do not check targetService - that is totally wrong.

[django-cas-provider.git] / cas_provider / views.py

diff --git a/cas_provider/views.py b/cas_provider/views.py
index 2769e52..5b66681 100644 (file)
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -101,18 +101,13 @@ def logout(request, template_name='cas/logout.html',
 
 def proxy(request):
     targetService = request.GET['targetService']
-    pgtiou = request.GET['pgt']
+    pgt_id = request.GET['pgt']
 
     try:
-        proxyGrantingTicket = ProxyGrantingTicket.objects.get(pgtiou=pgtiou)
+        proxyGrantingTicket = ProxyGrantingTicket.objects.get(ticket=pgt_id)
     except ProxyGrantingTicket.DoesNotExist:
         return _cas2_error_response(INVALID_TICKET)
 
-    if not proxyGrantingTicket.targetService == targetService:
-        return _cas2_error_response(INVALID_SERVICE,
-            "The PGT was issued for %(original)s but the PT was requested for %(but)s" % dict(
-                original=proxyGrantingTicket.targetService, but=targetService))
-
     pt = ProxyTicket.objects.create(proxyGrantingTicket=proxyGrantingTicket,
         user=proxyGrantingTicket.serviceTicket.user,
         service=targetService)
@@ -135,7 +130,10 @@ def ticket_validate(service, ticket_string, pgtUrl):
     except ServiceTicket.DoesNotExist:
         return _cas2_error_response(INVALID_TICKET)
 
-    if ticket.service != service:
+    ticketUrl =  urlparse.urlparse(ticket.service)
+    serviceUrl =  urlparse.urlparse(service)
+
+    if not(ticketUrl.hostname == serviceUrl.hostname and ticketUrl.path == serviceUrl.path and ticketUrl.port == serviceUrl.port):
         return _cas2_error_response(INVALID_SERVICE)
 
     pgtIouId = None
@@ -196,7 +194,7 @@ def generate_proxy_granting_ticket(pgt_url, ticket):
     query = dict(urlparse.parse_qsl(uri[4]))
     query.update(params)
 
-    uri[4] = urlencode(query)
+    uri[3] = urlencode(query)
 
     try:
         response = urllib2.urlopen(urlparse.urlunsplit(uri))