Renamed /login to /signin so it won't be intercepted by Siteminder

5 years ago · 9ebc2bd829
--- a/edivorce/apps/core/decorators.py
+++ b/edivorce/apps/core/decorators.py
@ -53,7 +53,7 @@ def prequal_completed(function=None):
                            return redirect(reverse('prequalification', kwargs={'step': step}))
                    return redirect(reverse('prequalification', kwargs={'step': '01'}))
            else:
                return redirect(base_url + '/login')
                return redirect('oidc_authentication_init')

        _view.__name__ = view_func.__name__
        _view.__dict__ = view_func.__dict__
--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@ -13,9 +13,7 @@ urlpatterns = [
    # we add an extra 'x' to the file extension so the siteminder proxy doesn't treat it as an image
    path('api/documents/<doc_type>/<int:party_code>/<filename>x/<int:size>/', api.DocumentView.as_view(), name='document'),

    # url(r'^login/headers$', system.headers),

    url(r'^login$', main.login, name="login"),
    url(r'^signin$', main.signin, name="signin"),
    url(r'^register$', main.register, name="register"),
    url(r'^register_sc$', main.register_sc, name="register_sc"),
    url(r'^logout$', main.logout, name="logout"),
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@ -25,14 +25,10 @@ def home(request):
    """
    This is the homepage
    """
    # HTTP_SM_USER is available on both unsecure and secure pages.
    # If it has a value then we know the user is logged into BCeID/siteminder
    siteminder_is_authenticated = request.META.get('HTTP_SM_USER', '') != ''

    # if the user is returning from BCeID registration, then log them in to the site
    if siteminder_is_authenticated and request.session.get('went_to_register', False):
    if request.user.is_authenticated and request.session.get('went_to_register', False):
        request.session['went_to_register'] = False
        return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login')
        return redirect('oidc_authentication_init')

    return render(request, 'intro.html', context={'hide_nav': True})

@ -115,36 +111,14 @@ def register_sc(request):
    request.session['went_to_register'] = True
    return redirect(settings.REGISTER_BCSC_URL)

 def login(request):
    """
    This page is proxy-protected by Siteminder.  Users who are not
    logged into BCeID will get a login page.  Users who are logged into
    BCeID will be redirected to the dashboard
    """
    if settings.DEPLOYMENT_TYPE in ['localdev', 'minishift'] and not request.session.get('fake_bceid_guid'):
        return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')

 def signin(request):
    if not request.user.is_authenticated:
        # Fix for weird siteminder behaviour......
        # If a user is logged into an IDIR then they can see the login page but
        # the SMGOV headers are missing.  If this is the case, then log them out
        # of their IDIR, and redirect them back to here again....

        # FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us
        # exactly how the user is logged in. But it doesn't seem like a very
        # good idea at this time to rely on this magic string.  e.g. CN=Smith\,
        # John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV

        if request.GET.get('noretry', '') != 'true':
            return redirect(settings.LOGOUT_URL_TEMPLATE % (
                settings.PROXY_BASE_URL,
                settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true'))

        return render(request, '407.html')

    if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1):
        request.user.last_login = timezone.now()
        request.user.save()
    ## I think Django might be doing this automatically now that we have switched to mozilla-django-oidc?
    #if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1):
    #    request.user.last_login = timezone.now()
    #    request.user.save()

    copy_session_to_db(request, request.user)

--- a/edivorce/settings/local.py
+++ b/edivorce/settings/local.py
@ -46,5 +46,5 @@ OIDC_OP_JWKS_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/open
 OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/auth'
 OIDC_OP_TOKEN_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/token'
 OIDC_OP_USER_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/userinfo'
 LOGIN_REDIRECT_URL = '/overview'
 LOGIN_REDIRECT_URL = '/signin'
 LOGOUT_REDIRECT_URL = '/'
--- a/edivorce/settings/openshift.py
+++ b/edivorce/settings/openshift.py
@ -134,5 +134,5 @@ REDIS_DB = ''
 REDIS_PASSWORD = os.getenv('REDIS_PASSWORD', '')

 # Keycloak OpenID Connect settings
 LOGIN_REDIRECT_URL = PROXY_URL_PREFIX + '/overview'
 LOGIN_REDIRECT_URL = PROXY_URL_PREFIX + '/signin'
 LOGOUT_REDIRECT_URL = PROXY_URL_PREFIX