You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2021/06/14 20:09:09 UTC
[airavata-django-portal] 04/04: Merge branch 'airavata-3383' into
develop
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit 3b022ea407ed75873515930f12ac31d6b31260cc
Merge: 27dc31b f08c213
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon Jun 14 16:08:29 2021 -0400
Merge branch 'airavata-3383' into develop
django_airavata/apps/auth/views.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --cc django_airavata/apps/auth/views.py
index 33684b5,1ef0259..fb0d295
--- a/django_airavata/apps/auth/views.py
+++ b/django_airavata/apps/auth/views.py
@@@ -520,91 -509,9 +520,91 @@@ def _create_login_desktop_failed_respon
@login_required
+def access_token_redirect(request):
+ redirect_uri = request.GET['redirect_uri']
+ config = next(filter(lambda d: d.get('URI') == redirect_uri,
+ settings.ACCESS_TOKEN_REDIRECT_ALLOWED_URIS), None)
+ if config is None:
+ logger.warning(f"redirect_uri value '{redirect_uri}' is not configured "
+ "in ACCESS_TOKEN_REDIRECT_ALLOWED_URIS setting")
+ return HttpResponseForbidden("Invalid redirect_uri value")
+ return redirect(redirect_uri + f"{'&' if '?' in redirect_uri else '?'}{config.get('PARAM_NAME', 'access_token')}="
+ f"{quote(request.authz_token.accessToken)}")
+
+
+def user_profile(request):
+ return render(request, "django_airavata_auth/base.html", {
+ 'bundle_name': "user-profile"
+ })
+
+
+class IsUserOrReadOnlyForAdmins(permissions.BasePermission):
+ def has_permission(self, request, view):
+ return request.user.is_authenticated
+
+ def has_object_permission(self, request, view, obj):
+ if (request.method in permissions.SAFE_METHODS and
+ request.is_gateway_admin):
+ return True
+ return obj == request.user
+
+
+# TODO: disable deleting and creating?
+class UserViewSet(viewsets.ModelViewSet):
+ serializer_class = serializers.UserSerializer
+ queryset = get_user_model().objects.all()
+ permission_classes = [IsUserOrReadOnlyForAdmins]
+
+ def get_queryset(self):
+ user = self.request.user
+ if user.is_superuser:
+ return get_user_model().objects.all()
+ else:
+ return get_user_model().objects.get(pk=user.pk)
+
+ @action(detail=False)
+ def current(self, request):
+ return redirect(reverse('django_airavata_auth:user-detail', kwargs={'pk': request.user.id}))
+
+ @action(methods=['post'], detail=True)
+ def resend_email_verification(self, request, pk=None):
+ pending_email_change = models.PendingEmailChange.objects.get(user=request.user, verified=False)
+ if pending_email_change is not None:
+ serializer = serializers.UserSerializer()
+ serializer._send_email_verification_link(request, pending_email_change)
+ return JsonResponse({})
+
+ @action(methods=['post'], detail=True)
+ @atomic
+ def verify_email_change(self, request, pk=None):
+ user = self.get_object()
+ code = request.data['code']
+
+ try:
+ pending_email_change = models.PendingEmailChange.objects.get(user=user, verification_code=code)
+ except models.PendingEmailChange.DoesNotExist:
+ raise Exception('Verification code is invalid. Please try again.')
+ pending_email_change.verified = True
+ pending_email_change.save()
+ user.email = pending_email_change.email_address
+ user.save()
+ user.refresh_from_db()
+
+ try:
+ user_profile_client = request.profile_service['user_profile']
+ airavata_user_profile = user_profile_client.getUserProfileById(
+ request.authz_token, user.username, settings.GATEWAY_ID)
+ airavata_user_profile.emails = [pending_email_change.email_address]
+ user_profile_client.updateUserProfile(request.authz_token, airavata_user_profile)
+ except Exception as e:
+ raise Exception(f"Failed to update Airavata User Profile with new email address: {e}") from e
+ serializer = self.get_serializer(user)
+ return Response(serializer.data)
+
+
def download_settings_local(request):
- if not request.is_gateway_admin or not request.is_read_only_gateway_admin:
+ if not (request.is_gateway_admin or request.is_read_only_gateway_admin):
raise PermissionDenied()
if settings.DEBUG: