Beispiel #1
0
 def test_parse_logout_request(self):
     cas_client = CASClient('https://dummy.url')
     parsed_message = cas_client.parse_logout_request(self.slo_text)
     self.assertEqual(
         parsed_message, {
             'ID': '[RANDOM ID]',
             'IssueInstant': '[CURRENT DATE/TIME]',
             'Version': '2.0',
             'session_index': '[SESSION IDENTIFIER]',
             'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
             'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
         })
Beispiel #2
0
 def test_parse_logout_request_2(self):
     cas_client = CASClient('https://dummy.url')
     parsed_message = cas_client.parse_logout_request(self.slo_text_2)
     self.assertEqual(
         parsed_message, {
             'ID': '935a2d0c-4026-481e-be3d-20a1b2cdd553',
             'IssueInstant': '2016-04-08 00:40:55 +0000',
             'Version': '2.0',
             'session_index':
             'ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH',
             'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
             'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
         })
Beispiel #3
0
 def test_parse_logout_request_2(self):
     cas_client = CASClient("dummy.url")
     parsed_message = cas_client.parse_logout_request(self.slo_text_2)
     self.assertEqual(
         parsed_message,
         {
             "ID": "935a2d0c-4026-481e-be3d-20a1b2cdd553",
             "IssueInstant": "2016-04-08 00:40:55 +0000",
             "Version": "2.0",
             "session_index": "ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH",
             "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
             "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
         },
     )
Beispiel #4
0
 def test_parse_logout_request(self):
     cas_client = CASClient("dummy.url")
     parsed_message = cas_client.parse_logout_request(self.slo_text)
     self.assertEqual(
         parsed_message,
         {
             "ID": "[RANDOM ID]",
             "IssueInstant": "[CURRENT DATE/TIME]",
             "Version": "2.0",
             "session_index": "[SESSION IDENTIFIER]",
             "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
             "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
         },
     )
Beispiel #5
0
def cas():
    """Handles the login page, logging a user in on correct authentication."""

    #CAS client init
    cas_client = CASClient(app.config['CAS_SERVER_URL'],
                           app.config['CAS_SERVICE_URL'],
                           verify_certificates=True)

    #SLO
    if request.method == 'POST' and session.get(
            'cas_ticket') is not None and 'logoutRequest' in request.form:
        #check the verify the ticket to prevent cross orign attacks
        message = cas_client.parse_logout_request(
            request.form.get('logoutRequest'))
        if message.get('session_index', None) == session.get('cas_ticket'):
            cortex.lib.user.clear_session()
            return ('', 200)

        abort(400)

    # If the user is already logged in, just redirect them to their dashboard
    if cortex.lib.user.is_logged_in():
        return redirect(url_for('dashboard'))

    ticket = request.args.get('ticket', None)
    if ticket is not None:
        try:
            cas_response = cas_client.perform_service_validate(ticket=ticket)
        except Exception:
            return root()
        if cas_response and cas_response.success:
            try:
                # keep the ticket for SLO
                session['cas_ticket'] = ticket
                return cortex.lib.user.logon_ok(
                    cas_response.attributes.get('uid'))
            except KeyError:
                # required user attributes not returned
                flash(
                    "CAS SSO authentication successful but missing required information consider using LDAP authentication",
                    'alert-warning')
                return root()

    return redirect(cas_client.get_login_url())