check service in service ticket validation

diff --git a/README.rst b/README.rst
index bc2874d..1efabfe 100644 (file)
--- a/README.rst
+++ b/README.rst
@@ -40,7 +40,6 @@ SETTINGS
 =========
 
 CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
-CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument
 
 PROTOCOL DOCUMENTATION
 =====================

diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py
index 91b3b2c..2ce1450 100644 (file)
--- a/cas_provider/__init__.py
+++ b/cas_provider/__init__.py
@@ -4,7 +4,6 @@ __all__ = []
 
 _DEFAULTS = {
     'CAS_TICKET_EXPIRATION': 5, # In minutes
-    'CAS_CHECK_SERVICE': False,
 }
 
 for key, value in _DEFAULTS.iteritems():

diff --git a/cas_provider/views.py b/cas_provider/views.py
index 32ed6e9..9472686 100644 (file)
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -70,6 +70,7 @@ def validate(request):
         # TODO: check user SSO session
         try:
             ticket = ServiceTicket.objects.get(ticket=ticket_string)
+            assert ticket.service == service
             username = ticket.user.username
             ticket.delete()
             return HttpResponse("yes\n%s\n" % username)
@@ -97,7 +98,7 @@ def service_validate(request):
     except ServiceTicket.DoesNotExist:
         return _cas2_error_response(INVALID_TICKET)
 
-    if settings.CAS_CHECK_SERVICE and ticket.service != service:
+    if ticket.service != service:
         ticket.delete()
         return _cas2_error_response(INVALID_SERVICE)