creylopez
/
django-ex
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Browse Source

DIV-528 Updating middleware auth

pull/160/head
Justin Johnson 8 years ago
parent
53d959edb2
commit
a19b209b71
14 changed files with 254 additions and 176 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -9
      edivorce/apps/core/decorators.py
  2. +121
    -70
      edivorce/apps/core/middleware/bceid_middleware.py
  3. +34
    -0
      edivorce/apps/core/migrations/0016_auto_20171114_2151.py
  4. +14
    -2
      edivorce/apps/core/models.py
  5. +3
    -3
      edivorce/apps/core/templates/base.html
  6. +2
    -2
      edivorce/apps/core/templates/prequalification/step_01.html
  7. +1
    -1
      edivorce/apps/core/templates/prequalification/step_02.html
  8. +1
    -1
      edivorce/apps/core/templates/prequalification/step_03.html
  9. +1
    -1
      edivorce/apps/core/templates/prequalification/step_04.html
  10. +2
    -2
      edivorce/apps/core/templates/prequalification/step_05.html
  11. +2
    -2
      edivorce/apps/core/templates/prequalification/step_06.html
  12. +18
    -15
      edivorce/apps/core/views/api.py
  13. +46
    -68
      edivorce/apps/core/views/main.py
  14. +1
    -0
      edivorce/settings/base.py

+ 8
- 9
edivorce/apps/core/decorators.py View File

@ -3,15 +3,17 @@ from django.shortcuts import redirect
def bceid_required(function=None):
""" View decorator to check if the user is logged in to BCEID """
""" This decorator has a dependency on bceid_middleware.py """
"""
View decorator to check if the user is logged in to BCEID
This decorator has a dependency on bceid_middleware.py
"""
def _dec(view_func):
def _view(request, *args, **kwargs):
if not request.bceid_user.is_authenticated:
if not request.user.is_authenticated():
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login')
else:
return view_func(request, *args, **kwargs)
return view_func(request, *args, **kwargs)
_view.__name__ = view_func.__name__
_view.__dict__ = view_func.__dict__
@ -19,7 +21,4 @@ def bceid_required(function=None):
return _view
if function is None:
return _dec
else:
return _dec(function)
return _dec if function is None else _dec(function)

