fnp / django-cas-provider.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added some protective decorators.
[django-cas-provider.git] / cas_provider / views.py
diff --git a/cas_provider/views.py b/cas_provider/views.py
index 68e6784..155189c 100644 (file)
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -7,6 +7,10 @@ from urllib import urlencode
 import urllib2
 import urlparse
 
+from django.views.decorators.debug import sensitive_post_parameters
+from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_protect
+
 from django.http import HttpResponse, HttpResponseRedirect
 from django.conf import settings
 from django.contrib.auth import login as auth_login, logout as auth_logout
@@ -44,6 +48,9 @@ ERROR_MESSAGES = (
 logger = logging.getLogger(__name__)
 
 
+@sensitive_post_parameters()
+@csrf_protect
+@never_cache
 def login(request, template_name='cas/login.html',
           success_redirect=settings.LOGIN_REDIRECT_URL,
           warn_template_name='cas/warn.html', **kwargs):
@@ -123,6 +130,9 @@ def login(request, template_name='cas/login.html',
                 # Try and pull the service off the session
                 service = request.session.pop('service', service)
             
+            signals.on_cas_login_success.send(sender=login, request=request,
+                                              service=service, **kwargs)
+
             if service is None:
                 # Normal internal success redirection.
                 logging.debug('Redirecting to %s', success_redirect)
@@ -169,7 +179,7 @@ def validate(request):
             username = ticket.user.username
             ticket.delete()
 
-            results = signals.on_cas_collect_histories.send(sender=validate, for_email=ticket.user.email)
+            results = signals.on_cas_collect_histories.send(sender=validate, for_user=ticket.user)
             histories = '\n'.join('\n'.join(rs) for rc, rs in results)
             logger.info('Validated %s %s', username, "(also %s)" % histories if histories else '')
             return HttpResponse("yes\n%s\n%s" % (username, histories))
@@ -341,6 +351,12 @@ def auth_success_response(user, pgt, proxies):
         if custom:
             attrs.update(custom)
 
+    identifiers = [i for sr, rr in signals.on_cas_collect_histories.send(sender=validate, for_user=user)
+                   for i in rr]
+
+    if identifiers:
+        attrs['identifiers'] = identifiers
+
     if attrs:
         formatter = get_callable(settings.CAS_CUSTOM_ATTRIBUTES_FORMATER)
         formatter(auth_success, attrs)
Unnamed repository; edit this file 'description' to name the repository.