def verify_auth_token(data):
"""
Verifies a Auth Token in a QueryDict. Returns a
django.contrib.auth.models.User instance if successful or False.
"""
if 'auth_token' not in data:
return False
if 'request_token' not in data:
return False
auth_token = data['auth_token']
params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(('signature', signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/'
response = requests.get(url, params=dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if 'signature' not in data:
return False
if 'user' not in data:
return False
params = [(key, value) for key,value in data.items() if key != 'signature']
if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET):
return False
return load_json_user(data['user'])
def verify_auth_token(data):
"""
Verifies a Auth Token in a QueryDict. Returns a
django.contrib.auth.models.User instance if successful or False.
"""
if 'auth_token' not in data:
return False
if 'request_token' not in data:
return False
auth_token = data['auth_token']
params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(('signature', signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/'
response = requests.get(url, params=dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if 'signature' not in data:
return False
if 'user' not in data:
return False
params = [(key, value) for key, value in data.items()
if key != 'signature']
if not verify_signature(params, data['signature'],
settings.SIMPLE_SSO_SECRET):
return False
return load_json_user(data['user'])
def form_valid(self):
token = self.get_token()
params = [('request_token', token.request_token)]
signature = build_signature(params, token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
return HttpResponse(data)
def verify_auth_token(data):
"""
Verifies a Auth Token in a QueryDict. Returns a
django.contrib.auth.models.User instance if successful or False.
"""
if "auth_token" not in data:
return False
if "request_token" not in data:
return False
auth_token = data["auth_token"]
params = [("auth_token", auth_token), ("key", settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(("signature", signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, "verify") + "/"
response = requests.get(url, dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if "signature" not in data:
return False
if "user" not in data:
return False
params = [(key, value) for key, value in data.items() if key != "signature"]
if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET):
return False
return load_json_user(data["user"])
def form_valid(self):
token = self.get_token()
params = [('request_token', token.request_token)]
signature = build_signature(params, token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
return HttpResponse(data)
def success(self):
url = urljoin(self.token.client.root_url, 'authenticate') + '/'
params = [('request_token', self.token.request_token), ('auth_token', self.token.auth_token)]
signature = build_signature(params, self.token.client.secret)
params.append(('signature', signature))
self.token.user = self.request.user
self.token.save()
return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
def form_valid(self):
self.token = self.form.cleaned_data['token']
self.user = self.get_user_json()
params = [('user', self.user)]
signature = build_signature(params, self.token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
self.token.delete()
return HttpResponse(data)
def success(self):
url = urljoin(self.token.client.root_url, 'authenticate') + '/'
params = [('request_token', self.token.request_token),
('auth_token', self.token.auth_token)]
signature = build_signature(params, self.token.client.secret)
params.append(('signature', signature))
self.token.user = self.request.user
self.token.save()
return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
def test_authorize_view_invalid_request_token(self):
client = Client.objects.create(root_url='/client/')
data = {
'key': client.key,
'request_token': 'x' * 64,
}
data['signature'] = build_signature(data.items(), client.secret)
response = self.client.get(reverse('simple-sso-authorize'), data)
self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)
def test_authorize_view_token_timeout(self):
client = Client.objects.create(root_url="/client/")
token = Token.objects.create_for_client(client)
token.created = datetime.datetime.now() - test_server.token_timeout - datetime.timedelta(hours=1)
token.save()
data = {"key": client.key, "request_token": token.request_token}
data["signature"] = build_signature(data.items(), client.secret)
response = self.client.get(reverse("simple-sso-authorize"), data)
self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def form_valid(self):
self.token = self.form.cleaned_data['token']
self.user = self.get_user_json()
params = [('user', self.user)]
signature = build_signature(params, self.token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
self.token.delete()
return HttpResponse(data)
def test_authorize_view_invalid_request_token(self):
client = Client.objects.create(root_url='/client/')
data = {
'key': client.key,
'request_token': 'x' * 64,
}
data['signature'] = build_signature(data.items(), client.secret)
response = self.client.get(reverse('simple-sso-authorize'), data)
self.assertEqual(response.status_code,
HttpResponseBadRequest.status_code)
def request_token(request):
form = RequestTokenRequestForm(request.GET)
if form.is_valid():
token = Token.objects.create_for_client(form.client)
params = [('request_token', token.request_token)]
signature = build_signature(params, token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
return HttpResponse(data)
else:
if form.invalid_signature:
return HttpResponseForbidden()
return HttpResponseBadRequest()
def test_authorize_view_token_timeout(self):
client = Client.objects.create(root_url='/client/')
token = Token.objects.create_for_client(client)
token.created = datetime.datetime.now(
) - test_server.token_timeout - datetime.timedelta(hours=1)
token.save()
data = {
'key': client.key,
'request_token': token.request_token,
}
data['signature'] = build_signature(data.items(), client.secret)
response = self.client.get(reverse('simple-sso-authorize'), data)
self.assertEqual(response.status_code,
HttpResponseForbidden.status_code)
def verify(request):
form = VerificationForm(request.GET)
if form.is_valid():
token = form.cleaned_data['token']
user = get_user_json(token.user, token.client)
params = [('user', user)]
signature = build_signature(params, token.client.secret)
params.append(('signature', signature))
data = urllib.urlencode(params)
token.delete()
return HttpResponse(data)
else:
if form.invalid_signature:
return HttpResponseForbidden()
return HttpResponseBadRequest()
def login_view(request):
"""
Login view.
