Merge branch 'master' into feature-gitlabheader

circle/circle/settings/base.py

@@ -450,7 +450,7 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
     )
     AUTHENTICATION_BACKENDS = (
         'django.contrib.auth.backends.ModelBackend',
-        'djangosaml2.backends.Saml2Backend',
+        'common.backends.Saml2Backend',
     )
 
     remote_metadata = join(SITE_ROOT, 'remote_metadata.xml')
@@ -528,6 +528,10 @@ except:
 LOCALE_PATHS = (join(SITE_ROOT, 'locale'), )
 COMPANY_NAME = get_env_variable("COMPANY_NAME", "BME IK 2015")
 
+first, last = get_env_variable(
+    'VNC_PORT_RANGE', '20000, 65536').replace(' ', '').split(',')
+VNC_PORT_RANGE = (int(first), int(last))  # inclusive start, exclusive end
+
 graphite_host = environ.get("GRAPHITE_HOST", None)
 graphite_port = environ.get("GRAPHITE_PORT", None)
 if graphite_host and graphite_port:

circle/circle/urls.py

@@ -88,3 +88,4 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
     )
 
 handler500 = 'common.views.handler500'
+handler403 = 'common.views.handler403'

circle/common/backends.py

+# -*- coding: utf-8 -*-
+# Copyright 2014 Budapest University of Technology and Economics (BME IK)
+#
+# This file is part of CIRCLE Cloud.
+#
+# CIRCLE is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along
+# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+
+from djangosaml2.backends import Saml2Backend as Saml2BackendBase
+
+
+class Saml2Backend(Saml2BackendBase):
+    u"""
+    >>> b = Saml2Backend()
+    >>> b.clean_user_main_attribute(u'Ékezetes Enikő')
+    u'+00c9kezetes+0020Enik+0151'
+    >>> b.clean_user_main_attribute(u'Cé++')
+    u'C+00e9+002b+002b'
+    >>> b.clean_user_main_attribute(u'test')
+    u'test'
+    >>> b.clean_user_main_attribute(u'3+4')
+    u'3+002b4'
+    """
+    def clean_user_main_attribute(self, main_attribute):
+        def replace(match):
+            match = match.group()
+            return '+%04x' % ord(match)
+
+        if isinstance(main_attribute, str):
+            main_attribute = main_attribute.decode('UTF-8')
+        assert isinstance(main_attribute, unicode)
+        return re.sub(r'[^\w.@-]', replace, main_attribute)
+
+    def _set_attribute(self, obj, attr, value):
+        if attr == 'username':
+            value = self.clean_user_main_attribute(value)
+        return super(Saml2Backend, self)._set_attribute(obj, attr, value)

circle/common/operations.py

@@ -170,8 +170,8 @@ class Operation(object):
             raise ImproperlyConfigured(
                 "Set required_perms to () if none needed.")
         if not user.has_perms(cls.required_perms):
-            raise PermissionDenied("%s doesn't have the required permissions."
-                                   % user)
+            raise PermissionDenied(
+                u"%s doesn't have the required permissions." % user)
         if cls.superuser_required and not user.is_superuser:
             raise humanize_exception(ugettext_noop(
                 "Superuser privileges are required."), PermissionDenied())

circle/common/views.py

@@ -19,32 +19,42 @@ from sys import exc_info
 
 import logging
 
-from django.template import RequestContext
 from django.shortcuts import render_to_response
+from django.template import RequestContext
 
 from .models import HumanReadableException
 
 logger = logging.getLogger(__name__)
 
