def logout(request, next_page=None):
"""Redirects to CAS logout page"""
# try to find the ticket matching current session for logout signal
try:
st = SessionTicket.objects.get(session_key=request.session.session_key)
ticket = st.ticket
except SessionTicket.DoesNotExist:
ticket = None
# send logout signal
cas_user_logout.send(
sender="manual",
user=request.user,
session=request.session,
ticket=ticket,
)
auth_logout(request)
# clean current session ProxyGrantingTicket and SessionTicket
ProxyGrantingTicket.objects.filter(session_key=request.session.session_key).delete()
SessionTicket.objects.filter(session_key=request.session.session_key).delete()
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''),
)
client = get_cas_client()
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
def _redirect_url(request, referrer_uri, next_url_arg):
"""Redirects to referring page, or CAS_REDIRECT_URL if no referrer is
set.
"""
# 处理 next 参数中含有登录或退出链接,会引起重定向循环的问题
if next_url_arg in request.GET.get(REDIRECT_FIELD_NAME, ''):
next_ = settings.CAS_REDIRECT_URL
else:
next_ = request.GET.get(REDIRECT_FIELD_NAME)
if not next_:
if settings.CAS_IGNORE_REFERER:
next_ = settings.CAS_REDIRECT_URL
else:
# 处理 http_referer 中含有登录或退出链接,会引起重定向循环的问题
http_referer = request.META.get('HTTP_REFERER', '')
if referrer_uri in http_referer:
next_ = settings.CAS_REDIRECT_URL
else:
next_ = request.META.get('HTTP_REFERER', settings.CAS_REDIRECT_URL)
prefix = urllib_parse.urlunparse(
(get_protocol(request), request.get_host(), '', '', '', ''),
)
if next_.startswith(prefix):
next_ = next_[len(prefix):]
return next_
def get_service_url(request, redirect_to=None):
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse(
(protocol, host, request.path, "", "", ""))
return service
def logout(request, next_page=None):
"""Redirects to CAS logout page"""
# try to find the ticket matching current session for logout signal
try:
st = SessionTicket.objects.get(session_key=request.session.session_key)
ticket = st.ticket
except SessionTicket.DoesNotExist:
ticket = None
# send logout signal
cas_user_logout.send(
sender="manual",
user=request.user,
session=request.session,
ticket=ticket,
)
auth_logout(request)
# clean current session ProxyGrantingTicket and SessionTicket
ProxyGrantingTicket.objects.filter(
session_key=request.session.session_key).delete()
SessionTicket.objects.filter(
session_key=request.session.session_key).delete()
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''), )
client = get_cas_client()
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
def _logout_url(request, next_page=None):
"""Generates CAS logout URL"""
url = urllib_parse.urljoin(settings.CAS_SERVER_URL, "logout")
if next_page:
protocol = get_protocol(request)
host = request.get_host()
next_page_url = urllib_parse.urlunparse((protocol, host, next_page, "", "", ""))
url += "?" + urllib_parse.urlencode({"url": next_page_url})
return url
def _logout_url(request, next_page=None):
"""Generates CAS logout URL"""
url = urllib_parse.urljoin(settings.CAS_SERVER_URL, 'logout')
if next_page:
protocol = get_protocol(request)
host = request.get_host()
next_page_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''), )
url += '?' + urllib_parse.urlencode({'url': next_page_url})
return url
def _logout_url(request, next_page=None):
"""Generates CAS logout URL"""
url = urllib_parse.urljoin(settings.CAS_SERVER_URL, 'logout')
if next_page:
protocol = get_protocol(request)
host = request.get_host()
next_page_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''),
)
url += '?' + urllib_parse.urlencode({'url': next_page_url})
return url
def get_service_url(request, redirect_to=None):
"""Generates application django service URL for CAS"""
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse(
(protocol, host, request.path, '', '', ''), )
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode(
{REDIRECT_FIELD_NAME: redirect_to or get_redirect_url(request)})
return service
def _service_url(request, redirect_to=None):
"""Generates application service URL for CAS"""
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse((protocol, host, request.path, "", "", ""))
if redirect_to:
if "?" in service:
service += "&"
else:
service += "?"
service += urllib_parse.urlencode({REDIRECT_FIELD_NAME: redirect_to})
return service
def get_service_url(request, redirect_to=None):
"""Generates application django service URL for CAS"""
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse(
(protocol, host, request.path, '', '', ''),
)
if redirect_to:
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode({REDIRECT_FIELD_NAME: redirect_to})
return service
def _redirect_url(request):
"""Redirects to referring page, or CAS_REDIRECT_URL if no referrer is
set.
"""
next_ = request.GET.get(REDIRECT_FIELD_NAME)
if not next_:
if settings.CAS_IGNORE_REFERER:
next_ = settings.CAS_REDIRECT_URL
else:
next_ = request.META.get("HTTP_REFERER", settings.CAS_REDIRECT_URL)
prefix = urllib_parse.urlunparse((get_protocol(request), request.get_host(), "", "", "", ""))
if next_.startswith(prefix):
next_ = next_[len(prefix) :]
return next_
def _redirect_url(request):
"""Redirects to referring page, or CAS_REDIRECT_URL if no referrer is
set.