+ 121
- 70
edivorce/apps/core/middleware/bceid_middleware.py View File

@ -1,104 +1,155 @@
import uuid
import datetime
from ipaddress import ip_address, ip_network
import sys
from django.conf import settings
from django.shortcuts import redirect
from django.utils import timezone
from ..models import BceidUser
class BceidUser(object):
def __init__(self, guid, display_name, user_type, is_authenticated):
self.guid = guid
self.display_name = display_name
self.type = user_type
self.is_authenticated = is_authenticated
login_delta = datetime.timedelta(hours=2)
class BceidMiddleware(object):
def process_request(self, request):
class AnonymousUser():
"""
Anonymous user, present mainly to provide authentication checks in templates
"""
# Save SiteMinder headers to session variables. /login* is the only actual
# SiteMinder-protected part of the site, so the headers aren't availabale anywhere else
if request.META.get('HTTP_SMGOV_USERGUID', ''):
request.session['smgov_userguid'] = request.META.get('HTTP_SMGOV_USERGUID')
guid = None
display_name = ''
if request.META.get('HTTP_SMGOV_USERDISPLAYNAME', ''):
request.session['smgov_userdisplayname'] = request.META.get('HTTP_SMGOV_USERDISPLAYNAME')
def is_authenticated(self):
return False
# get SiteMinder variables from the headers first, then from the session
smgov_userguid = request.META.get('HTTP_SMGOV_USERGUID', request.session.get('smgov_userguid', False))
smgov_userdisplayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', request.session.get('smgov_userdisplayname', False))
def is_anonymous(self):
return True
# HTTP_SM_USER is available on both secure and unsecure pages. If it has a value then we know
# that the user is still logged into BCeID
# This is an additional check to make sure we aren't letting users access the site
# via their session variables after logging out of bceid
has_siteminder_auth = request.META.get('HTTP_SM_USER','') != ''
anonymous_user = AnonymousUser()
# Note: It's still possible that a user has logged out of one BCeID and logged into another BCeID
# via www.bceid.ca without clicking the logout link on our app or closing the browser. This is an
# extreme edge case, and it's not pragmatic to code against it at this time.
# make sure the request didn't bypass the proxy
if settings.DEPLOYMENT_TYPE != 'localdev' and not self.__request_came_from_proxy(request):
print("Redirecting to " + settings.PROXY_BASE_URL + request.path, file=sys.stderr)
return redirect(settings.PROXY_BASE_URL + request.path)
class BceidMiddleware(object): # pylint: disable=too-few-public-methods
"""
Simple authentication middleware for operating in the BC Government
OpenShift environment, with SiteMinder integration.
if settings.DEPLOYMENT_TYPE != 'localdev' and has_siteminder_auth and smgov_userguid:
For our purposes, SiteMinder is configured to add the following headers:
# 1. Real BCeID user / logged in
request.bceid_user = BceidUser(
guid=smgov_userguid,
is_authenticated=True,
user_type='BCEID',
display_name=smgov_userdisplayname
)
SMGOV_USERGUID
SMGOV_USERDISPLAYNAME
SM_USER
elif settings.DEPLOYMENT_TYPE == 'localdev' and request.session.get('fake_bceid_guid', False):
The first two are provided on pages configured to be protected by
SiteMinder, which is currently just /login. When a user goes to the login
page, if the user is logged in, SiteMinder adds those headers with their
BCeID values; if they're not logged in, it routes them through its
login/signup page and then back to the login page, with those headers in
place. For unprotected pages, those headers are stripped if present,
preventing spoofing.
# 2. Fake BCeID user / logged in
request.bceid_user = BceidUser(
guid=request.session.get('fake_bceid_guid'),
is_authenticated=True,
user_type='FAKE',
display_name=request.session.get('login_name', '')
)
The third header is populated on every request that's proxied through
SiteMinder. For logged in users, it contains their ???; for anonymous
users, it's empty.
else:
When we detect authentication by the presence of the first two headers, we
store those values in the user's session. On all requests, we use them to
access a local proxy object for the user (available as request.user). For