 
-def handler500(request):
-    cls, exception, traceback = exc_info()
-    logger.exception("unhandled exception")
+def get_context(request, exception):
     ctx = {}
-    if isinstance(exception, HumanReadableException):
+    if issubclass(exception.__class__, HumanReadableException):
         try:
-            ctx['error'] = exception.get_user_text()
+            if request.user.is_superuser:
+                ctx['error'] = exception.get_admin_text()
+            else:
+                ctx['error'] = exception.get_user_text()
         except:
             pass
-        else:
-            try:
-                if request.user.is_superuser():
-                    ctx['error'] = exception.get_admin_text()
-            except:
-                pass
+    return ctx
+
+
+def handler500(request):
+    cls, exception, traceback = exc_info()
+    logger.exception("unhandled exception")
+    ctx = get_context(request, exception)
     try:
         resp = render_to_response("500.html", ctx, RequestContext(request))
     except:
         resp = render_to_response("500.html", ctx)
     resp.status_code = 500
     return resp
+
+
+def handler403(request):
+    cls, exception, traceback = exc_info()
+    ctx = get_context(request, exception)
+    resp = render_to_response("403.html", ctx)
+    resp.status_code = 403
+    return resp

circle/dashboard/models.py

@@ -309,7 +309,7 @@ if hasattr(settings, 'SAML_ORG_ID_ATTRIBUTE'):
         attributes = kwargs.pop('attributes')
         atr = settings.SAML_ORG_ID_ATTRIBUTE
         try:
-            value = attributes[atr][0]
+            value = attributes[atr][0].upper()
         except Exception as e:
             value = None
             logger.info("save_org_id couldn't find attribute. %s", unicode(e))
@@ -339,7 +339,7 @@ if hasattr(settings, 'SAML_ORG_ID_ATTRIBUTE'):
                              group, unicode(g))
                 g.user_set.add(sender)
 
-        for i in FutureMember.objects.filter(org_id=value):
+        for i in FutureMember.objects.filter(org_id__iexact=value):
             i.group.user_set.add(sender)
             i.delete()
 

circle/dashboard/templates/dashboard/_vm-renew.html

@@ -8,11 +8,13 @@
   <a class="btn btn-default" href="{{object.get_absolute_url}}" data-dismiss="modal">
     {% trans "Cancel" %}
   </a>
+  {% if lease_types %}
   <a class="btn btn-primary" id="vm-renew-request-lease-button"
    href="{% url "request.views.request-lease" vm_pk=object.pk %}">
     <i class="fa fa-forward"></i>
     {% trans "Request longer lease" %}
   </a>
+  {% endif %}
   <button class="btn btn-{{ opview.effect }} btn-op-form-send" type="submit" id="op-form-send">
     {% if opview.icon %}<i class="fa fa-fw fa-{{opview.icon}}"></i> {% endif %}{{ op.name|capfirst }}
   </button>

circle/dashboard/templates/dashboard/vm-detail/resources.html

@@ -13,11 +13,11 @@
 {% if op.resources_change %}
   <button type="submit" class="btn btn-success btn-sm change-resources-button"
     id="vm-details-resources-save" data-vm="{{ instance.pk }}"
-    {% if op.resources_change.disabled %}disabled{% endif %}>
+    {% if not save_resources_enabled %}disabled{% endif %}>
     <i class="fa fa-floppy-o"></i> {% trans "Save resources" %}
   </button>
   <span class="change-resources-help"
-    {% if not op.resources_change.disabled %}style="display: none;"{% endif %}>
+    {% if save_resources_enabled %}style="display: none;"{% endif %}>
     {% trans "Stop your VM to change resources." %}
   </span>
 {% else %}

circle/dashboard/views/group.py

@@ -146,7 +146,7 @@ class GroupDetailView(CheckedDetailView):
             self.object.user_set.add(entity)
         except User.DoesNotExist:
             if saml_available:
-                FutureMember.objects.get_or_create(org_id=name,
+                FutureMember.objects.get_or_create(org_id=name.upper(),
                                                    group=self.object)
             else:
                 messages.warning(request, _('User "%s" not found.') % name)

circle/dashboard/views/util.py

@@ -70,7 +70,7 @@ def search_user(keyword):
         return User.objects.get(username=keyword)
     except User.DoesNotExist:
         try:
-            return User.objects.get(profile__org_id=keyword)
+            return User.objects.get(profile__org_id__iexact=keyword)
         except User.DoesNotExist:
             return User.objects.get(email=keyword)
 

