From: Alex Kamedov Date: Sun, 24 Apr 2011 15:24:50 +0000 (+0600) Subject: improve tests and documentation X-Git-Tag: 22.4~32^2~20^2 X-Git-Url: https://git.mdrn.pl/django-cas-provider.git/commitdiff_plain/4d08fe00954d5a4a3a5d963ff04d001be57f9007?hp=--cc improve tests and documentation --- 4d08fe00954d5a4a3a5d963ff04d001be57f9007 diff --git a/README.rst b/README.rst index ca8c6c3..bc2874d 100644 --- a/README.rst +++ b/README.rst @@ -41,3 +41,63 @@ SETTINGS CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes) CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument + +PROTOCOL DOCUMENTATION +===================== + +* `CAS Protocol ` +* `CAS 1 Architecture ` +* `CAS 2 Architecture ` +* `Proxy Authentication ` +* `CAS – Central Authentication Service ` +* `Proxy CAS Walkthrough ` + +PROVIDED VIEWS +============= + +login +--------- + +It has not required arguments. + +Optional arguments: + +* template_name - login form template name (default is 'cas/login.html') +* success_redirect - redirect after successful login if service GET argument is not provided + (default is settings.LOGIN_REDIRECT_URL) +* warn_template_name - warning page template name to allow login user to service if he + already authenticated in SSO (default is 'cas/warn.html') + +If request.GET has 'warn' argument - it shows warning message if user has already +authenticated in SSO instead of generate Service Ticket and redirect. + +logout +----------- + +This destroys a client's single sign-on CAS session. The ticket-granting cookie is destroyed, +and subsequent requests to login view will not obtain service tickets until the user again +presents primary credentials (and thereby establishes a new single sign-on session). + +It has not required arguments. + +Optional arguments: + +* template_name - template name for page with successful logout message (default is 'cas/logout.html') + +validate +------------- + +It checks the validity of a service ticket. It is part of the CAS 1.0 protocol and thus does +not handle proxy authentication. + +It has not arguments. + +service_validate +------------------------- + +It checks the validity of a service ticket and returns an XML-fragment response via CAS 2.0 protocol. +Work with proxy is not supported yet. + +It has not arguments. + + diff --git a/cas_provider/tests.py b/cas_provider/tests.py index 4d44242..c876148 100644 --- a/cas_provider/tests.py +++ b/cas_provider/tests.py @@ -30,6 +30,10 @@ class ViewsTest(TestCase): response = self.client.get(response['location'], follow=False) self.assertIn(response.status_code, [302, 200]) + response = self.client.get(reverse('cas_login'), {'service': self.service, 'warn': True}, follow=False) + self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, 'cas/warn.html') + def test_logout(self): response = self._login_user('root', '123') @@ -77,6 +81,7 @@ class ViewsTest(TestCase): self.username = username response = self.client.get(reverse('cas_login'), {'service': self.service}) self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, 'cas/login.html') form = response.context['form'] service = form['service'].value() return self.client.post(reverse('cas_login'), { diff --git a/cas_provider/views.py b/cas_provider/views.py index b2e54f2..32ed6e9 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -11,14 +11,16 @@ from models import ServiceTicket, LoginTicket __all__ = ['login', 'validate', 'logout', 'service_validate'] -INVALID_TICKET = 1 -INVALID_SERVICE = 2 -INVALID_REQUEST = 3 +INVALID_TICKET = 'INVALID_TICKET' +INVALID_SERVICE = 'INVALID_SERVICE' +INVALID_REQUEST = 'INVALID_REQUEST' +INTERNAL_ERROR = 'INTERNAL_ERROR' ERROR_MESSAGES = ( (INVALID_TICKET, u'The provided ticket is invalid.'), (INVALID_SERVICE, u'Service is invalid'), (INVALID_REQUEST, u'Not all required parameters were sent.'), + (INTERNAL_ERROR, u'An internal error occurred during ticket validation'), ) @@ -63,6 +65,9 @@ def validate(request): service = request.GET.get('service', None) ticket_string = request.GET.get('ticket', None) if service is not None and ticket_string is not None: + #renew = request.GET.get('renew', True) + #if not renew: + # TODO: check user SSO session try: ticket = ServiceTicket.objects.get(ticket=ticket_string) username = ticket.user.username