users that are not logged in, an Anonymous User substitute is present.
In a local development environment, we generate a guid based on the login
name and treat that guid/login name as guid/display name.
"""
def process_request(self, request): # pylint: disable=too-many-branches
"""
Return None after populating request.user, or necessary redirects.
If the request is not coming from inside the BC Government data centre,
redirect the request through the proxy server.
# 3. Anonymous User / not logged in
request.bceid_user = BceidUser(
guid=None,
is_authenticated=False,
user_type='ANONYMOUS',
display_name=''
)
If the SiteMinder headers are present, indicating the user has just
authenticated, save those headers to the session.
def process_response(self, request, response):
return response
Get the user's GUID and display name. If they're present, and the user
has authenticated (or we're in a local development environment), add
the local proxy user to the request; if not, store the anonymous user
instance.
"""
# make sure the request didn't bypass the proxy
if (settings.DEPLOYMENT_TYPE != 'localdev' and
not self.__request_came_from_proxy(request)):
return redirect(settings.PROXY_BASE_URL + request.path)
# HTTP_SM_USER is available on both secure and unsecure pages. If it
# has a value then we know that the user is still logged into BCeID.
# This is an additional check to make sure we aren't letting users
# access the site via their session variables after logging out of bceid
#
# Note: It's still possible that a user has logged out of one BCeID and
# logged into another BCeID via www.bceid.ca without clicking the logout
# link on our app or closing the browser. This is an extreme edge case,
# and it's not pragmatic to code against it at this time.
siteminder_user = request.META.get('HTTP_SM_USER', '')
is_localdev = settings.DEPLOYMENT_TYPE == 'localdev'
update_user = False
guid = request.META.get('HTTP_SMGOV_USERGUID', '')
displayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', '')
if guid:
request.session['smgov_userguid'] = guid
else:
guid = request.session.get('smgov_userguid')
if displayname:
request.session['smgov_userdisplayname'] = displayname
else:
displayname = request.session.get('smgov_userdisplayname')
if is_localdev:
guid = request.session.get('fake_bceid_guid')
displayname = request.session.get('login_name')
if guid and (siteminder_user or is_localdev):
request.user, created = BceidUser.objects.get_or_create(user_guid=guid)
if created:
request.session['first_login'] = True
if siteminder_user:
if created or not request.user.sm_user:
request.user.sm_user = siteminder_user
update_user = True
if request.user.display_name != displayname:
request.user.display_name = displayname
update_user = True
if (request.user.last_login is None or
timezone.now() - request.user.last_login > login_delta):
request.user.last_login = timezone.now()
update_user = True
if update_user:
request.user.save()
else:
request.user = anonymous_user
return None
def __request_came_from_proxy(self, request):
"""
Validate that the request is coming from inside the BC Government data centre
Return True if the request is coming from inside the BC Government data
centre, False otherwise.
Health checks and static resources are allowed from any source. The
latter is mainly so WeasyPrint can request CSS.
"""
# allow all OpenShift health checks
if request.path == settings.FORCE_SCRIPT_NAME + 'health':
return True
# allow requests for static assets to bypass the proxy
# (this is needed so WeasyPrint can request CSS)
if request.path.startswith(settings.FORCE_SCRIPT_NAME[:-1] + settings.STATIC_URL):
return True
bcgov_network = ip_network(settings.BCGOV_NETWORK)
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '')
forwarded_for = x_forwarded_for.split(',')
if len(forwarded_for) == 0:
return False
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')
forwarded_for = [ip.strip() for ip in x_forwarded_for if ip.strip() != '']
for ip in forwarded_for:
if ip !='' and ip_address(ip) in bcgov_network:
return True
return False
return any([ip_address(ip) in bcgov_network for ip in forwarded_for])

