diff --git a/edivorce/apps/core/decorators.py b/edivorce/apps/core/decorators.py index 617ec147..7442e20c 100644 --- a/edivorce/apps/core/decorators.py +++ b/edivorce/apps/core/decorators.py @@ -3,15 +3,17 @@ from django.shortcuts import redirect def bceid_required(function=None): - """ View decorator to check if the user is logged in to BCEID """ - """ This decorator has a dependency on bceid_middleware.py """ + """ + View decorator to check if the user is logged in to BCEID + + This decorator has a dependency on bceid_middleware.py + """ def _dec(view_func): def _view(request, *args, **kwargs): - if not request.bceid_user.is_authenticated: + if not request.user.is_authenticated(): return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login') - else: - return view_func(request, *args, **kwargs) + return view_func(request, *args, **kwargs) _view.__name__ = view_func.__name__ _view.__dict__ = view_func.__dict__ @@ -19,7 +21,4 @@ def bceid_required(function=None): return _view - if function is None: - return _dec - else: - return _dec(function) + return _dec if function is None else _dec(function) diff --git a/edivorce/apps/core/middleware/bceid_middleware.py b/edivorce/apps/core/middleware/bceid_middleware.py index 94a69c53..0b326f9c 100644 --- a/edivorce/apps/core/middleware/bceid_middleware.py +++ b/edivorce/apps/core/middleware/bceid_middleware.py @@ -1,104 +1,155 @@ -import uuid +import datetime from ipaddress import ip_address, ip_network -import sys from django.conf import settings from django.shortcuts import redirect +from django.utils import timezone +from ..models import BceidUser -class BceidUser(object): - def __init__(self, guid, display_name, user_type, is_authenticated): - self.guid = guid - self.display_name = display_name - self.type = user_type - self.is_authenticated = is_authenticated +login_delta = datetime.timedelta(hours=2) -class BceidMiddleware(object): - def process_request(self, request): +class AnonymousUser(): + """ + Anonymous user, present mainly to provide authentication checks in templates + """ - # Save SiteMinder headers to session variables. /login* is the only actual - # SiteMinder-protected part of the site, so the headers aren't availabale anywhere else - if request.META.get('HTTP_SMGOV_USERGUID', ''): - request.session['smgov_userguid'] = request.META.get('HTTP_SMGOV_USERGUID') + guid = None + display_name = '' - if request.META.get('HTTP_SMGOV_USERDISPLAYNAME', ''): - request.session['smgov_userdisplayname'] = request.META.get('HTTP_SMGOV_USERDISPLAYNAME') + def is_authenticated(self): + return False - # get SiteMinder variables from the headers first, then from the session - smgov_userguid = request.META.get('HTTP_SMGOV_USERGUID', request.session.get('smgov_userguid', False)) - smgov_userdisplayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', request.session.get('smgov_userdisplayname', False)) + def is_anonymous(self): + return True - # HTTP_SM_USER is available on both secure and unsecure pages. If it has a value then we know - # that the user is still logged into BCeID - # This is an additional check to make sure we aren't letting users access the site - # via their session variables after logging out of bceid - has_siteminder_auth = request.META.get('HTTP_SM_USER','') != '' +anonymous_user = AnonymousUser() - # Note: It's still possible that a user has logged out of one BCeID and logged into another BCeID - # via www.bceid.ca without clicking the logout link on our app or closing the browser. This is an - # extreme edge case, and it's not pragmatic to code against it at this time. - # make sure the request didn't bypass the proxy - if settings.DEPLOYMENT_TYPE != 'localdev' and not self.__request_came_from_proxy(request): - print("Redirecting to " + settings.PROXY_BASE_URL + request.path, file=sys.stderr) - return redirect(settings.PROXY_BASE_URL + request.path) +class BceidMiddleware(object): # pylint: disable=too-few-public-methods + """ + Simple authentication middleware for operating in the BC Government + OpenShift environment, with SiteMinder integration. - if settings.DEPLOYMENT_TYPE != 'localdev' and has_siteminder_auth and smgov_userguid: + For our purposes, SiteMinder is configured to add the following headers: - # 1. Real BCeID user / logged in - request.bceid_user = BceidUser( - guid=smgov_userguid, - is_authenticated=True, - user_type='BCEID', - display_name=smgov_userdisplayname - ) + SMGOV_USERGUID + SMGOV_USERDISPLAYNAME + SM_USER - elif settings.DEPLOYMENT_TYPE == 'localdev' and request.session.get('fake_bceid_guid', False): + The first two are provided on pages configured to be protected by + SiteMinder, which is currently just /login. When a user goes to the login + page, if the user is logged in, SiteMinder adds those headers with their + BCeID values; if they're not logged in, it routes them through its + login/signup page and then back to the login page, with those headers in + place. For unprotected pages, those headers are stripped if present, + preventing spoofing. - # 2. Fake BCeID user / logged in - request.bceid_user = BceidUser( - guid=request.session.get('fake_bceid_guid'), - is_authenticated=True, - user_type='FAKE', - display_name=request.session.get('login_name', '') - ) + The third header is populated on every request that's proxied through + SiteMinder. For logged in users, it contains their ???; for anonymous + users, it's empty. - else: + When we detect authentication by the presence of the first two headers, we + store those values in the user's session. On all requests, we use them to + access a local proxy object for the user (available as request.user). For + users that are not logged in, an Anonymous User substitute is present. + + In a local development environment, we generate a guid based on the login + name and treat that guid/login name as guid/display name. + """ + + def process_request(self, request): # pylint: disable=too-many-branches + """ + Return None after populating request.user, or necessary redirects. + + If the request is not coming from inside the BC Government data centre, + redirect the request through the proxy server. - # 3. Anonymous User / not logged in - request.bceid_user = BceidUser( - guid=None, - is_authenticated=False, - user_type='ANONYMOUS', - display_name='' - ) + If the SiteMinder headers are present, indicating the user has just + authenticated, save those headers to the session. - def process_response(self, request, response): - return response + Get the user's GUID and display name. If they're present, and the user + has authenticated (or we're in a local development environment), add + the local proxy user to the request; if not, store the anonymous user + instance. + """ + # make sure the request didn't bypass the proxy + if (settings.DEPLOYMENT_TYPE != 'localdev' and + not self.__request_came_from_proxy(request)): + return redirect(settings.PROXY_BASE_URL + request.path) + + # HTTP_SM_USER is available on both secure and unsecure pages. If it + # has a value then we know that the user is still logged into BCeID. + # This is an additional check to make sure we aren't letting users + # access the site via their session variables after logging out of bceid + # + # Note: It's still possible that a user has logged out of one BCeID and + # logged into another BCeID via www.bceid.ca without clicking the logout + # link on our app or closing the browser. This is an extreme edge case, + # and it's not pragmatic to code against it at this time. + siteminder_user = request.META.get('HTTP_SM_USER', '') + is_localdev = settings.DEPLOYMENT_TYPE == 'localdev' + update_user = False + + guid = request.META.get('HTTP_SMGOV_USERGUID', '') + displayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', '') + + if guid: + request.session['smgov_userguid'] = guid + else: + guid = request.session.get('smgov_userguid') + + if displayname: + request.session['smgov_userdisplayname'] = displayname + else: + displayname = request.session.get('smgov_userdisplayname') + + if is_localdev: + guid = request.session.get('fake_bceid_guid') + displayname = request.session.get('login_name') + + if guid and (siteminder_user or is_localdev): + request.user, created = BceidUser.objects.get_or_create(user_guid=guid) + if created: + request.session['first_login'] = True + if siteminder_user: + if created or not request.user.sm_user: + request.user.sm_user = siteminder_user + update_user = True + if request.user.display_name != displayname: + request.user.display_name = displayname + update_user = True + if (request.user.last_login is None or + timezone.now() - request.user.last_login > login_delta): + request.user.last_login = timezone.now() + update_user = True + + if update_user: + request.user.save() + else: + request.user = anonymous_user + + return None def __request_came_from_proxy(self, request): """ - Validate that the request is coming from inside the BC Government data centre + Return True if the request is coming from inside the BC Government