"""
next_ = request.GET.get(REDIRECT_FIELD_NAME)
if not next_:
if settings.CAS_IGNORE_REFERER:
next_ = settings.CAS_REDIRECT_URL
else:
next_ = request.META.get('HTTP_REFERER', settings.CAS_REDIRECT_URL)
prefix = urllib_parse.urlunparse(
(get_protocol(request), request.get_host(), '', '', '', ''), )
if next_.startswith(prefix):
next_ = next_[len(prefix):]
return next_
def logout(request, next_page=None):
"""Redirects to CAS logout page"""
auth_logout(request)
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''),
)
client = get_cas_client()
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
def get_service_url(request, redirect_to=None):
"""Generates application django service URL for CAS"""
if hasattr(django_settings, 'CAS_ROOT_PROXIED_AS'):
service = django_settings.CAS_ROOT_PROXIED_AS + '/' + request.path
else:
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse(
(protocol, host, request.path, '', '', ''), )
if not django_settings.CAS_STORE_NEXT:
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode(
{REDIRECT_FIELD_NAME: redirect_to or get_redirect_url(request)})
return service
def get_redirect_url(request):
"""Redirects to referring page, or CAS_REDIRECT_URL if no referrer is
set.
"""
next_ = request.GET.get(REDIRECT_FIELD_NAME)
if not next_:
redirect_url = resolve_url(django_settings.CAS_REDIRECT_URL)
if django_settings.CAS_IGNORE_REFERER:
next_ = redirect_url
else:
next_ = request.META.get('HTTP_REFERER', redirect_url)
prefix = urllib_parse.urlunparse(
(get_protocol(request), request.get_host(), '', '', '', ''),
)
if next_.startswith(prefix):
next_ = next_[len(prefix):]
return next_
def get_service_url(request, redirect_to=None):
"""Generates application django service URL for CAS"""
protocol = get_protocol(request)
if django_settings.DEBUG:
host = request.get_host()
else:
host = django_settings.SUCC_REDIRECT_URL
# print("::::::: ", host)
service = urllib_parse.urlunparse(
(protocol, host, request.path, '', '', ''), )
if not django_settings.CAS_STORE_NEXT:
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode(
{REDIRECT_FIELD_NAME: redirect_to or get_redirect_url(request)})
return service
def _redirect_url(request):
"""Redirects to referring page, or CAS_REDIRECT_URL if no referrer is
set.
"""
next_ = request.GET.get(REDIRECT_FIELD_NAME)
if not next_:
if settings.CAS_IGNORE_REFERER:
next_ = settings.CAS_REDIRECT_URL
else:
next_ = request.META.get("HTTP_REFERER", settings.CAS_REDIRECT_URL)
prefix = urllib_parse.urlunparse((get_protocol(request), request.get_host(), "", "", "", ""))
# here prefix is unicode string, but next_ is not
if isinstance(next_, str):
# convert to unicode or we'll get "ascii codec can't decode" error
next_ = next_.decode("utf8")
if next_.startswith(prefix):
next_ = next_[len(prefix) :]
return next_
def _service_url(request, redirect_to=None):
"""Generates application service URL for CAS"""
protocol = get_protocol(request)
host = request.get_host()
ticketless_full_path = request.get_full_path()
match = re.search(r"(&ticket=[\w\-\.]+)(?:[&].+|$)(?:$|)", ticketless_full_path)
if match:
ticketless_full_path = ticketless_full_path.replace(match.group(1), "")
service = urllib_parse.urlunparse((protocol, host, ticketless_full_path, "", "", ""))
if redirect_to:
if "?" in service:
service += "&"
else:
service += "?"
service += urllib_parse.urlencode({REDIRECT_FIELD_NAME: redirect_to})
return service
def get_service_url(request, redirect_to=None):
"""Generates application django service URL for CAS"""
if hasattr(django_settings, 'CAS_ROOT_PROXIED_AS'):
service = django_settings.CAS_ROOT_PROXIED_AS + request.path
else:
protocol = get_protocol(request)
host = request.get_host()
service = urllib_parse.urlunparse(
(protocol, host, request.path, '', '', ''),
)
if not django_settings.CAS_STORE_NEXT:
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode({
REDIRECT_FIELD_NAME: redirect_to or get_redirect_url(request)
})
return service
def logout(request, next_page=None):
"""Redirects to CAS logout page"""
auth_logout(request)
# clean current session ProxyGrantingTicket and SessionTicket
ProxyGrantingTicket.objects.filter(session_key=request.session.session_key).delete()
SessionTicket.objects.filter(session_key=request.session.session_key).delete()
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, '', '', ''),
)
client = get_cas_client()
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
def _service_url(request, redirect_to=None):
"""Generates application service URL for CAS"""
protocol = get_protocol(request)
host = request.get_host()
ticketless_full_path = request.get_full_path()
match = re.search(r'(&ticket=[\w\-\.]+)(?:[&].+|$)(?:$|)',
ticketless_full_path)
if match:
ticketless_full_path = ticketless_full_path.replace(match.group(1), "")
service = urllib_parse.urlunparse(
(protocol, host, ticketless_full_path, '', '', ''), )
if redirect_to:
if '?' in service:
service += '&'
else:
service += '?'
service += urllib_parse.urlencode({REDIRECT_FIELD_NAME: redirect_to})
return service
def logout(request, next_page=None, **kwargs):
backend = request.session.get("_auth_user_backend", "").split(".")[-1]
if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend":
cas_logout(request, next_page, **kwargs)
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, "", "", "")
)
client = get_cas_client()
client.server_url = settings.CAS_SERVER_URL[:-3]
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
else:
next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login"
return auth_logout_view(request, next_page=next_page, **kwargs)