+ 34
- 0
edivorce/apps/core/migrations/0016_auto_20171114_2151.py View File

@ -0,0 +1,34 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('core', '0015_auto_20170330_0522'),
]
operations = [
migrations.AddField(
model_name='bceiduser',
name='display_name',
field=models.TextField(blank=True),
),
migrations.AddField(
model_name='bceiduser',
name='sm_user',
field=models.TextField(blank=True),
),
migrations.AlterField(
model_name='userresponse',
name='bceid_user',
field=models.ForeignKey(related_name='responses', to='core.BceidUser'),
),
migrations.AlterField(
model_name='userresponse',
name='question',
field=models.ForeignKey(related_name='responses', to='core.Question'),
),
]

+ 14
- 2
edivorce/apps/core/models.py View File

@ -13,12 +13,24 @@ class BceidUser(models.Model):
user_guid = models.CharField(db_index=True, max_length=32, unique=True, blank=False)
""" BCEID identifier for user """
display_name = models.TextField(blank=True)
""" BCEID display name """
sm_user = models.TextField(blank=True)
""" SiteMinder user value """
date_joined = models.DateTimeField(default=timezone.now)
""" First login timestamp """
last_login = models.DateTimeField(default=timezone.now)
""" Most recent login timestamp """
def is_authenticated(self):
return True
def is_anonymous(self):
return False
def __str__(self):
return 'BCeID User %s' % self.user_guid
@ -63,10 +75,10 @@ class UserResponse(models.Model):
User input
"""
bceid_user = models.ForeignKey(BceidUser)
bceid_user = models.ForeignKey(BceidUser, related_name='responses')
""" User providing response """
question = models.ForeignKey(Question)
question = models.ForeignKey(Question, related_name='responses')
""" Originating question """
value = models.TextField(blank=True)


