X-Git-Url: https://git.mdrn.pl/django-cas-provider.git/blobdiff_plain/d49f1c192506e97590f1c253a21f6b6e95228ea5..d36533f533bc0420622298afb19c61991d48eba8:/cas_provider/views.py diff --git a/cas_provider/views.py b/cas_provider/views.py index eed2d64..2e5e1f5 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -19,27 +19,27 @@ from . import signals __all__ = ['login', 'validate', 'logout'] +def _build_service_url(service, ticket): + if service.find('?') == -1: + return service + '?ticket=' + ticket.ticket + else: + return service + '&ticket=' + ticket.ticket + + def login(request, template_name='cas/login.html', success_redirect='/account/', merge=False): logging.debug('CAS Provider Login view. Method is %s, merge is %s, template is %s.', request.method, merge, template_name) + service = request.GET.get('service', None) if service is not None: + # Save the service on the session, for later use if we end up + # in one of the more complicated workflows. request.session['service'] = service - if request.user.is_authenticated(): - if service is not None: - ticket = create_service_ticket(request.user, service) - if service.find('?') == -1: - url = service + '?ticket=' + ticket.ticket - logging.debug('Redirecting to %s', url) - return HttpResponseRedirect(url) - else: - url = service + '&ticket=' + ticket.ticket - logging.debug('Redirecting to %s', url) - return HttpResponseRedirect() - else: - logging.debug('Redirecting to %s', success_redirect) - return HttpResponseRedirect(success_redirect) + + user = request.user + errors = [] + if request.method == 'POST': if merge: form = MergeLoginForm(request.POST, request=request) @@ -76,26 +76,38 @@ def login(request, template_name='cas/login.html', success_redirect='/account/', logging.debug('Redirecting to %s', url) return HttpResponseRedirect(url) - if user is not None: + if user is None: + errors.append('Incorrect username and/or password.') + else: if user.is_active: auth_login(request, user) - if service is not None: - ticket = create_service_ticket(user, service) - url = service + '?ticket=' + ticket.ticket - logging.debug('Redirecting to %s', url) - return HttpResponseRedirect(url) - else: - logging.debug('Redirecting to %s', success_redirect) - return HttpResponseRedirect(success_redirect) - else: - errors.append('This account is disabled.') - else: - errors.append('Incorrect username and/or password.') - else: + + else: # Not a POST... if merge: form = MergeLoginForm(initial={'service': service, 'email': request.GET.get('email')}) else: form = LoginForm(initial={'service': service}) + + if user is not None and user.is_authenticated(): + # We have an authenticated user. + if not user.is_active: + errors.append('This account is disabled.') + else: + if service is None: + # Normal internal success redirection. + logging.debug('Redirecting to %s', success_redirect) + return HttpResponseRedirect(success_redirect) + else: + # Create a service ticket and redirect to the service. + ticket = create_service_ticket(request.user, service) + if 'service' in request.session: + # Don't need this any more. + del request.session['service'] + + url = _build_service_url(service, ticket.ticket) + logging.debug('Redirecting to %s', url) + return HttpResponseRedirect(url) + logging.debug('Rendering response on %s, merge is %s', template_name, merge) return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request)) @@ -106,7 +118,7 @@ def socialauth_login(request, template_name='cas/login.html', success_redirect=' """ user = request.user user.backend = 'django.contrib.auth.backends.ModelBackend' - if request.session.has_key('service'): + if 'service' in request.session: service = request.session['service'] del request.session['service'] else: @@ -117,35 +129,37 @@ def socialauth_login(request, template_name='cas/login.html', success_redirect=' auth_login(request, user) if service is not None: ticket = create_service_ticket(user, service) - return HttpResponseRedirect(service + '?ticket=' + ticket.ticket) + return HttpResponseRedirect(_build_service_url(service, ticket.ticket)) else: return HttpResponseRedirect(success_redirect) else: errors.append('This account is disabled.') else: - errors.append('Incorrect username and/or password.') + errors.append('Incorrect username and/or password.') return render_to_response(template_name, {'errors': errors}, context_instance=RequestContext(request)) def validate(request): service = request.GET.get('service', None) ticket_string = request.GET.get('ticket', None) - logger.debug("service: %s"% service) - logger.debug("ticket_string: %s"% ticket_string) + logger.info('Validating ticket %s for %s', ticket_string, service) if service is not None and ticket_string is not None: try: ticket = ServiceTicket.objects.get(ticket=ticket_string) except ServiceTicket.DoesNotExist: - logger.exception("Tried to validate with an invalid ticket: %s / %s", ticket_string, service) + logger.exception("Tried to validate with an invalid ticket %s for %s", ticket_string, service) + except Exception as e: + logger.exception('Got an exception: %s', e) else: username = ticket.user.username ticket.delete() results = signals.on_cas_collect_histories.send(sender=validate, for_email=ticket.user.email) histories = '\n'.join('\n'.join(rs) for rc, rs in results) - + logger.info('Validated %s %s', username, "(also %s)" % histories if histories else '') return HttpResponse("yes\n%s\n%s" % (username, histories)) + logger.info('Validation failed.') return HttpResponse("no\n\n")