CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument
+
+PROTOCOL DOCUMENTATION
+=====================
+
+* `CAS Protocol <http://www.jasig.org/cas/protocol>`
+* `CAS 1 Architecture <http://www.jasig.org/cas/cas1-architecture>`
+* `CAS 2 Architecture <http://www.jasig.org/cas/cas2-architecture>`
+* `Proxy Authentication <http://www.jasig.org/cas/proxy-authentication>`
+* `CAS – Central Authentication Service <http://www.jusfortechies.com/cas/overview.html>`
+* `Proxy CAS Walkthrough <https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough>`
+
+PROVIDED VIEWS
+=============
+
+login
+---------
+
+It has not required arguments.
+
+Optional arguments:
+
+* template_name - login form template name (default is 'cas/login.html')
+* success_redirect - redirect after successful login if service GET argument is not provided
+ (default is settings.LOGIN_REDIRECT_URL)
+* warn_template_name - warning page template name to allow login user to service if he
+ already authenticated in SSO (default is 'cas/warn.html')
+
+If request.GET has 'warn' argument - it shows warning message if user has already
+authenticated in SSO instead of generate Service Ticket and redirect.
+
+logout
+-----------
+
+This destroys a client's single sign-on CAS session. The ticket-granting cookie is destroyed,
+and subsequent requests to login view will not obtain service tickets until the user again
+presents primary credentials (and thereby establishes a new single sign-on session).
+
+It has not required arguments.
+
+Optional arguments:
+
+* template_name - template name for page with successful logout message (default is 'cas/logout.html')
+
+validate
+-------------
+
+It checks the validity of a service ticket. It is part of the CAS 1.0 protocol and thus does
+not handle proxy authentication.
+
+It has not arguments.
+
+service_validate
+-------------------------
+
+It checks the validity of a service ticket and returns an XML-fragment response via CAS 2.0 protocol.
+Work with proxy is not supported yet.
+
+It has not arguments.
+
+
response = self.client.get(response['location'], follow=False)
self.assertIn(response.status_code, [302, 200])
+ response = self.client.get(reverse('cas_login'), {'service': self.service, 'warn': True}, follow=False)
+ self.assertEqual(response.status_code, 200)
+ self.assertTemplateUsed(response, 'cas/warn.html')
+
def test_logout(self):
response = self._login_user('root', '123')
self.username = username
response = self.client.get(reverse('cas_login'), {'service': self.service})
self.assertEqual(response.status_code, 200)
+ self.assertTemplateUsed(response, 'cas/login.html')
form = response.context['form']
service = form['service'].value()
return self.client.post(reverse('cas_login'), {
__all__ = ['login', 'validate', 'logout', 'service_validate']
-INVALID_TICKET = 1
-INVALID_SERVICE = 2
-INVALID_REQUEST = 3
+INVALID_TICKET = 'INVALID_TICKET'
+INVALID_SERVICE = 'INVALID_SERVICE'
+INVALID_REQUEST = 'INVALID_REQUEST'
+INTERNAL_ERROR = 'INTERNAL_ERROR'
ERROR_MESSAGES = (
(INVALID_TICKET, u'The provided ticket is invalid.'),
(INVALID_SERVICE, u'Service is invalid'),
(INVALID_REQUEST, u'Not all required parameters were sent.'),
+ (INTERNAL_ERROR, u'An internal error occurred during ticket validation'),
)
service = request.GET.get('service', None)
ticket_string = request.GET.get('ticket', None)
if service is not None and ticket_string is not None:
+ #renew = request.GET.get('renew', True)
+ #if not renew:
+ # TODO: check user SSO session
try:
ticket = ServiceTicket.objects.get(ticket=ticket_string)
username = ticket.user.username
fnp / django-cas-provider.git / commitdiff