django_helmholtz_aai.views package

Views

Views of the django_helmholtz_aai app to be imported via the url config (see django_helmholtz_aai.urls). We define two views here: The HelmholtzLoginView that redirects to the Helmholtz AAI, and the HelmholtzAuthentificationView that handles the user login after successful login at the Helmholtz AAI.

Classes:

HelmholtzAuthentificationView(**kwargs)	DEPRECATED VIEW.
HelmholtzLoginView(**kwargs)	A login view for the Helmholtz AAI that forwards to the OAuth login.

class django_helmholtz_aai.views.HelmholtzAuthentificationView(**kwargs)

Bases: PermissionRequiredMixin, View

DEPRECATED VIEW.

Classes:

PermissionDeniedReasons(value)

Reasons why permissions are denied to login.

Attributes:

aai_user
is_new_user
permission_denied_message_templates	Message templates that explain why a user is not allowed to login.
permission_denied_reason	The reason why the user cannot login.
userinfo	The userinfo as obtained from the Helmholtz AAI.

Methods:

apply_updates(to_update)	Apply the update to the user and send the signal.
as_view(*args, **kwargs)	Main entry point for a request-response process.
create_user(userinfo)	Create a Django user for a Helmholtz AAI User.
create_vo(vo_name)	Create a new VO with the given name.
get(request)	Login the Helmholtz AAI user and update the data.
get_permission_denied_message()	Get the permission denied message for a specific reason.
get_success_url()	Return the URL to redirect to after processing a valid form.
get_user_from_email(email)	Get a user from the email
handle_no_permission()	Handle the response if the permission has been denied.
has_permission()	Check if the user has permission to login.
join_vo(vo)	Join the given VO.
leave_vo(vo)	Leave the given VO.
login_user(user)	Login the Helmholtz AAI user to the Django Application.
synchronize_vos()	Synchronize the memberships in the virtual organizations.
update_user()	Update the user from the userinfo provided by the Helmholtz AAI.

class PermissionDeniedReasons(value)

Bases: str, Enum

Reasons why permissions are denied to login.

Attributes:

cannot_find_user
email_changed_and_taken
email_exists
email_not_verified
new_user	the user is new and user creation is disabled by
vo_not_allowed	the virtual organization is not part of

cannot_find_user = 'cannot_find_user'

email_changed_and_taken = 'email_changed_and_taken'

email_exists = 'email_exists'

email_not_verified = 'email_not_verified'

new_user = 'new_user'

the user is new and user creation is disabled by

vo_not_allowed = 'vo_not_allowed'

the virtual organization is not part of

aai_user: models.HelmholtzUser

apply_updates(to_update: Dict)

Apply the update to the user and send the signal.

classmethod as_view(*args, **kwargs)

Main entry point for a request-response process.

create_user(userinfo: Dict[str, Any]) → HelmholtzUser

Create a Django user for a Helmholtz AAI User.

This method uses the create_aai_user() to create a new user.

Notes

Emits the aai_user_created signal

create_vo(vo_name: str) → HelmholtzVirtualOrganization

Create a new VO with the given name.

get(request)

Login the Helmholtz AAI user and update the data.

This method logs in the aai user (or creates one if it does not exist already). Afterwards we update the user info from the information on the Helmholtz AAI using the update_user() and synchronize_vos() methods.

get_permission_denied_message()

Get the permission denied message for a specific reason.

This method is called by the super-classes handle_no_permission() method.

get_success_url() → str

Return the URL to redirect to after processing a valid form.

get_user_from_email(email: str) → User | None

Get a user from the email

handle_no_permission()

Handle the response if the permission has been denied.

This reimplemented method adds the permission_denied_message to the messages of the request using djangos messaging framework.

has_permission() → bool

Check if the user has permission to login.

This method checks, if the user belongs to the specified HELMHOLTZ_ALLOWED_VOS and verifies that the email does not exist (if this is desired, see HELMHOLTZ_EMAIL_DUPLICATES_ALLOWED setting).

is_new_user

join_vo(vo: HelmholtzVirtualOrganization)

Join the given VO.

leave_vo(vo: HelmholtzVirtualOrganization)

Leave the given VO.

login_user(user: HelmholtzUser)

Login the Helmholtz AAI user to the Django Application.

Login is done via the top-level django_helmholtz_aai.login() function.

Notes

Emits the aai_user_logged_in signal

permission_denied_message_templates: dict[PermissionDeniedReasons, str] = {PermissionDeniedReasons.cannot_find_user: 'A user with the email {email} is not available on this website and the account creation is disabled. Please sign up or contact the website administrators.', PermissionDeniedReasons.email_changed_and_taken: 'You email in the Helmholtz AAI changed to {email}. A user with this email already exists and on this website. Please contact the website administrators.', PermissionDeniedReasons.email_exists: 'A user with the email {email} already exists.', PermissionDeniedReasons.email_not_verified: 'Your email has not been verified.', PermissionDeniedReasons.new_user: 'Your email {email} does not yet have a user account on this website and the account creation is disabled. Please sign up or contact the website administrators.', PermissionDeniedReasons.vo_not_allowed: 'Your virtual organizations are not allowed to log into this website.'}

Message templates that explain why a user is not allowed to login.

via the Helmholtz AAI. Use in the get_permission_denied_message()

permission_denied_reason: PermissionDeniedReasons

The reason why the user cannot login.

synchronize_vos()

Synchronize the memberships in the virtual organizations.