data + centre, False otherwise. + + Health checks and static resources are allowed from any source. The + latter is mainly so WeasyPrint can request CSS. """ - # allow all OpenShift health checks + if request.path == settings.FORCE_SCRIPT_NAME + 'health': return True - # allow requests for static assets to bypass the proxy - # (this is needed so WeasyPrint can request CSS) if request.path.startswith(settings.FORCE_SCRIPT_NAME[:-1] + settings.STATIC_URL): return True bcgov_network = ip_network(settings.BCGOV_NETWORK) - x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '') - forwarded_for = x_forwarded_for.split(',') - - if len(forwarded_for) == 0: - return False + x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',') + forwarded_for = [ip.strip() for ip in x_forwarded_for if ip.strip() != ''] - for ip in forwarded_for: - if ip !='' and ip_address(ip) in bcgov_network: - return True - return False \ No newline at end of file + return any([ip_address(ip) in bcgov_network for ip in forwarded_for]) diff --git a/edivorce/apps/core/migrations/0016_auto_20171114_2151.py b/edivorce/apps/core/migrations/0016_auto_20171114_2151.py new file mode 100644 index 00000000..90d21336 --- /dev/null +++ b/edivorce/apps/core/migrations/0016_auto_20171114_2151.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('core', '0015_auto_20170330_0522'), + ] + + operations = [ + migrations.AddField( + model_name='bceiduser', + name='display_name', + field=models.TextField(blank=True), + ), + migrations.AddField( + model_name='bceiduser', + name='sm_user', + field=models.TextField(blank=True), + ), + migrations.AlterField( + model_name='userresponse', + name='bceid_user', + field=models.ForeignKey(related_name='responses', to='core.BceidUser'), + ), + migrations.AlterField( + model_name='userresponse', + name='question', + field=models.ForeignKey(related_name='responses', to='core.Question'), + ), + ] diff --git a/edivorce/apps/core/models.py b/edivorce/apps/core/models.py index 09568dd6..1ac15b2b 100644 --- a/edivorce/apps/core/models.py +++ b/edivorce/apps/core/models.py @@ -13,12 +13,24 @@ class BceidUser(models.Model): user_guid = models.CharField(db_index=True, max_length=32, unique=True, blank=False) """ BCEID identifier for user """ + display_name = models.TextField(blank=True) + """ BCEID display name """ + + sm_user = models.TextField(blank=True) + """ SiteMinder user value """ + date_joined = models.DateTimeField(default=timezone.now) """ First login timestamp """ last_login = models.DateTimeField(default=timezone.now) """ Most recent login timestamp """ + def is_authenticated(self): + return True + + def is_anonymous(self): + return False + def __str__(self): return 'BCeID User %s' % self.user_guid @@ -63,10 +75,10 @@ class UserResponse(models.Model): User input """ - bceid_user = models.ForeignKey(BceidUser) + bceid_user = models.ForeignKey(BceidUser, related_name='responses') """ User providing response """ - question = models.ForeignKey(Question) + question = models.ForeignKey(Question, related_name='responses') """ Originating question """ value = models.TextField(blank=True) diff --git a/edivorce/apps/core/templates/base.html b/edivorce/apps/core/templates/base.html index 6099287c..52f60e37 100644 --- a/edivorce/apps/core/templates/base.html +++ b/edivorce/apps/core/templates/base.html @@ -52,9 +52,9 @@
- {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} - {{ request.bceid_user.display_name}} + {{ request.user.display_name}}   |   Log out {% endif %} @@ -71,7 +71,7 @@
{% block backToDashboard %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %}
View Application Stages
diff --git a/edivorce/apps/core/templates/prequalification/step_01.html b/edivorce/apps/core/templates/prequalification/step_01.html index a618a5f4..5248e5ef 100644 --- a/edivorce/apps/core/templates/prequalification/step_01.html +++ b/edivorce/apps/core/templates/prequalification/step_01.html @@ -4,7 +4,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} @@ -105,7 +105,7 @@ {% block formbuttons %}
