def cas_callback_authorize(request):
"""
Authorize a callback (From CAS IdP)
"""
if "code" not in request.GET:
# TODO - Maybe: Redirect into a login
return HttpResponse("")
oauth_client = get_cas_oauth_client()
oauth_code = request.GET["code"]
# Exchange code for ticket
access_token, expiry_date = oauth_client.get_access_token(oauth_code)
if not access_token:
logger.warn("The Code %s is invalid/expired. Attempting another login." % oauth_code)
return o_login_redirect(request)
# Exchange token for profile
user_profile = oauth_client.get_profile(access_token)
if not user_profile or "id" not in user_profile:
logger.error(
"AccessToken is producing an INVALID profile!"
" Check the CAS server and caslib.py for more"
" information."
)
# NOTE: Make sure this redirects the user OUT of the loop!
return login(request)
# ASSERT: A valid OAuth token gave us the Users Profile.
# Now create an AuthToken and return it
username = user_profile["id"]
auth_token = create_token(username, access_token, expiry_date, issuer="CAS+OAuth")
# Set the username to the user to be emulated
# to whom the token also belongs
request.session["username"] = username
request.session["token"] = auth_token.key
return HttpResponseRedirect(settings.REDIRECT_URL + "/application/")
def o_login_redirect(request):
oauth_client = get_cas_oauth_client()
url = oauth_client.authorize_url()
return HttpResponseRedirect(url)
