From 4d08fe00954d5a4a3a5d963ff04d001be57f9007 Mon Sep 17 00:00:00 2001
From: Alex Kamedov <alex@kamedov.ru>
Date: Sun, 24 Apr 2011 21:24:50 +0600
Subject: [PATCH] improve tests and documentation

---
 README.rst            | 60 +++++++++++++++++++++++++++++++++++++++++++
 cas_provider/tests.py |  5 ++++
 cas_provider/views.py | 11 +++++---
 3 files changed, 73 insertions(+), 3 deletions(-)

diff --git a/README.rst b/README.rst
index ca8c6c3..bc2874d 100644
--- a/README.rst
+++ b/README.rst
@@ -41,3 +41,63 @@ SETTINGS
 
 CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
 CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument
+
+PROTOCOL DOCUMENTATION
+=====================
+
+* `CAS Protocol <http://www.jasig.org/cas/protocol>`
+* `CAS 1 Architecture <http://www.jasig.org/cas/cas1-architecture>`
+* `CAS 2 Architecture <http://www.jasig.org/cas/cas2-architecture>`
+* `Proxy Authentication <http://www.jasig.org/cas/proxy-authentication>`
+* `CAS â Central Authentication Service <http://www.jusfortechies.com/cas/overview.html>`
+* `Proxy CAS Walkthrough <https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough>`
+
+PROVIDED VIEWS
+=============
+
+login
+---------
+
+It has not required arguments.
+
+Optional arguments:
+
+* template_name - login form template name (default is 'cas/login.html')
+* success_redirect - redirect after successful login if service GET argument is not provided 
+   (default is settings.LOGIN_REDIRECT_URL)
+* warn_template_name - warning page template name to allow login user to service if he
+  already authenticated in SSO (default is 'cas/warn.html')
+
+If request.GET has 'warn' argument - it shows warning message if user has already
+authenticated in SSO instead of generate Service Ticket and redirect.
+
+logout
+-----------
+
+This destroys a client's single sign-on CAS session. The ticket-granting cookie is destroyed, 
+and subsequent requests to login view will not obtain service tickets until the user again
+presents primary credentials (and thereby establishes a new single sign-on session).
+
+It has not required arguments.
+
+Optional arguments:
+
+* template_name - template name for page with successful logout message (default is 'cas/logout.html')
+
+validate
+-------------
+
+It checks the validity of a service ticket. It is part of the CAS 1.0 protocol and thus does
+not handle proxy authentication.
+
+It has not arguments. 
+
+service_validate
+-------------------------
+
+It checks the validity of a service ticket and returns an XML-fragment response via CAS 2.0 protocol.
+Work with proxy is not supported yet.
+
+It has not arguments.
+
+
diff --git a/cas_provider/tests.py b/cas_provider/tests.py
index 4d44242..c876148 100644
--- a/cas_provider/tests.py
+++ b/cas_provider/tests.py
@@ -30,6 +30,10 @@ class ViewsTest(TestCase):
         response = self.client.get(response['location'], follow=False)
         self.assertIn(response.status_code, [302, 200])
 
+        response = self.client.get(reverse('cas_login'), {'service': self.service, 'warn': True}, follow=False)
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, 'cas/warn.html')
+
 
     def test_logout(self):
         response = self._login_user('root', '123')
@@ -77,6 +81,7 @@ class ViewsTest(TestCase):
         self.username = username
         response = self.client.get(reverse('cas_login'), {'service': self.service})
         self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, 'cas/login.html')
         form = response.context['form']
         service = form['service'].value()
         return self.client.post(reverse('cas_login'), {
diff --git a/cas_provider/views.py b/cas_provider/views.py
index b2e54f2..32ed6e9 100644
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -11,14 +11,16 @@ from models import ServiceTicket, LoginTicket
 __all__ = ['login', 'validate', 'logout', 'service_validate']
 
 
-INVALID_TICKET = 1
-INVALID_SERVICE = 2
-INVALID_REQUEST = 3
+INVALID_TICKET = 'INVALID_TICKET'
+INVALID_SERVICE = 'INVALID_SERVICE'
+INVALID_REQUEST = 'INVALID_REQUEST'
+INTERNAL_ERROR = 'INTERNAL_ERROR'
 
 ERROR_MESSAGES = (
     (INVALID_TICKET, u'The provided ticket is invalid.'),
     (INVALID_SERVICE, u'Service is invalid'),
     (INVALID_REQUEST, u'Not all required parameters were sent.'),
+    (INTERNAL_ERROR, u'An internal error occurred during ticket validation'),
 )
 
 
@@ -63,6 +65,9 @@ def validate(request):
     service = request.GET.get('service', None)
     ticket_string = request.GET.get('ticket', None)
     if service is not None and ticket_string is not None:
+        #renew = request.GET.get('renew', True)
+        #if not renew:
+        # TODO: check user SSO session
         try:
             ticket = ServiceTicket.objects.get(ticket=ticket_string)
             username = ticket.user.username
-- 
2.20.1