+ 3
- 3
edivorce/apps/core/templates/base.html View File

@ -52,9 +52,9 @@
</div>
<div class="col-sm-4">
<div class="top_banner-user">
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
<span>
{{ request.bceid_user.display_name}}
{{ request.user.display_name}}
&nbsp;&nbsp;|&nbsp;&nbsp; <a href="{% url 'logout' %}">Log out</a>
</span>
{% endif %}
@ -71,7 +71,7 @@
<div class="row">
<div class="col-md-5">
{% block backToDashboard %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
<div class="mid_banner-dash"><a href="{% url 'overview' %}">
<i class="fa fa-arrow-circle-o-left" aria-hidden="true"></i>View Application Stages</a>
</div>


+ 2
- 2
edivorce/apps/core/templates/prequalification/step_01.html View File

@ -4,7 +4,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}
@ -105,7 +105,7 @@
{% block formbuttons %}
<div class="form-buttons clearfix not-disqualified">
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
<a class="btn btn-primary" href="{% url 'overview' %}">
<i class="fa fa-arrow-circle-o-left"></i>&nbsp;&nbsp;&nbsp;Back
</a>


+ 1
- 1
edivorce/apps/core/templates/prequalification/step_02.html View File

@ -4,7 +4,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}


+ 1
- 1
edivorce/apps/core/templates/prequalification/step_03.html View File

@ -4,7 +4,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}


+ 1
- 1
edivorce/apps/core/templates/prequalification/step_04.html View File

@ -4,7 +4,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}


+ 2
- 2
edivorce/apps/core/templates/prequalification/step_05.html View File

@ -5,7 +5,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}
@ -186,4 +186,4 @@
<h3>Certified Electronic Extract of a Registration of Marriage</h3>
<p><img src="{% static 'img/marr_ex.jpg' %}" /></p>
{% endblock %}
{% endblock %}

+ 2
- 2
edivorce/apps/core/templates/prequalification/step_06.html View File

@ -4,7 +4,7 @@
{% block title %}{{ block.super }}: Prequalification{% endblock %}
{% block progress %}
{% if request.bceid_user.is_authenticated %}
{% if request.user.is_authenticated %}
{% include "partials/progress.html" %}
{% endif %}
{% endblock %}
@ -143,4 +143,4 @@
</ul>
<p>To get a divorce for these reasons you have to prove these things in court.</p>
<p>The majority of divorces are uncontested or undefended divorces (about 80 percent). That means that the divorcing couple have settled on how they're going to settle their parenting, support, and property issues. But they still need a court order for the divorce.</p>
{% endblock %}
{% endblock %}

+ 18
- 15
edivorce/apps/core/views/api.py View File

@ -1,10 +1,11 @@
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.response import Response
from edivorce.apps.core.utils.question_step_mapping import question_step_mapping
from edivorce.apps.core.utils.user_response import save_to_session, save_to_db
from ..models import Question, BceidUser
from ..models import Question
from ..serializer import UserResponseSerializer
from ..utils.question_step_mapping import question_step_mapping
from ..utils.user_response import save_to_session, save_to_db
class UserResponseHandler(APIView):
@ -14,25 +15,27 @@ class UserResponseHandler(APIView):
serializer = UserResponseSerializer(data=request.data)
question_key = request.data['question']
try:
question = Question.objects.get(pk=question_key)
# As a result of discussion, decide to escape < and > only
value = request.data['value'].replace('<', '&lt;').replace('>', '&gt;')
if request.bceid_user.is_authenticated:
user = BceidUser.objects.get(user_guid=request.bceid_user.guid)
save_to_db(serializer, question, value, user)
if request.user.is_authenticated():
save_to_db(serializer, question, value, request.user.user_guid)
else:
# only prequalification questions can be answered when you aren't logged into BCeID
# only prequalification questions can be answered when you
# aren't logged into BCeID
if not question_key in question_step_mapping['prequalification']:
return Response(data="Not logged in", status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED)
return Response(data="Not logged in",
status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED)
save_to_session(request, question, value)
except Question.DoesNotExist:
return Response(data="Question: '%s' does not exist" % question_key, status=status.HTTP_400_BAD_REQUEST)
response = Response(status=status.HTTP_200_OK)
response['X-Debug-Auth-Type'] = request.bceid_user.type
return Response(data="Question: '%s' does not exist" % question_key,
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
import traceback
traceback.print_exc()
print(e)
return response
return Response(status=status.HTTP_200_OK)

