    url(r'^overview', main.overview, name="overview"),
    url(r'^health$', system.health),

    # todo: remove this line once BCeID is working
    url(r'^headers$', system.headers),

    url(r'^pdf-form(?P<form_number>[0-9]{1,3})$', pdf.form, name="pdf_form"),
    url(r'^prequalification/step_(?P<step>[0-9]{2})$', main.prequalification, name="prequalification"),
    url(r'^question/(?P<step>.*)', main.form, name="question_steps"),
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@ -22,10 +22,15 @@ def intro(request):


 def login(request):
    if not request.session.get('fake-bceid-guid'):

    if settings.DEPLOYMENT_TYPE == 'localdev' and not request.session.get('fake-bceid-guid'):
        return redirect(settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
    else:
        guid = request.bceid_user.guid

        if guid == None:
            return render(request, 'localdev/debug.html')

        user, created = BceidUser.objects.get_or_create(user_guid=guid)

        user.last_login = timezone.now()
@ -38,8 +43,11 @@ def login(request):

 def logout(request):
    request.session.flush()
    return redirect(settings.FORCE_SCRIPT_NAME[:-1] + '/intro')

    if settings.DEPLOYMENT_TYPE == 'localdev':
        return redirect(settings.FORCE_SCRIPT_NAME[:-1] + '/intro')
    else:
        return redirect(settings.LOGOUT_URL)

 def prequalification(request, step):
    """
--- a/edivorce/apps/core/views/system.py
+++ b/edivorce/apps/core/views/system.py
@ -1,4 +1,6 @@
 from django.http import HttpResponse
 from django.shortcuts import render

 from edivorce.apps.core.models import Question


@ -7,3 +9,6 @@ def health(request):
    OpenShift health check
    """
    return HttpResponse(Question.objects.count())

 def headers(request):
    return render(request, 'localdev/debug.html')
--- a/edivorce/settings/base.py
+++ b/edivorce/settings/base.py
@ -109,5 +109,6 @@ STATICFILES_FINDERS = (
    'compressor.finders.CompressorFinder',
 )

 BCGOV_NETWORK = os.environ.get('PROXY_NETWORK', '0.0.0.0/0')

 FORCE_SCRIPT_NAME = '/'
--- a/edivorce/settings/local.py
+++ b/edivorce/settings/local.py
@ -16,3 +16,5 @@ TEMPLATES[0]["OPTIONS"]["debug"] = True

 WEASYPRINT_URL = 'http://localhost:5005'
 WEASYPRINT_CSS_LOOPBACK = 'http://10.200.10.1:8000'

 DEPLOYMENT_TYPE = 'localdev'
--- a/edivorce/settings/openshift.py
+++ b/edivorce/settings/openshift.py
@ -48,19 +48,19 @@ COMPRESS_OFFLINE = True
 #
 # See nginx-proxy/conf.d/server.conf for related settings
 #
 OPENSHIFT_ENVIRONMENT_TYPE = os.getenv('ENVIRONMENT_TYPE')
 DEPLOYMENT_TYPE = os.getenv('ENVIRONMENT_TYPE')

 PROXY_URL_PREFIX = ''

 if OPENSHIFT_ENVIRONMENT_TYPE == 'dev':
 if DEPLOYMENT_TYPE == 'dev':
    PROXY_URL_PREFIX = "/divorce-dev"
    DEBUG = True

 if OPENSHIFT_ENVIRONMENT_TYPE == 'test':
 if DEPLOYMENT_TYPE == 'test':
    PROXY_URL_PREFIX = "/divorce-test"


 if OPENSHIFT_ENVIRONMENT_TYPE == 'prod':
 if DEPLOYMENT_TYPE == 'prod':
    PROXY_URL_PREFIX = "/divorce"


@ -68,4 +68,8 @@ FORCE_SCRIPT_NAME = PROXY_URL_PREFIX + '/'
 STATIC_URL = PROXY_URL_PREFIX + '/static/'
 WEASYPRINT_CSS_LOOPBACK += PROXY_URL_PREFIX

 # Integration URLs
 PROXY_BASE_URL = 'https://justice.gov.bc.ca'
 LOGOUT_URL = 'https://logon.gov.bc.ca/clp-cgi/logoff.cgi?returl=%s%s&retnow=1' % (PROXY_BASE_URL, PROXY_URL_PREFIX)


--- a/openshift/templates/edivorce-environment-template.yaml
+++ b/openshift/templates/edivorce-environment-template.yaml
@ -86,6 +86,8 @@ objects:
            value: "${DJANGO_SECRET_KEY}"
          - name: ENVIRONMENT_TYPE
            value: "${ENVIRONMENT_TYPE}"
          - name: PROXY_NETWORK
            value: "${PROXY_NETWORK}"
          resources:
            limits:
              memory: "${MEMORY_LIMIT}"
@ -319,3 +321,7 @@ parameters:
 - name: ENVIRONMENT_TYPE
  displayName: Type of environnment (dev,test or prod).
  required: true
 - name: PROXY_NETWORK
  displayName: Network of upstream proxy
  value: 0.0.0.0/0
  required: true