IdHub/idhub/mixins.py

109 lines
3.6 KiB
Python
Raw Permalink Normal View History

2023-10-09 09:44:26 +00:00
from django.contrib.auth.mixins import LoginRequiredMixin
2024-01-20 14:28:42 +00:00
from django.utils.translation import gettext_lazy as _
from django.core.exceptions import PermissionDenied
2023-10-09 11:43:34 +00:00
from django.urls import reverse_lazy, resolve
2023-10-09 09:44:26 +00:00
from django.shortcuts import redirect
from django.core.cache import cache
from django.conf import settings
2023-10-09 09:44:26 +00:00
2024-01-20 11:26:19 +00:00
class Http403(PermissionDenied):
status_code = 403
default_detail = _('Permission denied. User is not authenticated')
default_code = 'forbidden'
def __init__(self, details=None, code=None):
if details is not None:
2024-01-20 11:26:19 +00:00
self.detail = details or self.default_details
if code is not None:
self.code = code or self.default_code
2023-10-09 09:44:26 +00:00
2023-10-11 07:52:05 +00:00
class UserView(LoginRequiredMixin):
2023-10-09 09:44:26 +00:00
login_url = "/login/"
2023-10-09 16:38:28 +00:00
wallet = False
admin_validated = False
path_terms = [
'admin_terms_and_conditions',
'user_terms_and_conditions',
'user_gdpr',
'user_waiting',
'user_waiting',
'encryption_key',
]
def get(self, request, *args, **kwargs):
err_txt = "User domain is {} which does not match server domain {}".format(
request.get_host(), settings.DOMAIN
)
assert request.get_host() == settings.DOMAIN, err_txt
2024-01-20 14:53:10 +00:00
self.admin_validated = cache.get("KEY_DIDS")
response = super().get(request, *args, **kwargs)
if not self.admin_validated:
actual_path = resolve(self.request.path).url_name
if not self.request.user.is_admin:
if actual_path != 'user_waiting':
return redirect(reverse_lazy("idhub:user_waiting"))
if self.request.user.is_admin:
if actual_path != 'encryption_key':
return redirect(reverse_lazy("idhub:encryption_key"))
url = self.check_gdpr()
2024-01-20 14:53:10 +00:00
return url or response
def post(self, request, *args, **kwargs):
err_txt = "User domain is {} which does not match server domain {}".format(
request.get_host(), settings.DOMAIN
)
assert request.get_host() == settings.DOMAIN, err_txt
2024-01-20 14:53:10 +00:00
self.admin_validated = cache.get("KEY_DIDS")
response = super().post(request, *args, **kwargs)
url = self.check_gdpr()
2024-01-20 14:53:10 +00:00
return url or response
2023-10-09 09:44:26 +00:00
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context.update({
'title': self.title,
2023-10-09 11:43:34 +00:00
'subtitle': self.subtitle,
'icon': self.icon,
'section': self.section,
'path': resolve(self.request.path).url_name,
2023-10-09 16:38:28 +00:00
'user': self.request.user,
'wallet': self.wallet,
2024-02-20 18:20:49 +00:00
'admin_validated': True if self.admin_validated else False,
'commit_id': settings.COMMIT,
2023-10-09 09:44:26 +00:00
})
return context
def check_gdpr(self):
if not self.request.user.accept_gdpr:
url = reverse_lazy("idhub:user_terms_and_conditions")
if self.request.user.is_admin:
url = reverse_lazy("idhub:admin_terms_and_conditions")
if resolve(self.request.path).url_name not in self.path_terms:
return redirect(url)
2023-10-09 09:44:26 +00:00
class AdminView(UserView):
2023-10-11 16:08:20 +00:00
def get(self, request, *args, **kwargs):
2024-01-20 11:26:19 +00:00
self.check_valid_user()
2023-10-11 16:08:20 +00:00
return super().get(request, *args, **kwargs)
2023-10-09 09:44:26 +00:00
2024-01-20 11:26:19 +00:00
def post(self, request, *args, **kwargs):
self.check_valid_user()
return super().post(request, *args, **kwargs)
2024-01-19 09:59:35 +00:00
2024-01-20 11:26:19 +00:00
def check_valid_user(self):
if not self.request.user.is_admin:
raise Http403()
2024-01-20 11:26:19 +00:00
if self.request.session.get("2fauth"):
raise Http403()
2024-01-20 11:26:19 +00:00