circle/dashboard/views/vm.py

@@ -66,7 +66,7 @@ from ..forms import (
     VmPortRemoveForm, VmPortAddForm,
     VmRemoveInterfaceForm,
 )
-from request.models import TemplateAccessType
+from request.models import TemplateAccessType, LeaseType
 from request.forms import LeaseRequestForm, TemplateRequestForm
 from ..models import Favourite
 from manager.scheduler import has_traits
@@ -173,6 +173,10 @@ class VmDetailView(GraphMixin, CheckedDetailView):
         context['is_operator'] = is_operator
         context['is_owner'] = is_owner
 
+        # operation also allows RUNNING (if with_shutdown is present)
+        context['save_resources_enabled'] = instance.status not in ("RUNNING",
+                                                                    "PENDING")
+
         return context
 
     def post(self, request, *args, **kwargs):
@@ -681,6 +685,7 @@ class VmRenewView(FormOperationMixin, TokenOperationView, VmOperationView):
     def get_context_data(self, **kwargs):
         context = super(VmRenewView, self).get_context_data(**kwargs)
         context['lease_request_form'] = LeaseRequestForm(request=self.request)
+        context['lease_types'] = LeaseType.objects.exists()
         return context
 
 

circle/request/views.py

@@ -19,9 +19,11 @@ from __future__ import unicode_literals, absolute_import
 from django.views.generic import (
     UpdateView, TemplateView, DetailView, CreateView, FormView, DeleteView,
 )
+from django.contrib.messages.views import SuccessMessageMixin
 from django.shortcuts import redirect, get_object_or_404
 from django.core.exceptions import PermissionDenied, SuspiciousOperation
 from django.core.urlresolvers import reverse
+from django.utils.translation import ugettext as _
 
 from braces.views import SuperuserRequiredMixin, LoginRequiredMixin
 from django_tables2 import SingleTableView
@@ -97,17 +99,19 @@ class RequestDetail(LoginRequiredMixin, DetailView):
 
 
 class TemplateAccessTypeDetail(LoginRequiredMixin, SuperuserRequiredMixin,
-                               UpdateView):
+                               SuccessMessageMixin, UpdateView):
     model = TemplateAccessType
     template_name = "request/template-type-form.html"
     form_class = TemplateAccessTypeForm
+    success_message = _("Template access type successfully updated.")
 
 
 class TemplateAccessTypeCreate(LoginRequiredMixin, SuperuserRequiredMixin,
-                               CreateView):
+                               SuccessMessageMixin, CreateView):
     model = TemplateAccessType
     template_name = "request/template-type-form.html"
     form_class = TemplateAccessTypeForm
+    success_message = _("New template access type successfully created.")
 
 
 class TemplateAccessTypeDelete(LoginRequiredMixin, SuperuserRequiredMixin,
@@ -119,16 +123,20 @@ class TemplateAccessTypeDelete(LoginRequiredMixin, SuperuserRequiredMixin,
         return reverse("request.views.type-list")
 
 
-class LeaseTypeDetail(LoginRequiredMixin, SuperuserRequiredMixin, UpdateView):
+class LeaseTypeDetail(LoginRequiredMixin, SuperuserRequiredMixin,
+                      SuccessMessageMixin, UpdateView):
     model = LeaseType
     template_name = "request/lease-type-form.html"
     form_class = LeaseTypeForm
+    success_message = _("Lease type successfully updated.")
 
 
-class LeaseTypeCreate(LoginRequiredMixin, SuperuserRequiredMixin, CreateView):
+class LeaseTypeCreate(LoginRequiredMixin, SuperuserRequiredMixin,
+                      SuccessMessageMixin, CreateView):
     model = LeaseType
     template_name = "request/lease-type-form.html"
     form_class = LeaseTypeForm
+    success_message = _("New lease type successfully created.")
 
 
 class LeaseTypeDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -154,7 +162,7 @@ class RequestTypeList(LoginRequiredMixin, SuperuserRequiredMixin,
         return context
 
 
-class TemplateRequestView(FormView):
+class TemplateRequestView(LoginRequiredMixin, FormView):
     form_class = TemplateRequestForm
     template_name = "request/request-template.html"
 
@@ -185,7 +193,7 @@ class TemplateRequestView(FormView):
         return redirect("/")
 
 
-class VmRequestMixin(object):
+class VmRequestMixin(LoginRequiredMixin, object):
     def get_vm(self):
         return get_object_or_404(Instance, pk=self.kwargs['vm_pk'])
 

circle/templates/403.html

+{% extends "base.html" %}
+{% load i18n %}
+
+{% block title %}HTTP 403{% endblock %}
+
+{% block page_title %}{% trans ":(" %}{% endblock page_title %}
+
+{% block content %}
+<div class="alert alert-danger" style="font-size: 22px; margin-top: 2em;">
+  <div class="row">
+    <div class="col-md-2" style="text-align: center;">
+      HTTP 403
+    </div>
+    <div class="col-md-10" style="text-align: center;">
+      {% if error %}
+        {{ error }}
+      {% else %}
+       {% trans "Forbidden" %}
+      {% endif %}
+    </div>
+  </div>
+</div>
+{% endblock content %}

circle/templates/404.html

@@ -6,5 +6,14 @@
 {% block page_title %}{% trans "Page not found" %}{% endblock page_title %}
 
 {% block content %}
-<p>{% trans "This page does not exist." %}</p>
+<div class="alert alert-warning" style="font-size: 22px; margin-top: 2em;">
+  <div class="row">
+    <div class="col-md-2" style="text-align: center;">
+      HTTP 404
+    </div>
+    <div class="col-md-10" style="text-align: center;">
+      {% trans "This page does not exist." %}
+    </div>
+  </div>
+</div>
 {% endblock content %}

circle/templates/500.html

-{% extends "dashboard/base.html" %}
+{% extends "base.html" %}
 {% load i18n %}
 
 {% block title %}HTTP 500{% endblock %}

circle/vm/models/instance.py

@@ -62,7 +62,6 @@ scheduler = import_module(name=django.conf.settings.VM_SCHEDULER)
 ACCESS_PROTOCOLS = django.conf.settings.VM_ACCESS_PROTOCOLS
 ACCESS_METHODS = [(key, name) for key, (name, port, transport)
                   in ACCESS_PROTOCOLS.iteritems()]
-VNC_PORT_RANGE = (20000, 65536)  # inclusive start, exclusive end
 
 
 def find_unused_port(port_range, used_ports=[]):
@@ -81,7 +80,7 @@ def find_unused_port(port_range, used_ports=[]):
 
 def find_unused_vnc_port():
     port = find_unused_port(
-        port_range=VNC_PORT_RANGE,
+        port_range=django.conf.settings.VNC_PORT_RANGE,
         used_ports=Instance.objects.values_list('vnc_port', flat=True))
 
     if port is None:

requirements/base.txt

@@ -11,11 +11,12 @@ django-braces==1.4.0
 django-celery==3.1.16
 django-crispy-forms==1.4.0
 django-model-utils==2.2
+djangosaml2==0.13.0
 django-sizefield==0.6
 django-sshkey==2.2.0
 django-statici18n==1.1
 django-tables2==0.15.0
-git+https://git.ik.bme.hu/circle/django-taggit.git
+django-taggit==0.13.0
 docutils==0.12
 Jinja2==2.7.3
 jsonfield==1.0.0
@@ -32,6 +33,7 @@ pyinotify==0.9.4
 pytz==2014.7
 requests==2.5.3
 salt==2014.1.0
+shutilwhich==1.0.1
 simplejson==3.6.5
 six==1.8.0
 slimit==0.8.1