from django.views.decorators.clickjacking import xframe_options_exempt from django.http.response import HttpResponseRedirect, Http404 from django.core.urlresolvers import reverse from django.shortcuts import get_object_or_404, render from adim.models.annotables import AnObj from adim.permissions import get_permission_class from rest_framework.authtoken.models import Token from .decorators import attp_login @attp_login(persist=True) @xframe_options_exempt def login(request): """ Log a user in based on the attp_message given in parameters Persist the login info in session :param request: :param attp_msg64: :param attp_hash: :return: """ if request.user.is_anonymous: raise Http404() token, _ = Token.objects.get_or_create(user=request.user) return render(request, "adim_ttp/logged.html", context={'token': token}) @attp_login(persist=True) def validate(request): """ This view is called by the TTP, containing a valid attp_message. It is responsible for persisting the attp_message and redirect to the final AnObj :param request: :return: """ if not hasattr(request, 'attp_message'): # TODO: lof some message for missing attp_message raise Http404() attp_anobj = request.attp_message.get('anobj', {}) anobj = get_object_or_404(AnObj, uuid=attp_anobj.get('id')) permission = get_permission_class(anobj.sharing_mode) if permission is None or not permission.ttp: return HttpResponseRedirect("adim_app:home") permission.set_attp_status(request, anobj, attp_anobj.get('status', 'denied')) # session_key = "anobj_{}".format(anobj.uuid[:12]) # request.session[session_key] = attp_anobj.get('status') return HttpResponseRedirect(reverse("adim_app:annotate", kwargs={'anobj_uuid': attp_anobj.get('id')}))