- {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %}    Back diff --git a/edivorce/apps/core/templates/prequalification/step_02.html b/edivorce/apps/core/templates/prequalification/step_02.html index a37f3d21..e140a75e 100644 --- a/edivorce/apps/core/templates/prequalification/step_02.html +++ b/edivorce/apps/core/templates/prequalification/step_02.html @@ -4,7 +4,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} diff --git a/edivorce/apps/core/templates/prequalification/step_03.html b/edivorce/apps/core/templates/prequalification/step_03.html index 6416af29..b3918b69 100644 --- a/edivorce/apps/core/templates/prequalification/step_03.html +++ b/edivorce/apps/core/templates/prequalification/step_03.html @@ -4,7 +4,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} diff --git a/edivorce/apps/core/templates/prequalification/step_04.html b/edivorce/apps/core/templates/prequalification/step_04.html index aa2eeaf0..d8ba410f 100644 --- a/edivorce/apps/core/templates/prequalification/step_04.html +++ b/edivorce/apps/core/templates/prequalification/step_04.html @@ -4,7 +4,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} diff --git a/edivorce/apps/core/templates/prequalification/step_05.html b/edivorce/apps/core/templates/prequalification/step_05.html index d2e2aab7..af72fa4b 100644 --- a/edivorce/apps/core/templates/prequalification/step_05.html +++ b/edivorce/apps/core/templates/prequalification/step_05.html @@ -5,7 +5,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} @@ -186,4 +186,4 @@

Certified Electronic Extract of a Registration of Marriage

-{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/edivorce/apps/core/templates/prequalification/step_06.html b/edivorce/apps/core/templates/prequalification/step_06.html index cf87de93..87182cbf 100644 --- a/edivorce/apps/core/templates/prequalification/step_06.html +++ b/edivorce/apps/core/templates/prequalification/step_06.html @@ -4,7 +4,7 @@ {% block title %}{{ block.super }}: Prequalification{% endblock %} {% block progress %} - {% if request.bceid_user.is_authenticated %} + {% if request.user.is_authenticated %} {% include "partials/progress.html" %} {% endif %} {% endblock %} @@ -143,4 +143,4 @@

To get a divorce for these reasons you have to prove these things in court.

The majority of divorces are uncontested or undefended divorces (about 80 percent). That means that the divorcing couple have settled on how they're going to settle their parenting, support, and property issues. But they still need a court order for the divorce.

-{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/edivorce/apps/core/views/api.py b/edivorce/apps/core/views/api.py index b6a696ec..f3248c25 100644 --- a/edivorce/apps/core/views/api.py +++ b/edivorce/apps/core/views/api.py @@ -1,10 +1,11 @@ from rest_framework import status from rest_framework.views import APIView from rest_framework.response import Response -from edivorce.apps.core.utils.question_step_mapping import question_step_mapping -from edivorce.apps.core.utils.user_response import save_to_session, save_to_db -from ..models import Question, BceidUser + +from ..models import Question from ..serializer import UserResponseSerializer +from ..utils.question_step_mapping import question_step_mapping +from ..utils.user_response import save_to_session, save_to_db class UserResponseHandler(APIView): @@ -14,25 +15,27 @@ class UserResponseHandler(APIView): serializer = UserResponseSerializer(data=request.data) question_key = request.data['question'] - + try: question = Question.objects.get(pk=question_key) # As a result of discussion, decide to escape < and > only value = request.data['value'].replace('<', '<').replace('>', '>') - if request.bceid_user.is_authenticated: - user = BceidUser.objects.get(user_guid=request.bceid_user.guid) - save_to_db(serializer, question, value, user) + if request.user.is_authenticated(): + save_to_db(serializer, question, value, request.user.user_guid) else: - # only prequalification questions can be answered when you aren't logged into BCeID + # only prequalification questions can be answered when you + # aren't logged into BCeID if not question_key in question_step_mapping['prequalification']: - return Response(data="Not logged in", status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED) - + return Response(data="Not logged in", + status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED) save_to_session(request, question, value) except Question.DoesNotExist: - return Response(data="Question: '%s' does not exist" % question_key, status=status.HTTP_400_BAD_REQUEST) - - response = Response(status=status.HTTP_200_OK) - response['X-Debug-Auth-Type'] = request.bceid_user.type + return Response(data="Question: '%s' does not exist" % question_key, + status=status.HTTP_400_BAD_REQUEST) + except Exception as e: + import traceback + traceback.print_exc() + print(e) - return response + return Response(status=status.HTTP_200_OK) diff --git a/edivorce/apps/core/views/main.py b/edivorce/apps/core/views/main.py index fb22f1b9..87bfc12e 100644 --- a/edivorce/apps/core/views/main.py +++ b/edivorce/apps/core/views/main.py @@ -1,15 +1,17 @@ +import datetime + from django.conf import settings from django.shortcuts import render, redirect, render_to_response from django.utils import timezone from django.template import RequestContext -from edivorce.apps.core.utils.template_step_order import template_step_order + from ..decorators import bceid_required -import datetime -from ..models import BceidUser -from ..utils.user_response import get_responses_from_db, get_responses_from_db_grouped_by_steps, \ - get_responses_from_session, copy_session_to_db, get_responses_from_session_grouped_by_steps +from ..utils.question_step_mapping import list_of_registries from ..utils.step_completeness import get_step_status, is_complete -from edivorce.apps.core.utils.question_step_mapping import list_of_registries +from ..utils.template_step_order import template_step_order +from ..utils.user_response import get_responses_from_db, copy_session_to_db, \ + get_responses_from_db_grouped_by_steps, get_responses_from_session, \ + get_responses_from_session_grouped_by_steps def home(request): @@ -21,7 +23,7 @@ def home(request): siteminder_is_authenticated = request.META.get('HTTP_SM_USER', '') != '' # if the user is returning from BCeID registration, then log them in to the site - if siteminder_is_authenticated and request.session.get('went_to_register', False) == True: + if siteminder_is_authenticated and request.session.get('went_to_register', False): request.session['went_to_register'] = False return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login') @@ -35,14 +37,13 @@ def prequalification(request, step): """ template = 'prequalification/step_%s.html' % step - if not request.bceid_user.is_authenticated: + if not request.user.is_authenticated(): responses_dict = get_responses_from_session(request) else: - user, _ = __get_bceid_user(request) - - responses_dict = get_responses_from_db(user) + responses_dict = get_responses_from_db(request.user) responses_dict['active_page'] = 'prequalification' - responses_dict['step_status'] = get_step_status(get_responses_from_db_grouped_by_steps(user)) + responses_by_step = get_responses_from_db_grouped_by_steps(request.user) + responses_dict['step_status'] = get_step_status(responses_by_step) return render(request, template_name=template, context=responses_dict) @@ -51,16 +52,14 @@ def success(request): """ This page is shown if the user passes the qualification test """ - if request.bceid_user.is_authenticated: + if request.user.is_authenticated(): return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview') - else: - prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification'] - complete, missed_questions = is_complete('prequalification', prequal_responses) - if complete: - return render(request, 'success.html', context={'register_url': settings.REGISTER_URL}) - else: - return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/incomplete') + prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification'] + complete, _ = is_complete('prequalification', prequal_responses) + if complete: + return render(request, 'success.html', context={'register_url': settings.REGISTER_URL}) + return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/incomplete') def incomplete(request): @@ -68,7 +67,7 @@ def incomplete(request): This page is shown if the user misses any pre-qualification questions """ prequal_responses = get_responses_from_session_grouped_by_steps(request)['prequalification'] - complete, missed_questions = is_complete('prequalification', prequal_responses) + _, missed_questions = is_complete('prequalification', prequal_responses) responses_dict = get_responses_from_session(request) responses_dict.append(('debug', settings.DEBUG, )) @@ -83,9 +82,9 @@ def register(request): """ if settings.DEPLOYMENT_TYPE == 'localdev': return render(request, 'localdev/register.html') - else: - request.session['went_to_register'] = True - return redirect(settings.REGISTER_URL) + + request.session['went_to_register'] = True + return redirect(settings.REGISTER_URL) def login(request): @@ -96,38 +95,32 @@ def login(request): """ if settings.DEPLOYMENT_TYPE == 'localdev' and not request.session.get('fake_bceid_guid'): return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid') - else: - # get the Guid that was set in the middleware - if request.bceid_user.guid