From fa30a5ec604cecf824028f4635d307e816852bb9 Mon Sep 17 00:00:00 2001 From: Alex Kamedov Date: Sun, 24 Apr 2011 02:35:30 +0600 Subject: [PATCH 1/1] Added basic CAS 2.0 protocol support (only validation for now). --- README.rst | 2 +- cas_provider/__init__.py | 3 ++- cas_provider/urls.py | 1 + cas_provider/views.py | 52 ++++++++++++++++++++++++++++++++++------ 4 files changed, 49 insertions(+), 9 deletions(-) diff --git a/README.rst b/README.rst index d313340..ca8c6c3 100644 --- a/README.rst +++ b/README.rst @@ -40,4 +40,4 @@ SETTINGS ========= CAS_TICKET_EXPIRATION - minutes to tickets expiration (default is 5 minutes) - +CAS_CHECK_SERVICE - check if ticket service is equal with service GET argument diff --git a/cas_provider/__init__.py b/cas_provider/__init__.py index 1a719b4..91b3b2c 100644 --- a/cas_provider/__init__.py +++ b/cas_provider/__init__.py @@ -4,6 +4,7 @@ __all__ = [] _DEFAULTS = { 'CAS_TICKET_EXPIRATION': 5, # In minutes + 'CAS_CHECK_SERVICE': False, } for key, value in _DEFAULTS.iteritems(): @@ -12,4 +13,4 @@ for key, value in _DEFAULTS.iteritems(): except AttributeError: setattr(settings, key, value) except ImportError: - pass \ No newline at end of file + pass diff --git a/cas_provider/urls.py b/cas_provider/urls.py index 139988a..70e3fae 100644 --- a/cas_provider/urls.py +++ b/cas_provider/urls.py @@ -4,5 +4,6 @@ from django.conf.urls.defaults import * urlpatterns = patterns('cas_provider.views', url(r'^login/?$', 'login', name='cas_login'), url(r'^validate/?$', 'validate', name='cas_validate'), + url(r'^serviceValidate/?$', 'service_validate', name='cas_service_validate'), url(r'^logout/?$', 'logout', name='cas_logout'), ) diff --git a/cas_provider/views.py b/cas_provider/views.py index 5343232..7f63cd4 100644 --- a/cas_provider/views.py +++ b/cas_provider/views.py @@ -1,15 +1,17 @@ +from django.conf import settings +from django.contrib.auth import authenticate, login as auth_login, \ + logout as auth_logout from django.http import HttpResponse, HttpResponseRedirect from django.shortcuts import render_to_response from django.template import RequestContext -from django.contrib.auth import authenticate -from django.contrib.auth import login as auth_login, logout as auth_logout from django.utils.translation import ugettext_lazy as _ - from forms import LoginForm from models import ServiceTicket, LoginTicket from utils import create_service_ticket -__all__ = ['login', 'validate', 'logout'] + +__all__ = ['login', 'validate', 'logout', 'service_validate'] + def login(request, template_name='cas/login.html', success_redirect='/accounts/'): service = request.GET.get('service', None) @@ -28,7 +30,7 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/' password = request.POST.get('password', None) service = request.POST.get('service', None) lt = request.POST.get('lt', None) - + try: login_ticket = LoginTicket.objects.get(ticket=lt) except: @@ -50,8 +52,10 @@ def login(request, template_name='cas/login.html', success_redirect='/accounts/' errors.append(_('Incorrect username and/or password.')) form = LoginForm(service) return render_to_response(template_name, {'form': form, 'errors': errors}, context_instance=RequestContext(request)) - + + def validate(request): + """Validate ticket via CAS v.1 protocol""" service = request.GET.get('service', None) ticket_string = request.GET.get('ticket', None) if service is not None and ticket_string is not None: @@ -63,8 +67,42 @@ def validate(request): except: pass return HttpResponse("no\r\n\r\n") - + + def logout(request, template_name='cas/logout.html'): url = request.GET.get('url', None) auth_logout(request) return render_to_response(template_name, {'url': url}, context_instance=RequestContext(request)) + + +def service_validate(request): + """Validate ticket via CAS v.2 protocol""" + service = request.GET.get('service', None) + ticket_string = request.GET.get('ticket', None) + if service is None or ticket_string is None: + return _cas2_error_response(u'INVALID_REQUEST', u'Not all required parameters were sent.') + + try: + ticket = ServiceTicket.objects.get(ticket=ticket_string) + except ServiceTicket.DoesNotExist: + return _cas2_error_response(u'INVALID_TICKET', u'The provided ticket is invalid.') + + if settings.CAS_CHECK_SERVICE and ticket.service != service: + ticket.delete() + return _cas2_error_response('INVALID_SERVICE', u'Service is invalid') + + username = ticket.user.username + ticket.delete() + return HttpResponse(u''' + + %(username)s + + ''' % {'username': username}, mimetype='text/xml') + + +def _cas2_error_response(code, message): + return HttpResponse(u'''' + + %s + + ''', mimetype='text/xml') -- 2.20.1