From 7c5c426f894736e93a31c32ed8b95600488d2919 Mon Sep 17 00:00:00 2001
From: Alex Kamedov <alex@kamedov.ru>
Date: Sun, 24 Apr 2011 22:38:23 +0600
Subject: [PATCH] check service in service ticket validation

---
 README.rst               | 1 -
 cas_provider/__init__.py | 1 -
 cas_provider/views.py    | 3 ++-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/README.rst b/README.rst
index bc2874d..1efabfe 100644
--- a/README.rst
+++ b/README.rst
@@ -40,7 +40,6 @@ SETTINGS
 =========
 
 CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes)
-CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument
 
 PROTOCOL DOCUMENTATION
 =====================
diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py
index 91b3b2c..2ce1450 100644
--- a/cas_provider/__init__.py
+++ b/cas_provider/__init__.py
@@ -4,7 +4,6 @@ __all__ = []
 
 _DEFAULTS = {
     'CAS_TICKET_EXPIRATION': 5, # In minutes
-    'CAS_CHECK_SERVICE': False,
 }
 
 for key, value in _DEFAULTS.iteritems():
diff --git a/cas_provider/views.py b/cas_provider/views.py
index 32ed6e9..9472686 100644
--- a/cas_provider/views.py
+++ b/cas_provider/views.py
@@ -70,6 +70,7 @@ def validate(request):
         # TODO: check user SSO session
         try:
             ticket = ServiceTicket.objects.get(ticket=ticket_string)
+            assert ticket.service == service
             username = ticket.user.username
             ticket.delete()
             return HttpResponse("yes\n%s\n" % username)
@@ -97,7 +98,7 @@ def service_validate(request):
     except ServiceTicket.DoesNotExist:
         return _cas2_error_response(INVALID_TICKET)
 
-    if settings.CAS_CHECK_SERVICE and ticket.service != service:
+    if ticket.service != service:
         ticket.delete()
         return _cas2_error_response(INVALID_SERVICE)
 
-- 
2.20.1