From 7c5c426f894736e93a31c32ed8b95600488d2919 Mon Sep 17 00:00:00 2001 From: Alex Kamedov Date: Sun, 24 Apr 2011 22:38:23 +0600 Subject: [PATCH 1/1] check service in service ticket validation --- README.rst | 1 - cas_provider/__init__.py | 1 - cas_provider/views.py | 3 ++- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index bc2874d..1efabfe 100644 --- a/README.rst +++ b/README.rst @@ -40,7 +40,6 @@ SETTINGS ========= CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes) -CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument PROTOCOL DOCUMENTATION ===================== diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py index 91b3b2c..2ce1450 100644 --- a/cas_provider/__init__.py +++ b/cas_provider/__init__.py @@ -4,7 +4,6 @@ __all__ = [] _DEFAULTS = { 'CAS_TICKET_EXPIRATION': 5, # In minutes - 'CAS_CHECK_SERVICE': False, } for key, value in _DEFAULTS.iteritems(): diff --git a/cas_provider/views.py b/cas_provider/views.py index 32ed6e9..9472686 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -70,6 +70,7 @@ def validate(request): # TODO: check user SSO session try: ticket = ServiceTicket.objects.get(ticket=ticket_string) + assert ticket.service == service username = ticket.user.username ticket.delete() return HttpResponse("yes\n%s\n" % username) @@ -97,7 +98,7 @@ def service_validate(request): except ServiceTicket.DoesNotExist: return _cas2_error_response(INVALID_TICKET) - if settings.CAS_CHECK_SERVICE and ticket.service != service: + if ticket.service != service: ticket.delete() return _cas2_error_response(INVALID_SERVICE) -- 2.20.1