def test_parse_logout_request(self):
cas_client = CASClient('https://dummy.url')
parsed_message = cas_client.parse_logout_request(self.slo_text)
self.assertEqual(
parsed_message, {
'ID': '[RANDOM ID]',
'IssueInstant': '[CURRENT DATE/TIME]',
'Version': '2.0',
'session_index': '[SESSION IDENTIFIER]',
'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
})
def test_parse_logout_request_2(self):
cas_client = CASClient('https://dummy.url')
parsed_message = cas_client.parse_logout_request(self.slo_text_2)
self.assertEqual(
parsed_message, {
'ID': '935a2d0c-4026-481e-be3d-20a1b2cdd553',
'IssueInstant': '2016-04-08 00:40:55 +0000',
'Version': '2.0',
'session_index':
'ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH',
'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
})
def test_parse_logout_request_2(self):
cas_client = CASClient("dummy.url")
parsed_message = cas_client.parse_logout_request(self.slo_text_2)
self.assertEqual(
parsed_message,
{
"ID": "935a2d0c-4026-481e-be3d-20a1b2cdd553",
"IssueInstant": "2016-04-08 00:40:55 +0000",
"Version": "2.0",
"session_index": "ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH",
"xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
"xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
},
)
def test_parse_logout_request(self):
cas_client = CASClient("dummy.url")
parsed_message = cas_client.parse_logout_request(self.slo_text)
self.assertEqual(
parsed_message,
{
"ID": "[RANDOM ID]",
"IssueInstant": "[CURRENT DATE/TIME]",
"Version": "2.0",
"session_index": "[SESSION IDENTIFIER]",
"xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
"xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
},
)
def cas():
"""Handles the login page, logging a user in on correct authentication."""
#CAS client init
cas_client = CASClient(app.config['CAS_SERVER_URL'],
app.config['CAS_SERVICE_URL'],
verify_certificates=True)
#SLO
if request.method == 'POST' and session.get(
'cas_ticket') is not None and 'logoutRequest' in request.form:
#check the verify the ticket to prevent cross orign attacks
message = cas_client.parse_logout_request(
request.form.get('logoutRequest'))
if message.get('session_index', None) == session.get('cas_ticket'):
cortex.lib.user.clear_session()
return ('', 200)
abort(400)
# If the user is already logged in, just redirect them to their dashboard
if cortex.lib.user.is_logged_in():
return redirect(url_for('dashboard'))
ticket = request.args.get('ticket', None)
if ticket is not None:
try:
cas_response = cas_client.perform_service_validate(ticket=ticket)
except Exception:
return root()
if cas_response and cas_response.success:
try:
# keep the ticket for SLO
session['cas_ticket'] = ticket
return cortex.lib.user.logon_ok(
cas_response.attributes.get('uid'))
except KeyError:
# required user attributes not returned
flash(
"CAS SSO authentication successful but missing required information consider using LDAP authentication",
'alert-warning')
return root()
return redirect(cas_client.get_login_url())