From 4d08fe00954d5a4a3a5d963ff04d001be57f9007 Mon Sep 17 00:00:00 2001 From: Alex Kamedov Date: Sun, 24 Apr 2011 21:24:50 +0600 Subject: [PATCH] improve tests and documentation --- README.rst | 60 +++++++++++++++++++++++++++++++++++++++++++ cas_provider/tests.py | 5 ++++ cas_provider/views.py | 11 +++++--- 3 files changed, 73 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index ca8c6c3..bc2874d 100644 --- a/README.rst +++ b/README.rst @@ -41,3 +41,63 @@ SETTINGS CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes) CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument + +PROTOCOL DOCUMENTATION +===================== + +* `CAS Protocol ` +* `CAS 1 Architecture ` +* `CAS 2 Architecture ` +* `Proxy Authentication ` +* `CAS – Central Authentication Service ` +* `Proxy CAS Walkthrough ` + +PROVIDED VIEWS +============= + +login +--------- + +It has not required arguments. + +Optional arguments: + +* template_name - login form template name (default is 'cas/login.html') +* success_redirect - redirect after successful login if service GET argument is not provided + (default is settings.LOGIN_REDIRECT_URL) +* warn_template_name - warning page template name to allow login user to service if he + already authenticated in SSO (default is 'cas/warn.html') + +If request.GET has 'warn' argument - it shows warning message if user has already +authenticated in SSO instead of generate Service Ticket and redirect. + +logout +----------- + +This destroys a client's single sign-on CAS session. The ticket-granting cookie is destroyed, +and subsequent requests to login view will not obtain service tickets until the user again +presents primary credentials (and thereby establishes a new single sign-on session). + +It has not required arguments. + +Optional arguments: + +* template_name - template name for page with successful logout message (default is 'cas/logout.html') + +validate +------------- + +It checks the validity of a service ticket. It is part of the CAS 1.0 protocol and thus does +not handle proxy authentication. + +It has not arguments. + +service_validate +------------------------- + +It checks the validity of a service ticket and returns an XML-fragment response via CAS 2.0 protocol. +Work with proxy is not supported yet. + +It has not arguments. + + diff --git a/cas_provider/tests.py b/cas_provider/tests.py index 4d44242..c876148 100644 --- a/cas_provider/tests.py +++ b/cas_provider/tests.py @@ -30,6 +30,10 @@ class ViewsTest(TestCase): response = self.client.get(response['location'], follow=False) self.assertIn(response.status_code, [302, 200]) + response = self.client.get(reverse('cas_login'), {'service': self.service, 'warn': True}, follow=False) + self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, 'cas/warn.html') + def test_logout(self): response = self._login_user('root', '123') @@ -77,6 +81,7 @@ class ViewsTest(TestCase): self.username = username response = self.client.get(reverse('cas_login'), {'service': self.service}) self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, 'cas/login.html') form = response.context['form'] service = form['service'].value() return self.client.post(reverse('cas_login'), { diff --git a/cas_provider/views.py b/cas_provider/views.py index b2e54f2..32ed6e9 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -11,14 +11,16 @@ from models import ServiceTicket, LoginTicket __all__ = ['login', 'validate', 'logout', 'service_validate'] -INVALID_TICKET = 1 -INVALID_SERVICE = 2 -INVALID_REQUEST = 3 +INVALID_TICKET = 'INVALID_TICKET' +INVALID_SERVICE = 'INVALID_SERVICE' +INVALID_REQUEST = 'INVALID_REQUEST' +INTERNAL_ERROR = 'INTERNAL_ERROR' ERROR_MESSAGES = ( (INVALID_TICKET, u'The provided ticket is invalid.'), (INVALID_SERVICE, u'Service is invalid'), (INVALID_REQUEST, u'Not all required parameters were sent.'), + (INTERNAL_ERROR, u'An internal error occurred during ticket validation'), ) @@ -63,6 +65,9 @@ def validate(request): service = request.GET.get('service', None) ticket_string = request.GET.get('ticket', None) if service is not None and ticket_string is not None: + #renew = request.GET.get('renew', True) + #if not renew: + # TODO: check user SSO session try: ticket = ServiceTicket.objects.get(ticket=ticket_string) username = ticket.user.username -- 2.20.1