django-cats/cats/views.py

from http import HTTPStatus

from django.conf import settings
from django.contrib.auth import authenticate, login
from django.contrib.auth.views import RedirectURLMixin
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect
from django.shortcuts import render, resolve_url
from django.urls import reverse
from django.utils.translation import get_language_from_request
from django.utils.translation import gettext as _
from django.views.generic import TemplateView

from .authentication import get_certificate_information, get_user_for_certificate


# Create your views here.
class CertificateLoginView(RedirectURLMixin, TemplateView):
    template_name = "login.html"

    def get_default_redirect_url(self):
        """Return the default redirect URL."""
        if self.next_page:
            return resolve_url(self.next_page)
        else:
            return resolve_url(settings.LOGIN_REDIRECT_URL)

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        certificate = self.request.META.get("HTTP_X_SSL_CERT", None)

        certificate_information = get_certificate_information(
            encoded_certificate=certificate
        )

        context.update(
            {
                "certificate": certificate_information,
                "certificate_user": (
                    get_user_for_certificate(certificate_information)
                    if certificate
                    else None
                ),
            }
        )

        return context

    def post(self, *args, **kwargs):
        certificate = self.request.META.get("HTTP_X_SSL_CERT", None)

        certificate_information = get_certificate_information(
            encoded_certificate=certificate
        )

        user = authenticate(self.request, certificate=certificate_information)

        if not user:
            return HttpResponseForbidden(
                _("you have not sent a valid client certificate")
            )

        login(self.request, user)

        return HttpResponseRedirect(self.get_success_url())


def get_challenge_wiki_url(request):
    language = get_language_from_request(request)

    url_map = {
        "cz": "https://wiki.cacert.org/AssurerChallenge/CZ",
        "de": "https://wiki.cacert.org/AssurerChallenge/DE",
        "fr": "https://wiki.cacert.org/AssurerChallenge/fr",
        "nl": "https://wiki.cacert.org/AssurerChallenge/NL",
    }

    return url_map.get(language, "https://wiki.cacert.org/AssurerChallenge")


def home_page(request):
    return render(
        request,
        "home.html",
        context={"challenge_wiki_url": get_challenge_wiki_url(request)},
    )


def switch_language(request):
    if request.method != "POST":
        return HttpResponse(status=HTTPStatus.METHOD_NOT_ALLOWED)

    language = request.POST.get("choose_language", get_language_from_request(request))
    next_page = request.GET.get("next", reverse("home"))

    response = HttpResponseRedirect(next_page)
    response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language)

    return response
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`from http import HTTPStatus`

			`from django.conf import settings`
			`from django.contrib.auth import authenticate, login`
			`from django.contrib.auth.views import RedirectURLMixin`
			`from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect`
			`from django.shortcuts import render, resolve_url`
			`from django.urls import reverse`
			`from django.utils.translation import get_language_from_request`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00			`from django.utils.translation import gettext as _`
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`from django.views.generic import TemplateView`

			`from .authentication import get_certificate_information, get_user_for_certificate`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00
Add generated cats app - generated app by running python3 manage.py startapp cats - add cats to INSTALLED_APPS in django_cats/settings.py - generated model by running python3 manage.py inspectdb > cats/models.py - generated migration by running python3 manage.py makemigrations -n "models_created_by_inspectdb" cats 2024-09-17 15:39:46 +00:00
			`# Create your views here.`
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`class CertificateLoginView(RedirectURLMixin, TemplateView):`
			`template_name = "login.html"`

			`def get_default_redirect_url(self):`
			`"""Return the default redirect URL."""`
			`if self.next_page:`
			`return resolve_url(self.next_page)`
			`else:`
			`return resolve_url(settings.LOGIN_REDIRECT_URL)`

			`def get_context_data(self, **kwargs):`
			`context = super().get_context_data(**kwargs)`
			`certificate = self.request.META.get("HTTP_X_SSL_CERT", None)`

			`certificate_information = get_certificate_information(`
			`encoded_certificate=certificate`
			`)`

			`context.update(`
			`{`
			`"certificate": certificate_information,`
			`"certificate_user": (`
			`get_user_for_certificate(certificate_information)`
			`if certificate`
			`else None`
			`),`
			`}`
			`)`

			`return context`

			`def post(self, args, *kwargs):`
			`certificate = self.request.META.get("HTTP_X_SSL_CERT", None)`

			`certificate_information = get_certificate_information(`
			`encoded_certificate=certificate`
			`)`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`user = authenticate(self.request, certificate=certificate_information)`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`if not user:`
			`return HttpResponseForbidden(`
			`_("you have not sent a valid client certificate")`
			`)`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`login(self.request, user)`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`return HttpResponseRedirect(self.get_success_url())`


			`def get_challenge_wiki_url(request):`
			`language = get_language_from_request(request)`

			`url_map = {`
			`"cz": "https://wiki.cacert.org/AssurerChallenge/CZ",`
			`"de": "https://wiki.cacert.org/AssurerChallenge/DE",`
			`"fr": "https://wiki.cacert.org/AssurerChallenge/fr",`
			`"nl": "https://wiki.cacert.org/AssurerChallenge/NL",`
			`}`

			`return url_map.get(language, "https://wiki.cacert.org/AssurerChallenge")`
Implement client certificate authentication - add a cats.authentication.ClientCertificateBackend authentication backend implementation that extracts the used fields from a client certificate - configure the AUTHENTICATION_BACKENDS setting to use the ClientCertificateBackend - add cryptography dependency to parse certificate data - add gunicorn as production dependency - add a development configuration for Gunicorn - document how to pass client certificate information via nginx reverse proxy - add a certificate_login view and a basic home_page view and add corresponding URL patterns - ignore PEM encoded files and temporary gunicorn files 2024-09-20 10:42:37 +00:00

			`def home_page(request):`
Finish login and registration flow - add template for login page - add logout URL - display user information 2024-09-20 13:59:51 +00:00			`return render(`
			`request,`
			`"home.html",`
			`context={"challenge_wiki_url": get_challenge_wiki_url(request)},`
			`)`


			`def switch_language(request):`
			`if request.method != "POST":`
			`return HttpResponse(status=HTTPStatus.METHOD_NOT_ALLOWED)`

			`language = request.POST.get("choose_language", get_language_from_request(request))`
			`next_page = request.GET.get("next", reverse("home"))`

			`response = HttpResponseRedirect(next_page)`
			`response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language)`

			`return response`