Views
Views of the django_helmholtz_aai app to be imported via the url config (see
django_helmholtz_aai.urls
). We define two views here: The
HelmholtzLoginView
that redirects to the Helmholtz AAI, and the
HelmholtzAuthentificationView
that handles the user login after
successful login at the Helmholtz AAI.
Classes:
|
Authentification view for the Helmholtz AAI. |
|
A login view for the Helmholtz AAI that forwards to the OAuth login. |
- class django_helmholtz_aai.views.HelmholtzAuthentificationView(**kwargs)
Bases:
PermissionRequiredMixin
,View
Authentification view for the Helmholtz AAI.
Classes:
PermissionDeniedReasons
(value)Reasons why permissions are denied to login.
Attributes:
Message templates that explain why a user is not allowed to login.
The reason why the user cannot login.
The userinfo as obtained from the Helmholtz AAI.
Methods:
apply_updates
(to_update)Apply the update to the user and send the signal.
create_user
(userinfo)Create a Django user for a Helmholtz AAI User.
create_vo
(vo_name)Create a new VO with the given name.
get
(request)Login the Helmholtz AAI user and update the data.
Get the permission denied message for a specific reason.
Return the URL to redirect to after processing a valid form.
get_user_from_email
(email)Get a user from the email
Handle the response if the permission has been denied.
Check if the user has permission to login.
join_vo
(vo)Join the given VO.
leave_vo
(vo)Leave the given VO.
login_user
(user)Login the Helmholtz AAI user to the Django Application.
Synchronize the memberships in the virtual organizations.
Update the user from the userinfo provided by the Helmholtz AAI.
- class PermissionDeniedReasons(value)
-
Reasons why permissions are denied to login.
Attributes:
the user is new and user creation is disabled by
the virtual organization is not part of
- cannot_find_user = 'cannot_find_user'
- email_changed_and_taken = 'email_changed_and_taken'
- email_exists = 'email_exists'
- email_not_verified = 'email_not_verified'
- new_user = 'new_user'
the user is new and user creation is disabled by
- vo_not_allowed = 'vo_not_allowed'
the virtual organization is not part of
- aai_user: models.HelmholtzUser
- create_user(userinfo: Dict[str, Any]) HelmholtzUser
Create a Django user for a Helmholtz AAI User.
This method uses the
create_aai_user()
to create a new user.Notes
Emits the
aai_user_created
signal
- create_vo(vo_name: str) HelmholtzVirtualOrganization
Create a new VO with the given name.
- get(request)
Login the Helmholtz AAI user and update the data.
This method logs in the aai user (or creates one if it does not exist already). Afterwards we update the user info from the information on the Helmholtz AAI using the
update_user()
andsynchronize_vos()
methods.
- get_permission_denied_message()
Get the permission denied message for a specific reason.
This method is called by the super-classes
handle_no_permission()
method.
- handle_no_permission()
Handle the response if the permission has been denied.
This reimplemented method adds the
permission_denied_message
to the messages of the request using djangos messaging framework.
- has_permission() bool
Check if the user has permission to login.
This method checks, if the user belongs to the specified
HELMHOLTZ_ALLOWED_VOS
and verifies that the email does not exist (if this is desired, seeHELMHOLTZ_EMAIL_DUPLICATES_ALLOWED
setting).
- is_new_user
- join_vo(vo: HelmholtzVirtualOrganization)
Join the given VO.
- leave_vo(vo: HelmholtzVirtualOrganization)
Leave the given VO.
- login_user(user: HelmholtzUser)
Login the Helmholtz AAI user to the Django Application.
Login is done via the top-level
django_helmholtz_aai.login()
function.Notes
Emits the
aai_user_logged_in
signal
- permission_denied_message_templates: dict[PermissionDeniedReasons, str] = {PermissionDeniedReasons.cannot_find_user: 'A user with the email {email} is not available on this website and the account creation is disabled. Please sign up or contact the website administrators.', PermissionDeniedReasons.email_changed_and_taken: 'You email in the Helmholtz AAI changed to {email}. A user with this email already exists and on this website. Please contact the website administrators.', PermissionDeniedReasons.email_exists: 'A user with the email {email} already exists.', PermissionDeniedReasons.email_not_verified: 'Your email has not been verified.', PermissionDeniedReasons.new_user: 'Your email {email} does not yet have a user account on this website and the account creation is disabled. Please sign up or contact the website administrators.', PermissionDeniedReasons.vo_not_allowed: 'Your virtual organizations are not allowed to log into this website.'}
Message templates that explain why a user is not allowed to login.
via the Helmholtz AAI. Use in the
get_permission_denied_message()
- permission_denied_reason: PermissionDeniedReasons
The reason why the user cannot login.
- synchronize_vos()
Synchronize the memberships in the virtual organizations.
This method checks the
eduperson_entitlement
of the AAI userinfo andcreates the missing virtual organizations
removes the user from virtual organizations that he or she does not belong to anymore
adds the user to the virtual organizations that are new.
Notes
As we remove users from virtual organizations, this might end up in a lot of VOs without any users. One can remove these VOs via:
python manage.py remove_empty_vos
Notes
Emits the
aai_vo_created
,aai_vo_entered
andaai_vo_left
signals.
- update_user()
Update the user from the userinfo provided by the Helmholtz AAI.
Notes
Emits the
aai_user_updated
signal
- class django_helmholtz_aai.views.HelmholtzLoginView(**kwargs)
Bases:
LoginView
A login view for the Helmholtz AAI that forwards to the OAuth login.
Methods:
get
(request)Get the redirect URL to the Helmholtz AAI.
post
(request)Reimplemented post method to call
get()
.- get(request)
Get the redirect URL to the Helmholtz AAI.