From 9ebc2bd8291fde240e35909d2716230b50cfbd26 Mon Sep 17 00:00:00 2001
From: Michael Olund <michaelo@openroad.ca>
Date: Fri, 16 Oct 2020 11:29:25 -0700
Subject: [PATCH] Renamed /login to /signin so it won't be intercepted by
 Siteminder

---
 edivorce/apps/core/decorators.py |  2 +-
 edivorce/apps/core/urls.py       |  4 +---
 edivorce/apps/core/views/main.py | 40 ++++++--------------------------
 edivorce/settings/local.py       |  2 +-
 edivorce/settings/openshift.py   |  2 +-
 5 files changed, 11 insertions(+), 39 deletions(-)

diff --git a/edivorce/apps/core/decorators.py b/edivorce/apps/core/decorators.py
index 085d76b9..035280e2 100644
--- a/edivorce/apps/core/decorators.py
+++ b/edivorce/apps/core/decorators.py
@@ -53,7 +53,7 @@ def prequal_completed(function=None):
                             return redirect(reverse('prequalification', kwargs={'step': step}))
                     return redirect(reverse('prequalification', kwargs={'step': '01'}))
             else:
-                return redirect(base_url + '/login')
+                return redirect('oidc_authentication_init')
 
         _view.__name__ = view_func.__name__
         _view.__dict__ = view_func.__dict__
diff --git a/edivorce/apps/core/urls.py b/edivorce/apps/core/urls.py
index 83cb7979..66ec0d6d 100644
--- a/edivorce/apps/core/urls.py
+++ b/edivorce/apps/core/urls.py
@@ -13,9 +13,7 @@ urlpatterns = [
     # we add an extra 'x' to the file extension so the siteminder proxy doesn't treat it as an image
     path('api/documents/<doc_type>/<int:party_code>/<filename>x/<int:size>/', api.DocumentView.as_view(), name='document'),
 
-    # url(r'^login/headers$', system.headers),
-
-    url(r'^login$', main.login, name="login"),
+    url(r'^signin$', main.signin, name="signin"),
     url(r'^register$', main.register, name="register"),
     url(r'^register_sc$', main.register_sc, name="register_sc"),
     url(r'^logout$', main.logout, name="logout"),
diff --git a/edivorce/apps/core/views/main.py b/edivorce/apps/core/views/main.py
index 81da38e7..409d5409 100644
--- a/edivorce/apps/core/views/main.py
+++ b/edivorce/apps/core/views/main.py
@@ -25,14 +25,10 @@ def home(request):
     """
     This is the homepage
     """
-    # HTTP_SM_USER is available on both unsecure and secure pages.
-    # If it has a value then we know the user is logged into BCeID/siteminder
-    siteminder_is_authenticated = request.META.get('HTTP_SM_USER', '') != ''
-
     # if the user is returning from BCeID registration, then log them in to the site
-    if siteminder_is_authenticated and request.session.get('went_to_register', False):
+    if request.user.is_authenticated and request.session.get('went_to_register', False):
         request.session['went_to_register'] = False
-        return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login')
+        return redirect('oidc_authentication_init')
 
     return render(request, 'intro.html', context={'hide_nav': True})
 
@@ -115,36 +111,14 @@ def register_sc(request):
     request.session['went_to_register'] = True
     return redirect(settings.REGISTER_BCSC_URL)
 
-def login(request):
-    """
-    This page is proxy-protected by Siteminder.  Users who are not
-    logged into BCeID will get a login page.  Users who are logged into
-    BCeID will be redirected to the dashboard
-    """
-    if settings.DEPLOYMENT_TYPE in ['localdev', 'minishift'] and not request.session.get('fake_bceid_guid'):
-        return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
-
+def signin(request):
     if not request.user.is_authenticated:
-        # Fix for weird siteminder behaviour......
-        # If a user is logged into an IDIR then they can see the login page but
-        # the SMGOV headers are missing.  If this is the case, then log them out
-        # of their IDIR, and redirect them back to here again....
-
-        # FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us
-        # exactly how the user is logged in. But it doesn't seem like a very
-        # good idea at this time to rely on this magic string.  e.g. CN=Smith\,
-        # John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV
-
-        if request.GET.get('noretry', '') != 'true':
-            return redirect(settings.LOGOUT_URL_TEMPLATE % (
-                settings.PROXY_BASE_URL,
-                settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true'))
-
         return render(request, '407.html')
 
-    if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1):
-        request.user.last_login = timezone.now()
-        request.user.save()
+    ## I think Django might be doing this automatically now that we have switched to mozilla-django-oidc?
+    #if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1):
+    #    request.user.last_login = timezone.now()
+    #    request.user.save()
 
     copy_session_to_db(request, request.user)
 
diff --git a/edivorce/settings/local.py b/edivorce/settings/local.py
index 9dcc7539..68307e8b 100644
--- a/edivorce/settings/local.py
+++ b/edivorce/settings/local.py
@@ -46,5 +46,5 @@ OIDC_OP_JWKS_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/open
 OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/auth'
 OIDC_OP_TOKEN_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/token'
 OIDC_OP_USER_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/userinfo'
-LOGIN_REDIRECT_URL = '/overview'
+LOGIN_REDIRECT_URL = '/signin'
 LOGOUT_REDIRECT_URL = '/'
diff --git a/edivorce/settings/openshift.py b/edivorce/settings/openshift.py
index 9ba297fb..48684b86 100644
--- a/edivorce/settings/openshift.py
+++ b/edivorce/settings/openshift.py
@@ -134,5 +134,5 @@ REDIS_DB = ''
 REDIS_PASSWORD = os.getenv('REDIS_PASSWORD', '')
 
 # Keycloak OpenID Connect settings
-LOGIN_REDIRECT_URL = PROXY_URL_PREFIX + '/overview'
+LOGIN_REDIRECT_URL = PROXY_URL_PREFIX + '/signin'
 LOGOUT_REDIRECT_URL = PROXY_URL_PREFIX