Added basic CAS 2.0 protocol support (only validation for now).

author Alex Kamedov <alex@kamedov.ru>

Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)

committer Alex Kamedov <alex@kamedov.ru>

Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)
author Alex Kamedov <alex@kamedov.ru>
Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)
committer Alex Kamedov <alex@kamedov.ru>
Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)
diff --git a/README.rst b/README.rst

index d313340..ca8c6c3 100644 (file)
--- a/README.rst
+++ b/README.rst
@@ -40,4 +40,4 @@ SETTINGS
  =========
  
  CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
  =========
  
  CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
-
+CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument
diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py

index 1a719b4..91b3b2c 100644 (file)
--- a/cas_provider/__init__.py
+++ b/cas_provider/__init__.py
@@ -4,6 +4,7 @@ __all__ = []
  
  _DEFAULTS = {
      'CAS_TICKET_EXPIRATION': 5, # In minutes
  
  _DEFAULTS = {
      'CAS_TICKET_EXPIRATION': 5, # In minutes
+    'CAS_CHECK_SERVICE': False,
  }
  
  for key, value in _DEFAULTS.iteritems():
  }
  
  for key, value in _DEFAULTS.iteritems():
@@ -12,4 +13,4 @@ for key, value in _DEFAULTS.iteritems():
      except AttributeError:
          setattr(settings, key, value)
      except ImportError:
      except AttributeError:
          setattr(settings, key, value)
      except ImportError:
-        pass
-\ No newline at end of file
+        pass
diff --git a/cas_provider/urls.py b/cas_provider/urls.py

index 139988a..70e3fae 100644 (file)
--- a/cas_provider/urls.py
+++ b/cas_provider/urls.py
@@ -4,5 +4,6 @@ from django.conf.urls.defaults import *
  urlpatterns = patterns('cas_provider.views',
      url(r'^login/?$', 'login', name='cas_login'),
      url(r'^validate/?$', 'validate', name='cas_validate'),
  urlpatterns = patterns('cas_provider.views',
      url(r'^login/?$', 'login', name='cas_login'),
      url(r'^validate/?$', 'validate', name='cas_validate'),
+    url(r'^serviceValidate/?$', 'service_validate', name='cas_service_validate'),
      url(r'^logout/?$', 'logout', name='cas_logout'),
  )
      url(r'^logout/?$', 'logout', name='cas_logout'),
  )
diff --git a/cas_provider/views.py b/cas_provider/views.py

index 5343232..7f63cd4 100644 (file)
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -1,15 +1,17 @@
+from django.conf import settings
+from django.contrib.auth import authenticate, login as auth_login, \
+    logout as auth_logout
  from django.http import HttpResponse, HttpResponseRedirect
  from django.shortcuts import render_to_response
  from django.template import RequestContext
  from django.http import HttpResponse, HttpResponseRedirect
  from django.shortcuts import render_to_response
  from django.template import RequestContext
-from django.contrib.auth import authenticate
-from django.contrib.auth import login as auth_login, logout as auth_logout
  from django.utils.translation import ugettext_lazy as _
  from django.utils.translation import ugettext_lazy as _
-
  from forms import LoginForm
  from models import ServiceTicket, LoginTicket
  from utils import create_service_ticket
  
  from forms import LoginForm
  from models import ServiceTicket, LoginTicket
  from utils import create_service_ticket
  
-__all__ = ['login', 'validate', 'logout']
+
+__all__ = ['login', 'validate', 'logout', 'service_validate']
+
  
  def login(request, template_name='cas/login.html', success_redirect='/accounts/'):
      service = request.GET.get('service', None)
  
  def login(request, template_name='cas/login.html', success_redirect='/accounts/'):
      service = request.GET.get('service', None)
@@ -28,7 +30,7 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/'
          password = request.POST.get('password', None)
          service = request.POST.get('service', None)
          lt = request.POST.get('lt', None)
          password = request.POST.get('password', None)
          service = request.POST.get('service', None)
          lt = request.POST.get('lt', None)
-        
+
          try:
              login_ticket = LoginTicket.objects.get(ticket=lt)
          except:
          try:
              login_ticket = LoginTicket.objects.get(ticket=lt)
          except:
@@ -50,8 +52,10 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/'
                      errors.append(_('Incorrect username and/or password.'))
      form = LoginForm(service)
      return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request))
                      errors.append(_('Incorrect username and/or password.'))
      form = LoginForm(service)
      return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request))
-    
+
+
  def validate(request):
  def validate(request):
+    """Validate ticket via CAS v.1 protocol"""
      service = request.GET.get('service', None)
      ticket_string = request.GET.get('ticket', None)
      if service is not None and ticket_string is not None:
      service = request.GET.get('service', None)
      ticket_string = request.GET.get('ticket', None)
      if service is not None and ticket_string is not None:
@@ -63,8 +67,42 @@ def validate(request):
          except:
              pass
      return HttpResponse("no\r\n\r\n")
          except:
              pass
      return HttpResponse("no\r\n\r\n")
-    
+
+
  def logout(request, template_name='cas/logout.html'):
      url = request.GET.get('url', None)
      auth_logout(request)
      return render_to_response(template_name, {'url': url}, context_instance=RequestContext(request))
  def logout(request, template_name='cas/logout.html'):
      url = request.GET.get('url', None)
      auth_logout(request)
      return render_to_response(template_name, {'url': url}, context_instance=RequestContext(request))
+
+
+def service_validate(request):
+    """Validate ticket via CAS v.2 protocol"""
+    service = request.GET.get('service', None)
+    ticket_string = request.GET.get('ticket', None)
+    if service is None or ticket_string is None:
+        return _cas2_error_response(u'INVALID_REQUEST', u'Not all required parameters were sent.')
+
+    try:
+        ticket = ServiceTicket.objects.get(ticket=ticket_string)
+    except ServiceTicket.DoesNotExist:
+        return _cas2_error_response(u'INVALID_TICKET', u'The provided ticket is invalid.')
+
+    if settings.CAS_CHECK_SERVICE and ticket.service != service:
+        ticket.delete()
+        return _cas2_error_response('INVALID_SERVICE', u'Service is invalid')
+
+    username = ticket.user.username
+    ticket.delete()
+    return HttpResponse(u'''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+        <cas:authenticationSuccess>
+            <cas:user>%(username)s</cas:user>
+        </cas:authenticationSuccess>
+    </cas:serviceResponse>''' % {'username': username}, mimetype='text/xml')
+
+
+def _cas2_error_response(code, message):
+    return HttpResponse(u''''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+            <cas:authenticationFailure code="%s">
+                %s
+            </cas:authenticationFailure>
+        </cas:serviceResponse>''', mimetype='text/xml')
author	Alex Kamedov <alex@kamedov.ru>
	Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)
committer	Alex Kamedov <alex@kamedov.ru>
	Sat, 23 Apr 2011 20:35:30 +0000 (02:35 +0600)
README.rst		patch \| blob \| history
cas_provider/__init__.py		patch \| blob \| history
cas_provider/urls.py		patch \| blob \| history
cas_provider/views.py		patch \| blob \| history