Views
Views of the django_helmholtz_aai app to be imported via the url config (see
django_helmholtz_aai.urls
). We define two views here: The
HelmholtzLoginView
that redirects to the Helmholtz AAI, and the
HelmholtzAuthentificationView
that handles the user login after
successful login at the Helmholtz AAI.
Classes:
|
Authentification view for the Helmholtz AAI. |
|
A login view for the Helmholtz AAI that forwards to the OAuth login. |
- class django_helmholtz_aai.views.HelmholtzAuthentificationView(**kwargs)
Bases:
django.contrib.auth.mixins.PermissionRequiredMixin
,django.views.generic.base.View
Authentification view for the Helmholtz AAI.
Classes:
PermissionDeniedReasons
(value)Reasons why permissions are denied to login.
Attributes:
True if the Helmholtz AAI user has never logged in before.
Message templates that explain why a user is not allowed to login.
The reason why the user cannot login.
The userinfo as obtained from the Helmholtz AAI.
Methods:
create_user
(userinfo)Create a Django user for a Helmholtz AAI User.
get
(request)Login the Helmholtz AAI user and update the data.
Get the permission denied message for a specific reason.
Handle the response if the permission has been denied.
Check if the user has permission to login.
login_user
(user)Login the Helmholtz AAI user to the Django Application.
Synchronize the memberships in the virtual organizations.
Update the user from the userinfo provided by the Helmholtz AAI.
- class PermissionDeniedReasons(value)
-
Reasons why permissions are denied to login.
Attributes:
the email changed and is already taken on the website
the user is new and the email already exists
the email has not yet been verified
the user is new and user creation is disabled by
HELMHOLTZ_CREATE_USERS
the virtual organization is not part of
HELMHOLTZ_ALLOWED_VOS_REGEXP
- email_changed_and_taken = 'email_changed_and_taken'
the email changed and is already taken on the website
- email_exists = 'email_exists'
the user is new and the email already exists
- email_not_verified = 'email_not_verified'
the email has not yet been verified
- new_user = 'new_user'
the user is new and user creation is disabled by
HELMHOLTZ_CREATE_USERS
- vo_not_allowed = 'vo_not_allowed'
the virtual organization is not part of
HELMHOLTZ_ALLOWED_VOS_REGEXP
- aai_user: models.HelmholtzUser
- create_user(userinfo: Dict[str, Any]) django_helmholtz_aai.models.HelmholtzUser
Create a Django user for a Helmholtz AAI User.
This method uses the
create_aai_user()
to create a new user.Notes
Emits the
aai_user_created
signal
- get(request)
Login the Helmholtz AAI user and update the data.
This method logs in the aai user (or creates one if it does not exist already). Afterwards we update the user info from the information on the Helmholtz AAI using the
update_user()
andsynchronize_vos()
methods.
- get_permission_denied_message()
Get the permission denied message for a specific reason.
This method is called by the super-classes
handle_no_permission()
method.
- handle_no_permission()
Handle the response if the permission has been denied.
This reimplemented method adds the
permission_denied_message
to the messages of the request using djangos messaging framework.
- has_permission() bool
Check if the user has permission to login.
This method checks, if the user belongs to the specified
HELMHOLTZ_ALLOWED_VOS
and verifies that the email does not exist (if this is desired, seeHELMHOLTZ_EMAIL_DUPLICATES_ALLOWED
setting).
- is_new_user
True if the Helmholtz AAI user has never logged in before.
- login_user(user: django_helmholtz_aai.models.HelmholtzUser)
Login the Helmholtz AAI user to the Django Application.
Login is done via the top-level
django_helmholtz_aai.login()
function.Notes
Emits the
aai_user_logged_in
signal
- permission_denied_message_templates: dict[PermissionDeniedReasons, str] = {PermissionDeniedReasons.email_changed_and_taken: 'You email in the Helmholtz AAI changed to {email}. A user with this email already exists and on this website. Please contact the website administrators.', PermissionDeniedReasons.email_exists: 'A user with the email {email} already exists.', PermissionDeniedReasons.email_not_verified: 'Your email has not been verified.', PermissionDeniedReasons.new_user: 'Your email {email} does not yet have a user account on this website and the account creation is disabled. Please sign up or contact the website administrators.', PermissionDeniedReasons.vo_not_allowed: 'Your virtual organizations are not allowed to log into this website.'}
Message templates that explain why a user is not allowed to login.
via the Helmholtz AAI. Use in the
get_permission_denied_message()
method.
- permission_denied_reason: PermissionDeniedReasons
The reason why the user cannot login.
This attribute is set via the
has_permission()
method
- synchronize_vos()
Synchronize the memberships in the virtual organizations.
This method checks the
eduperson_entitlement
of the AAI userinfo andcreates the missing virtual organizations
removes the user from virtual organizations that he or she does not belong to anymore
adds the user to the virtual organizations that are new.
Notes
As we remove users from virtual organizations, this might end up in a lot of VOs without any users. One can remove these VOs via:
python manage.py remove_empty_vos
Notes
Emits the
aai_vo_created
,aai_vo_entered
andaai_vo_left
signals.
- update_user()
Update the user from the userinfo provided by the Helmholtz AAI.
Notes
Emits the
aai_user_updated
signal
- class django_helmholtz_aai.views.HelmholtzLoginView(**kwargs)
Bases:
django.contrib.auth.views.LoginView
A login view for the Helmholtz AAI that forwards to the OAuth login.
Methods:
get
(request)Get the redirect URL to the Helmholtz AAI.
post
(request)Reimplemented post method to call
get()
.- get(request)
Get the redirect URL to the Helmholtz AAI.