X-Git-Url: https://git.mdrn.pl/django-cas-provider.git/blobdiff_plain/11d994f1d3d527e130eedbdacca59aa600f98fa8..a1a43977ac7fa00e65f80b8c3853e206b910599a:/cas_provider/views.py diff --git a/cas_provider/views.py b/cas_provider/views.py index bd9797c..7aeaafb 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -6,6 +6,13 @@ import logging from urllib import urlencode import urllib2 import urlparse +from functools import wraps + +from django.utils.decorators import available_attrs +from django.views.decorators.debug import sensitive_post_parameters +from django.views.decorators.cache import cache_control +from django.utils.cache import patch_cache_control +from django.views.decorators.csrf import csrf_protect from django.http import HttpResponse, HttpResponseRedirect from django.conf import settings @@ -44,6 +51,27 @@ ERROR_MESSAGES = ( logger = logging.getLogger(__name__) +_never_cache = cache_control(no_cache=True, must_revalidate=True) + + +def never_cache(view_func): + """ + Decorator that adds headers to a response so that it will + never be cached. + """ + @wraps(view_func, assigned=available_attrs(view_func)) + def _wrapped_view_func(request, *args, **kwargs): + response = view_func(request, *args, **kwargs) + patch_cache_control(response, no_cache=True, + must_revalidate=True, proxy_revalidate=True) + response['Pragma'] = 'no-cache' + return response + return _wrapped_view_func + + +@sensitive_post_parameters() +@csrf_protect +@never_cache def login(request, template_name='cas/login.html', success_redirect=settings.LOGIN_REDIRECT_URL, warn_template_name='cas/warn.html', **kwargs): @@ -96,7 +124,7 @@ def login(request, template_name='cas/login.html', url = '%s?%s' % (base_url, args) logging.debug('Redirecting to %s', url) return HttpResponseRedirect(url) - + if user is None: errors.append('Incorrect username and/or password.') else: @@ -118,11 +146,14 @@ def login(request, template_name='cas/login.html', for receiver, response in signals.on_cas_login.send(sender=login, request=request, **kwargs): if isinstance(response, HttpResponse): return response - + if service is None: # Try and pull the service off the session service = request.session.pop('service', service) - + + signals.on_cas_login_success.send(sender=login, request=request, + service=service, **kwargs) + if service is None: # Normal internal success redirection. logging.debug('Redirecting to %s', success_redirect) @@ -133,7 +164,7 @@ def login(request, template_name='cas/login.html', 'service': service, 'warn': False }, context_instance=RequestContext(request)) - + # Create a service ticket and redirect to the service. ticket = ServiceTicket.objects.create(service=service, user=user) if 'service' in request.session: @@ -148,6 +179,7 @@ def login(request, template_name='cas/login.html', return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request)) +@never_cache def validate(request): """Validate ticket via CAS v.1 protocol """ @@ -169,15 +201,16 @@ def validate(request): username = ticket.user.username ticket.delete() - results = signals.on_cas_collect_histories.send(sender=validate, for_email=ticket.user.email) + results = signals.on_cas_collect_histories.send(sender=validate, for_user=ticket.user) histories = '\n'.join('\n'.join(rs) for rc, rs in results) logger.info('Validated %s %s', username, "(also %s)" % histories if histories else '') return HttpResponse("yes\n%s\n%s" % (username, histories)) logger.info('Validation failed.') return HttpResponse("no\n\n") - + +@never_cache def logout(request, template_name='cas/logout.html', auto_redirect=settings.CAS_AUTO_REDIRECT_AFTER_LOGOUT): url = request.GET.get('url', None) @@ -191,6 +224,7 @@ def logout(request, template_name='cas/logout.html', context_instance=RequestContext(request)) +@never_cache def proxy(request): targetService = request.GET['targetService'] pgt_id = request.GET['pgt'] @@ -251,6 +285,7 @@ def ticket_validate(service, ticket_string, pgtUrl): return _cas2_sucess_response(user, pgtIouId, proxies) +@never_cache def service_validate(request): """Validate ticket via CAS v.2 protocol""" service = request.GET.get('service', None) @@ -262,6 +297,7 @@ def service_validate(request): return ticket_validate(service, ticket_string, pgtUrl) +@never_cache def proxy_validate(request): """Validate ticket via CAS v.2 protocol""" service = request.GET.get('service', None) @@ -336,12 +372,21 @@ def auth_success_response(user, pgt, proxies): username = etree.SubElement(auth_success, CAS + 'user') username.text = user.username - if settings.CAS_CUSTOM_ATTRIBUTES_CALLBACK: - callback = get_callable(settings.CAS_CUSTOM_ATTRIBUTES_CALLBACK) - attrs = callback(user) - if len(attrs) > 0: - formater = get_callable(settings.CAS_CUSTOM_ATTRIBUTES_FORMATER) - formater(auth_success, attrs) + attrs = {} + for receiver, custom in signals.cas_collect_custom_attributes.send(sender=auth_success_response, user=user): + if custom: + attrs.update(custom) + + identifiers = [i for sr, rr in signals.on_cas_collect_histories.send(sender=validate, for_user=user) + for i in rr] + + if identifiers: + # Singular `identifier`, as that is the name of the element tag(s). + attrs['identifier'] = identifiers + + if attrs: + formatter = get_callable(settings.CAS_CUSTOM_ATTRIBUTES_FORMATER) + formatter(auth_success, attrs) if pgt: pgtElement = etree.SubElement(auth_success, CAS + 'proxyGrantingTicket')