mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-05-16 09:37:03 +02:00
Clean up loggers
This commit is contained in:
Rachid Mrad
parent
67d20a6296
commit
ef9a542dda
3 changed files with 7 additions and 30 deletions
|
|
@ -164,7 +164,6 @@ class Client(oic.Client):
|
||||||
logger.error(err)
|
logger.error(err)
|
||||||
logger.error("Unable to parse response for %s" % state)
|
logger.error("Unable to parse response for %s" % state)
|
||||||
raise o_e.AuthenticationFailed(locator=state)
|
raise o_e.AuthenticationFailed(locator=state)
|
||||||
logger.info(authn_response)
|
|
||||||
# ErrorResponse is not raised, it is passed back...
|
# ErrorResponse is not raised, it is passed back...
|
||||||
if isinstance(authn_response, ErrorResponse):
|
if isinstance(authn_response, ErrorResponse):
|
||||||
error = authn_response.get("error", "")
|
error = authn_response.get("error", "")
|
||||||
|
|
@ -209,7 +208,6 @@ class Client(oic.Client):
|
||||||
logger.error(err)
|
logger.error(err)
|
||||||
logger.error("Unable to request user info for %s" % state)
|
logger.error("Unable to request user info for %s" % state)
|
||||||
raise o_e.AuthenticationFailed(locator=state)
|
raise o_e.AuthenticationFailed(locator=state)
|
||||||
logger.info(info_response)
|
|
||||||
# ErrorResponse is not raised, it is passed back...
|
# ErrorResponse is not raised, it is passed back...
|
||||||
if isinstance(info_response, ErrorResponse):
|
if isinstance(info_response, ErrorResponse):
|
||||||
logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state))
|
logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state))
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ from djangooidc.oidc import Client
|
||||||
from djangooidc import exceptions as o_e
|
from djangooidc import exceptions as o_e
|
||||||
from registrar.models import User
|
from registrar.models import User
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
@ -69,14 +68,12 @@ def login_callback(request):
|
||||||
try:
|
try:
|
||||||
query = parse_qs(request.GET.urlencode())
|
query = parse_qs(request.GET.urlencode())
|
||||||
userinfo = CLIENT.callback(query, request.session)
|
userinfo = CLIENT.callback(query, request.session)
|
||||||
|
|
||||||
# test for need for identity verification and if it is satisfied
|
# test for need for identity verification and if it is satisfied
|
||||||
# if not satisfied, redirect user to login with stepped up acr_value
|
# if not satisfied, redirect user to login with stepped up acr_value
|
||||||
if requires_step_up_auth(userinfo):
|
if requires_step_up_auth(userinfo):
|
||||||
# add acr_value to request.session
|
# add acr_value to request.session
|
||||||
request.session["acr_value"] = CLIENT.get_step_up_acr_value()
|
request.session["acr_value"] = CLIENT.get_step_up_acr_value()
|
||||||
return CLIENT.create_authn_request(request.session)
|
return CLIENT.create_authn_request(request.session)
|
||||||
|
|
||||||
user = authenticate(request=request, **userinfo)
|
user = authenticate(request=request, **userinfo)
|
||||||
if user:
|
if user:
|
||||||
login(request, user)
|
login(request, user)
|
||||||
|
|
@ -99,7 +96,7 @@ def requires_step_up_auth(userinfo):
|
||||||
def logout(request, next_page=None):
|
def logout(request, next_page=None):
|
||||||
"""Redirect the user to the authentication provider (OP) logout page."""
|
"""Redirect the user to the authentication provider (OP) logout page."""
|
||||||
try:
|
try:
|
||||||
username = request.user.username
|
user = request.user
|
||||||
request_args = {
|
request_args = {
|
||||||
"client_id": CLIENT.client_id,
|
"client_id": CLIENT.client_id,
|
||||||
"state": request.session["state"],
|
"state": request.session["state"],
|
||||||
|
|
@ -111,7 +108,6 @@ def logout(request, next_page=None):
|
||||||
request_args.update(
|
request_args.update(
|
||||||
{"post_logout_redirect_uri": CLIENT.registration_response["post_logout_redirect_uris"][0]}
|
{"post_logout_redirect_uri": CLIENT.registration_response["post_logout_redirect_uris"][0]}
|
||||||
)
|
)
|
||||||
|
|
||||||
url = CLIENT.provider_info["end_session_endpoint"]
|
url = CLIENT.provider_info["end_session_endpoint"]
|
||||||
url += "?" + urlencode(request_args)
|
url += "?" + urlencode(request_args)
|
||||||
return HttpResponseRedirect(url)
|
return HttpResponseRedirect(url)
|
||||||
|
|
@ -121,7 +117,7 @@ def logout(request, next_page=None):
|
||||||
# Always remove Django session stuff - even if not logged out from OP.
|
# Always remove Django session stuff - even if not logged out from OP.
|
||||||
# Don't wait for the callback as it may never come.
|
# Don't wait for the callback as it may never come.
|
||||||
auth_logout(request)
|
auth_logout(request)
|
||||||
logger.info("Successfully logged out user %s" % username)
|
logger.info("Successfully logged out user %s" % user)
|
||||||
next_page = getattr(settings, "LOGOUT_REDIRECT_URL", None)
|
next_page = getattr(settings, "LOGOUT_REDIRECT_URL", None)
|
||||||
if next_page:
|
if next_page:
|
||||||
request.session["next"] = next_page
|
request.session["next"] = next_page
|
||||||
|
|
|
||||||
|
|
@ -69,39 +69,22 @@ class User(AbstractUser):
|
||||||
@classmethod
|
@classmethod
|
||||||
def needs_identity_verification(cls, email, uuid):
|
def needs_identity_verification(cls, email, uuid):
|
||||||
|
|
||||||
logger.info('needs_identity_verification')
|
# An existing user who is a domain manager of a domain (that is, they have an entry in UserDomainRole for their User)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
||||||
existing_user = cls.objects.get(username=uuid)
|
existing_user = cls.objects.get(username=uuid)
|
||||||
|
|
||||||
# An existing user who is a domain manager of a domain (that is, they have an entry in UserDomainRole for their User)
|
|
||||||
if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
|
if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
|
||||||
|
|
||||||
logger.info(f'Existing user email {existing_user.email}')
|
|
||||||
logger.info(f'User doman role email {UserDomainRole.objects.filter(user=existing_user).first().user.email}')
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# logger.info(f'UserDomainRole.objects.filter(user=existing_user).exists() {UserDomainRole.objects.filter(user=existing_user).exists()}')
|
|
||||||
logger.info('got past the existing_user get')
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# A new incoming user who is a domain manager for one of the domains that we inputted from Verisign (that is, their email address appears in the username field of a TransitionDomain)
|
# A new incoming user who is a domain manager for one of the domains that we inputted from Verisign (that is, their email address appears in the username field of a TransitionDomain)
|
||||||
if TransitionDomain.objects.filter(username=email).exists():
|
if TransitionDomain.objects.filter(username=email).exists():
|
||||||
logger.info('Transition user')
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# A new incoming user who is being invited to be a domain manager (that is, their email address is in DomainInvitation for an invitation that is not yet "retrieved").
|
# A new incoming user who is being invited to be a domain manager (that is, their email address is in DomainInvitation for an invitation that is not yet "retrieved").
|
||||||
if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED):
|
if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED):
|
||||||
logger.info('Invited user')
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
logger.info('needs_identity_verification is TRUE')
|
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def check_domain_invitations_on_login(self):
|
def check_domain_invitations_on_login(self):
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue