Added basic CAS 2.0 protocol support (only validation for now).

diff --git a/README.rst b/README.rst
index d313340..ca8c6c3 100644 (file)
--- a/README.rst
+++ b/README.rst
@@ -40,4 +40,4 @@ SETTINGS
 =========
 
 CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
-
+CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument

diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py
index 1a719b4..91b3b2c 100644 (file)
--- a/cas_provider/__init__.py
+++ b/cas_provider/__init__.py
@@ -4,6 +4,7 @@ __all__ = []
 
 _DEFAULTS = {
     'CAS_TICKET_EXPIRATION': 5, # In minutes
+    'CAS_CHECK_SERVICE': False,
 }
 
 for key, value in _DEFAULTS.iteritems():
@@ -12,4 +13,4 @@ for key, value in _DEFAULTS.iteritems():
     except AttributeError:
         setattr(settings, key, value)
     except ImportError:
-        pass
\ No newline at end of file
+        pass

diff --git a/cas_provider/urls.py b/cas_provider/urls.py
index 139988a..70e3fae 100644 (file)
--- a/cas_provider/urls.py
+++ b/cas_provider/urls.py
@@ -4,5 +4,6 @@ from django.conf.urls.defaults import *
 urlpatterns = patterns('cas_provider.views',
     url(r'^login/?$', 'login', name='cas_login'),
     url(r'^validate/?$', 'validate', name='cas_validate'),
+    url(r'^serviceValidate/?$', 'service_validate', name='cas_service_validate'),
     url(r'^logout/?$', 'logout', name='cas_logout'),
 )

diff --git a/cas_provider/views.py b/cas_provider/views.py
index 5343232..7f63cd4 100644 (file)
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -1,15 +1,17 @@
+from django.conf import settings
+from django.contrib.auth import authenticate, login as auth_login, \
+    logout as auth_logout
 from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
-from django.contrib.auth import authenticate
-from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.utils.translation import ugettext_lazy as _
-
 from forms import LoginForm
 from models import ServiceTicket, LoginTicket
 from utils import create_service_ticket
 
-__all__ = ['login', 'validate', 'logout']
+
+__all__ = ['login', 'validate', 'logout', 'service_validate']
+
 
 def login(request, template_name='cas/login.html', success_redirect='/accounts/'):
     service = request.GET.get('service', None)
@@ -28,7 +30,7 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/'
         password = request.POST.get('password', None)
         service = request.POST.get('service', None)
         lt = request.POST.get('lt', None)
-        
+
         try:
             login_ticket = LoginTicket.objects.get(ticket=lt)
         except:
@@ -50,8 +52,10 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/'
                     errors.append(_('Incorrect username and/or password.'))
     form = LoginForm(service)
     return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request))
-    
+
+
 def validate(request):
+    """Validate ticket via CAS v.1 protocol"""
     service = request.GET.get('service', None)
     ticket_string = request.GET.get('ticket', None)
     if service is not None and ticket_string is not None:
@@ -63,8 +67,42 @@ def validate(request):
         except:
             pass
     return HttpResponse("no\r\n\r\n")
-    
+
+
 def logout(request, template_name='cas/logout.html'):
     url = request.GET.get('url', None)
     auth_logout(request)
     return render_to_response(template_name, {'url': url}, context_instance=RequestContext(request))
+
+
+def service_validate(request):
+    """Validate ticket via CAS v.2 protocol"""
+    service = request.GET.get('service', None)
+    ticket_string = request.GET.get('ticket', None)
+    if service is None or ticket_string is None:
+        return _cas2_error_response(u'INVALID_REQUEST', u'Not all required parameters were sent.')
+
+    try:
+        ticket = ServiceTicket.objects.get(ticket=ticket_string)
+    except ServiceTicket.DoesNotExist:
+        return _cas2_error_response(u'INVALID_TICKET', u'The provided ticket is invalid.')
+
+    if settings.CAS_CHECK_SERVICE and ticket.service != service:
+        ticket.delete()
+        return _cas2_error_response('INVALID_SERVICE', u'Service is invalid')
+
+    username = ticket.user.username
+    ticket.delete()
+    return HttpResponse(u'''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+        <cas:authenticationSuccess>
+            <cas:user>%(username)s</cas:user>
+        </cas:authenticationSuccess>
+    </cas:serviceResponse>''' % {'username': username}, mimetype='text/xml')
+
+
+def _cas2_error_response(code, message):
+    return HttpResponse(u''''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+            <cas:authenticationFailure code="%s">
+                %s
+            </cas:authenticationFailure>
+        </cas:serviceResponse>''', mimetype='text/xml')