{scrollbar}

h1. Part 6 : Authentication
----
{cagridroundpanel}
{pre:class=cagridheaderfont}Table of Contents{pre}
{toc:outline=false|exclude=Part 6 : Authentication|style=bullets}
{cagridroundpanel}

h3. Step 1: Set up the templates

# In your project make a new folder mytemplates
# In the mytemplates folder, make another folder thewebapp
# Open *GridClient/settings.py*
# Edit TEMPLATE_DIRS to contain the absolute path of your template folder
{code}TEMPLATE_DIRS = (
"/Users/sababokhari/Documents/workspace/GridClient/mytemplates"
){code}
# Save the file
h3. Step 2: Construct the Login template

# In *mytemplates/thewebapp* , make the template file login.html
# Insert the following into login.html
{code:html}

<form action="/login/" method="get">

<br><br>
Username: <input type="text" name="username" />
<br><br>
Password: <input type="password" name="password" />
<br><br>
<input type="submit" value="Submit" />
</form>
{% endif %}
<a href="/index/">Back to the Index</a><br>
{code}
# Save the file

*Brief Explanation*
The above is a mix of Django template language and html
# Variables are covered with double braces
{code:html}{{the_username}}{code}
# You can test if a variable was passed to the page in if statements
{code:html}{% if the_username %}{code}
# You can iterate over list-like objects
{code:html}{% for aidp in idps %}{code}
# You can use some of methods associated with the objects
{code:html}{{aidp.getAuthenticationServiceURL}}{code}

h3. Step 3: Make the login methods

* Open *GridClient/views.py*
* Add imports, don't worry if eclipse complains about the imports
{code}
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.http import HttpResponseRedirect
from GridClient.thewebapp.models import user

from java.lang import String
from java.io import ByteArrayInputStream, ByteArrayOutputStream

from org.globus.gsi import GlobusCredential
from org.apache.axis import AxisFault

from org.cagrid.gaards.authentication.client import AuthenticationClient
from org.cagrid.gaards.authentication import BasicAuthentication
from org.cagrid.gaards.dorian.federation import CertificateLifetime

from org.cagrid.gaards.dorian.client import GridUserClient
{code}
* Add public variables
After
{code}
#load client.properties into props
if(props==None):props=readProperties()

#start a thread to sync with the trust fabric
thread.start_new_thread(syncTrust, ())
{code}
Add
{code}
#make a dorianClient with the dorian url
dorianClient = GridUserClient(props.getProperty(DEFAULT_DORIAN_SERVICE_URL_PROP))
#get the trusted idps
idps=dorianClient.getTrustedIdentityProviders()
{code}
* Add the logged_in method, if a user is logged in, it returns the username
{code}
#check if a user is logged in
def logged_in(request):
#look at the user_cred session object and check how much time is left
if 'user_cred' in request.session:
baos=String(request.session['user_cred'])
bais=ByteArrayInputStream(baos.getBytes())
cred=GlobusCredential(bais)
#if it's valid, return the username,
if(cred.getTimeLeft()>0):
return request.session["user_name"]
#else return None
return None{code}
*Brief Explaination*
We're going to use Django session objects to keep track of users.
** The user_name object contains the username, the user_cred object contains the users Globus Credential.
** Django session objects can only store strings (or objects that are easily pickleable/serializable)
*** So when setting the user_cred session variable we first convert the Globus Credential to a String and then store it.
*** In the above method we convert the String back into a Globus Credential.
* implement logout method, it this method we just delete all the user's session objects and redirect to the login page
{code}
# to logout, delete all user related session objects and redirect to login page
def logout(request):
del request.session['user_name']
del request.session['user_cred']
del request.session['user_id']
return HttpResponseRedirect("/login/")
{code}
* Add the login method. If the user hasn't logged in yet or the credentials has expired, the page will ask the user to log in.
{code}
#show the login page
def login(request):
#checked if already logged in
name=logged_in(request)
#if you are logged in, show the login page with the username
if (name!=None):return render_to_response('thewebapp/login.html',
{'the_username':request.session['user_name'],},
context_instance=RequestContext(request))
#get the username if given
if "username" in request.GET:
try:
#get username and password
username1=request.GET['username']
password=request.GET['password']
#get the authurl and the authClient
URL=String(request.GET['idpurl'])
authClient=AuthenticationClient(URL)
#go through the process of logging in
auth=BasicAuthentication()
auth.setUserId(username1)
auth.setPassword(password)

saml=authClient.authenticate(auth)

lifetime=CertificateLifetime()
lifetime.setHours(12)

cred=dorianClient.requestUserCertificate(saml,lifetime)

#save credential and username as session objects
baos=ByteArrayOutputStream()
cred.save(baos)
request.session['user_cred']=baos.toString()
request.session['user_name']=username1

except AxisFault,e:
request.session['error_m']=e.toString()
return HttpResponseRedirect("/badlogin/")
else:
#get the login id from the database if returning user
all_users=user.objects.all()
for auser in all_users:
if (auser.username==username1) and (String(auser.authurl)==URL):
request.session["user_id"]=auser.id
return HttpResponseRedirect("/index/")
#else store the new user and get the login id
u=user(username=username1,authurl=URL)
u.save()
request.session["user_id"]=u.id
return HttpResponseRedirect("/index/")

else:
#if no username given, show login page
return render_to_response('thewebapp/login.html',
{'idps':idps,},
context_instance=RequestContext(request))
{code}
* Add the badlogin method
{code}
#if login was unsucessful, show login page with an error_message
def badlogin(request):
return render_to_response('thewebapp/login.html',
{'error_message': request.session['error_m'],
'idps':idps,},
context_instance=RequestContext(request))
{code}
* Save the file
h3. Step 4: Set up the login URLs

# Open *GridClient/urls.py*
# Add the login URLs and associate it with the correct methods in views.py
{code}
urlpatterns = patterns('',
(r'^index/$', 'thewebapp.views.index'),
(r'^login/$', 'thewebapp.views.login'),
(r'^logout/$', 'thewebapp.views.logout'),
(r'^badlogin/$', 'thewebapp.views.badlogin'),
)
{code}
# Save the file

h3. Step 5: Test the Login page
# Go to http://localhost:8000/login/
{gallery:include=Screen shot 2011-11-09 at 9.34.28 PM.png}
# Give your credentials and click submit
## If your credentials were correct you'll be redirected to the index page
## Otherwise you'll be redirected to the badlogin page
{gallery:include=Screen shot 2011-11-09 at 9.37.44 PM.png}
# If you successfully logged in, go back to http://localhost:8000/login/
{gallery:include=Screen shot 2011-11-09 at 9.39.35 PM.png}

{scrollbar}