+ 46
- 68
edivorce/apps/core/views/main.py View File

@ -1,15 +1,17 @@
import datetime
from django.conf import settings
from django.shortcuts import render, redirect, render_to_response
from django.utils import timezone
from django.template import RequestContext
from edivorce.apps.core.utils.template_step_order import template_step_order
from ..decorators import bceid_required
import datetime
from ..models import BceidUser
from ..utils.user_response import get_responses_from_db, get_responses_from_db_grouped_by_steps, \
get_responses_from_session, copy_session_to_db, get_responses_from_session_grouped_by_steps
from ..utils.question_step_mapping import list_of_registries
from ..utils.step_completeness import get_step_status, is_complete
from edivorce.apps.core.utils.question_step_mapping import list_of_registries
from ..utils.template_step_order import template_step_order
from ..utils.user_response import get_responses_from_db, copy_session_to_db, \
get_responses_from_db_grouped_by_steps, get_responses_from_session, \
get_responses_from_session_grouped_by_steps
def home(request):
@ -21,7 +23,7 @@ def home(request):
siteminder_is_authenticated = request.META.get('HTTP_SM_USER', '') != ''
# if the user is returning from BCeID registration, then log them in to the site
if siteminder_is_authenticated and request.session.get('went_to_register', False) == True:
if siteminder_is_authenticated and request.session.get('went_to_register', False):
request.session['went_to_register'] = False
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login')
@ -35,14 +37,13 @@ def prequalification(request, step):
"""
template = 'prequalification/step_%s.html' % step
if not request.bceid_user.is_authenticated:
if not request.user.is_authenticated():
responses_dict = get_responses_from_session(request)
else:
user, _ = __get_bceid_user(request)
responses_dict = get_responses_from_db(user)
responses_dict = get_responses_from_db(request.user)
responses_dict['active_page'] = 'prequalification'
responses_dict['step_status'] = get_step_status(get_responses_from_db_grouped_by_steps(user))
responses_by_step = get_responses_from_db_grouped_by_steps(request.user)
responses_dict['step_status'] = get_step_status(responses_by_step)
return render(request, template_name=template, context=responses_dict)
@ -51,16 +52,14 @@ def success(request):
"""
This page is shown if the user passes the qualification test
"""
if request.bceid_user.is_authenticated:
if request.user.is_authenticated():
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview')
else:
prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification']
complete, missed_questions = is_complete('prequalification', prequal_responses)
if complete:
return render(request, 'success.html', context={'register_url': settings.REGISTER_URL})
else:
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/incomplete')
prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification']
complete, _ = is_complete('prequalification', prequal_responses)
if complete:
return render(request, 'success.html', context={'register_url': settings.REGISTER_URL})
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/incomplete')
def incomplete(request):
@ -68,7 +67,7 @@ def incomplete(request):
This page is shown if the user misses any pre-qualification questions
"""
prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification']
complete, missed_questions = is_complete('prequalification', prequal_responses)
_, missed_questions = is_complete('prequalification', prequal_responses)
responses_dict = get_responses_from_session(request)
responses_dict.append(('debug', settings.DEBUG, ))
@ -83,9 +82,9 @@ def register(request):
"""
if settings.DEPLOYMENT_TYPE == 'localdev':
return render(request, 'localdev/register.html')
else:
request.session['went_to_register'] = True
return redirect(settings.REGISTER_URL)
request.session['went_to_register'] = True
return redirect(settings.REGISTER_URL)
def login(request):
@ -96,38 +95,32 @@ def login(request):
"""
if settings.DEPLOYMENT_TYPE == 'localdev' and not request.session.get('fake_bceid_guid'):
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
else:
# get the Guid that was set in the middleware
if request.bceid_user.guid is None:
# Fix for weird siteminder behaviour......
# If a user is logged into an IDIR then they can see the login page
# but the SMGOV headers are missing. If this is the case, then log them out
# of their IDIR, and redirect them back to here again....
if not request.user.is_authenticated():
# Fix for weird siteminder behaviour......
# If a user is logged into an IDIR then they can see the login page but
# the SMGOV headers are missing. If this is the case, then log them out
# of their IDIR, and redirect them back to here again....
# FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us exactly how the user is
# logged in. But it doesn't seem like a very good idea at this time to rely on this magic string.
# e.g. CN=Smith\, John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV
# FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us
# exactly how the user is logged in. But it doesn't seem like a very
# good idea at this time to rely on this magic string. e.g. CN=Smith\,
# John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV
if request.GET.get('noretry','') != 'true':
return redirect(settings.LOGOUT_URL_TEMPLATE % (
settings.PROXY_BASE_URL, settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true'))
else:
return render(request, '407.html')
if request.GET.get('noretry', '') != 'true':
return redirect(settings.LOGOUT_URL_TEMPLATE % (
settings.PROXY_BASE_URL,
settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true'))
user, created = __get_bceid_user(request)
return render(request, '407.html')
# some later messaging needs to be shown or hidden based on whether
# or not this is a returning user
request.session["first_login"] = created
if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1):
request.user.last_login = timezone.now()
request.user.save()
if timezone.now() - user.last_login > datetime.timedelta(minutes=1):
user.last_login = timezone.now()
user.save()
copy_session_to_db(request, request.user)
copy_session_to_db(request, user)
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview')
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview')
def logout(request):
@ -149,8 +142,7 @@ def overview(request):
"""
Dashboard: Process overview page.
"""
user, _ = __get_bceid_user(request)
responses_dict_by_step = get_responses_from_db_grouped_by_steps(user)
responses_dict_by_step = get_responses_from_db_grouped_by_steps(request.user)
# Add step status dictionary
responses_dict_by_step['step_status'] = get_step_status(responses_dict_by_step)
@ -169,8 +161,7 @@ def dashboard_nav(request, nav_step):
"""
Dashboard: All other pages
"""
user, _ = __get_bceid_user(request)
responses_dict = get_responses_from_db(user)
responses_dict = get_responses_from_db(request.user)
responses_dict['active_page'] = nav_step
template_name = 'dashboard/%s.html' % nav_step
return render(request, template_name=template_name, context=responses_dict)
@ -183,13 +174,12 @@ def question(request, step):
"""
template = 'question/%02d_%s.html' % (template_step_order[step], step)
user, _ = __get_bceid_user(request)
responses_dict_by_step = get_responses_from_db_grouped_by_steps(user, True)
responses_dict_by_step = get_responses_from_db_grouped_by_steps(request.user, True)
if step == "review":
responses_dict = responses_dict_by_step
else:
responses_dict = get_responses_from_db(user)
responses_dict = get_responses_from_db(request.user)
# Add step status dictionary
responses_dict['step_status'] = get_step_status(responses_dict_by_step)
@ -227,15 +217,3 @@ def legal(request):
Legal Information page
"""
return render(request, 'legal.html', context={'active_page': 'legal'})
def __get_bceid_user(request):
user, created = BceidUser.objects.get_or_create(user_guid=request.bceid_user.guid)
# update the last_login timestamp if it was more than 2 hours ago
# this ensures that it gets updated for users who bypass the /login url with a direct link
if user.last_login is None or timezone.now() - user.last_login > datetime.timedelta(hours=2):
user.last_login = timezone.now()
user.save()
return user, created

+ 1
- 0
edivorce/settings/base.py View File

@ -129,3 +129,4 @@ BASICAUTH_ENABLED = False
# Google Tag Manager (dev/test instance)
GTM_ID = 'GTM-NJLR7LT'

Write Preview
Loading…
Cancel
Save