This method checks the eduperson_entitlement of the AAI userinfo and

1. creates the missing virtual organizations

2. removes the user from virtual organizations that he or she does not belong to anymore

3. adds the user to the virtual organizations that are new.

Notes

As we remove users from virtual organizations, this might end up in a lot of VOs without any users. One can remove these VOs via:

python manage.py remove_empty_vos

Notes

Emits the aai_vo_created, aai_vo_entered and aai_vo_left signals.

update_user()

Update the user from the userinfo provided by the Helmholtz AAI.

Notes

Emits the aai_user_updated signal

userinfo

The userinfo as obtained from the Helmholtz AAI.

The attributes of this dictionary are determined by the Django Helmholtz AAI [1]_

References

class django_helmholtz_aai.views.HelmholtzLoginView(**kwargs)

Bases: LoginView

A login view for the Helmholtz AAI that forwards to the OAuth login.

Methods:

get(request)	Get the redirect URL to the Helmholtz AAI.
post(request)	Reimplemented post method to call get().

get(request)

Get the redirect URL to the Helmholtz AAI.

post(request)

Reimplemented post method to call get().

Subpackages

• django_helmholtz_aai.views.auth package
  • Authentication viewsets
  • Submodules
    • Base viewset for authentication
    • AuthenticationViewsetRegistry
      • AuthenticationViewsetRegistry.__init__()
      • AuthenticationViewsetRegistry.get_default_viewset()
      • AuthenticationViewsetRegistry.get_viewset()
      • AuthenticationViewsetRegistry.register_viewset()
      • AuthenticationViewsetRegistry.unregister_viewset()
      • AuthenticationViewsetRegistry.viewsets
    • AuthentificationViewsetBase
      • AuthentificationViewsetBase.AuthentificationView
      • AuthentificationViewsetBase.get_urls()
    • create_new Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • create_new_map_existing_duplicate_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • create_new_map_existing_no_duplicated_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • create_new_map_existing_remap_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • create_new_no_map_duplicate_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • create_new_no_map_no_duplicated_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • User linking views
    • LinkingUserViewsetMixin
      • LinkingUserViewsetMixin.UserLinkingConfirmView
      • LinkingUserViewsetMixin.UserLinkingDoneView
      • LinkingUserViewsetMixin.UserLinkingView
      • LinkingUserViewsetMixin.get_urls()
    • UserLinkingContextMixin
      • UserLinkingContextMixin.extra_context
      • UserLinkingContextMixin.get_context_data()
      • UserLinkingContextMixin.get_user()
    • manual_new_map_existing_no_duplicated_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
      • AuthentificationViewset.UserLinkingView
    • Authentication class mixins
    • CheckEmailMixin
      • CheckEmailMixin.PermissionDeniedReasons
      • CheckEmailMixin.email_exists()
    • CreateUserMixin
      • CreateUserMixin.create_user()
      • CreateUserMixin.get_or_create_user()
      • CreateUserMixin.request
      • CreateUserMixin.userinfo
    • LoginUserMixin
      • LoginUserMixin.disable_user
      • LoginUserMixin.get_success_url()
      • LoginUserMixin.login_user()
      • LoginUserMixin.request
      • LoginUserMixin.userinfo
    • MapUserMixin
      • MapUserMixin.get_user_from_email()
      • MapUserMixin.map_user()
      • MapUserMixin.userinfo
    • NoUserExistsMixin
      • NoUserExistsMixin.PermissionDeniedReasons
      • NoUserExistsMixin.user_exists()
    • PermissionDeniedReasonsClass
    • PermissionRequiredReasoningMixin
      • PermissionRequiredReasoningMixin.PermissionDeniedReasons
      • PermissionRequiredReasoningMixin.get_permission_denied_message()
      • PermissionRequiredReasoningMixin.handle_no_permission()
      • PermissionRequiredReasoningMixin.permission_denied_reason
      • PermissionRequiredReasoningMixin.request
      • PermissionRequiredReasoningMixin.userinfo
    • UpdateUserMixin
      • UpdateUserMixin.aai_user
      • UpdateUserMixin.apply_updates()
      • UpdateUserMixin.create_vo()
      • UpdateUserMixin.join_vo()
      • UpdateUserMixin.leave_vo()
      • UpdateUserMixin.request
      • UpdateUserMixin.synchronize_vos()
      • UpdateUserMixin.update_user()
      • UpdateUserMixin.userinfo
    • no_new Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • no_new_map_existing_no_duplicated_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • no_new_map_existing_remap_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView
    • no_new_no_map_duplicate_helmholtz Strategy
    • AuthentificationViewset
      • AuthentificationViewset.AuthentificationView