is None: - # Fix for weird siteminder behaviour...... - # If a user is logged into an IDIR then they can see the login page - # but the SMGOV headers are missing. If this is the case, then log them out - # of their IDIR, and redirect them back to here again.... + if not request.user.is_authenticated(): + # Fix for weird siteminder behaviour...... + # If a user is logged into an IDIR then they can see the login page but + # the SMGOV headers are missing. If this is the case, then log them out + # of their IDIR, and redirect them back to here again.... - # FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us exactly how the user is - # logged in. But it doesn't seem like a very good idea at this time to rely on this magic string. - # e.g. CN=Smith\, John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV + # FUTURE DEV NOTE: The DC elements of HTTP_SM_USERDN header will tell us + # exactly how the user is logged in. But it doesn't seem like a very + # good idea at this time to rely on this magic string. e.g. CN=Smith\, + # John,OU=Users,OU=Attorney General,OU=BCGOV,DC=idir,DC=BCGOV - if request.GET.get('noretry','') != 'true': - return redirect(settings.LOGOUT_URL_TEMPLATE % ( - settings.PROXY_BASE_URL, settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true')) - else: - return render(request, '407.html') + if request.GET.get('noretry', '') != 'true': + return redirect(settings.LOGOUT_URL_TEMPLATE % ( + settings.PROXY_BASE_URL, + settings.FORCE_SCRIPT_NAME[:-1] + '/login%3Fnoretry=true')) - user, created = __get_bceid_user(request) + return render(request, '407.html') - # some later messaging needs to be shown or hidden based on whether - # or not this is a returning user - request.session["first_login"] = created + if timezone.now() - request.user.last_login > datetime.timedelta(minutes=1): + request.user.last_login = timezone.now() + request.user.save() - if timezone.now() - user.last_login > datetime.timedelta(minutes=1): - user.last_login = timezone.now() - user.save() + copy_session_to_db(request, request.user) - copy_session_to_db(request, user) - - return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview') + return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/overview') def logout(request): @@ -149,8 +142,7 @@ def overview(request): """ Dashboard: Process overview page. """ - user, _ = __get_bceid_user(request) - responses_dict_by_step = get_responses_from_db_grouped_by_steps(user) + responses_dict_by_step = get_responses_from_db_grouped_by_steps(request.user) # Add step status dictionary responses_dict_by_step['step_status'] = get_step_status(responses_dict_by_step) @@ -169,8 +161,7 @@ def dashboard_nav(request, nav_step): """ Dashboard: All other pages """ - user, _ = __get_bceid_user(request) - responses_dict = get_responses_from_db(user) + responses_dict = get_responses_from_db(request.user) responses_dict['active_page'] = nav_step template_name = 'dashboard/%s.html' % nav_step return render(request, template_name=template_name, context=responses_dict) @@ -183,13 +174,12 @@ def question(request, step): """ template = 'question/%02d_%s.html' % (template_step_order[step], step) - user, _ = __get_bceid_user(request) - responses_dict_by_step = get_responses_from_db_grouped_by_steps(user, True) + responses_dict_by_step = get_responses_from_db_grouped_by_steps(request.user, True) if step == "review": responses_dict = responses_dict_by_step else: - responses_dict = get_responses_from_db(user) + responses_dict = get_responses_from_db(request.user) # Add step status dictionary responses_dict['step_status'] = get_step_status(responses_dict_by_step) @@ -227,15 +217,3 @@ def legal(request): Legal Information page """ return render(request, 'legal.html', context={'active_page': 'legal'}) - - -def __get_bceid_user(request): - user, created = BceidUser.objects.get_or_create(user_guid=request.bceid_user.guid) - - # update the last_login timestamp if it was more than 2 hours ago - # this ensures that it gets updated for users who bypass the /login url with a direct link - if user.last_login is None or timezone.now() - user.last_login > datetime.timedelta(hours=2): - user.last_login = timezone.now() - user.save() - - return user, created diff --git a/edivorce/settings/base.py b/edivorce/settings/base.py index 0348f954..1ce7ca64 100644 --- a/edivorce/settings/base.py +++ b/edivorce/settings/base.py @@ -129,3 +129,4 @@ BASICAUTH_ENABLED = False # Google Tag Manager (dev/test instance) GTM_ID = 'GTM-NJLR7LT' +