Requests a Request Token and then redirects the User to the the SSO Server.
"""
next = get_next(request)
request.session["simple-sso-next"] = next
request_token = get_request_token()
if not request_token:
return HttpResponseBadRequest()
params = [("request_token", request_token), ("key", settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(("signature", signature))
query_string = urllib.urlencode(params)
url = urljoin(settings.SIMPLE_SSO_SERVER, "authorize") + "/"
return HttpResponseRedirect("%s?%s" % (url, query_string))
def login_view(request):
"""
Login view.
Requests a Request Token and then redirects the User to the the SSO Server.
"""
next = get_next(request)
request.session['simple-sso-next'] = next
request_token = get_request_token()
if not request_token:
return HttpResponseBadRequest()
params = [('request_token', request_token),
('key', settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(('signature', signature))
query_string = urllib.urlencode(params)
url = urljoin(settings.SIMPLE_SSO_SERVER, 'authorize') + '/'
return HttpResponseRedirect('%s?%s' % (url, query_string))
def test_authorize_view_no_access(self):
class NoAccessAuthorizeView(AuthorizeView):
server = test_server
def has_access(self):
return False
client = Client.objects.create(root_url="/client/")
token = Token.objects.create_for_client(client)
data = {"key": client.key, "request_token": token.request_token}
data["signature"] = build_signature(data.items(), client.secret)
request = RequestFactory().get(reverse("simple-sso-authorize"), data)
USERNAME = PASSWORD = "******"
server_user = User.objects.create_user(USERNAME, "*****@*****.**", PASSWORD)
request.user = server_user
view = NoAccessAuthorizeView.as_view()
response = view(request)
self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def authorize(request):
form = AuthorizeForm(request.GET)
if form.is_valid():
token = form.cleaned_data['token']
if request.user.is_authenticated():
url = urljoin(token.client.root_url, 'authenticate') + '/'
params = [('request_token', token.request_token), ('auth_token', token.auth_token)]
signature = build_signature(params, token.client.secret)
params.append(('signature', signature))
token.user = request.user
token.save()
return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
else:
params = urllib.urlencode([('next', '%s?%s' % (request.path, urllib.urlencode(request.GET)))])
return HttpResponseRedirect('%s?%s' % (reverse('django.contrib.auth.views.login'), params))
else:
if form.invalid_signature:
return HttpResponseForbidden()
return HttpResponseBadRequest()
def get_request_token():
"""
Requests a Request Token from the SSO Server. Returns False if the request
failed.
"""
params = [("key", settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(("signature", signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, "request-token") + "/"
response = requests.get(url, dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if "signature" not in data:
return False
if "request_token" not in data:
return False
params = [(key, value) for key, value in data.items() if key != "signature"]
if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET):
return False
return data["request_token"]
def get_request_token():
"""
Requests a Request Token from the SSO Server. Returns False if the request
failed.
"""
params = [('key', settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(('signature', signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/'
response = requests.get(url, params=dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if 'signature' not in data:
return False
if 'request_token' not in data:
return False
params = [(key, value) for key,value in data.items() if key != 'signature']
if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET):
return False
return data['request_token']
def get_request_token():
"""
Requests a Request Token from the SSO Server. Returns False if the request
failed.
"""
params = [('key', settings.SIMPLE_SSO_KEY)]
signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
params.append(('signature', signature))
url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/'
response = requests.get(url, params=dict(params))
if response.status_code != 200:
return False
data = QueryDict(response.content)
if 'signature' not in data:
return False
if 'request_token' not in data:
return False
params = [(key, value) for key, value in data.items()
if key != 'signature']
if not verify_signature(params, data['signature'],
settings.SIMPLE_SSO_SECRET):
return False
return data['request_token']
def test_authorize_view_no_access(self):
class NoAccessAuthorizeView(AuthorizeView):
server = test_server
def has_access(self):
return False
client = Client.objects.create(root_url='/client/')
token = Token.objects.create_for_client(client)
data = {
'key': client.key,
'request_token': token.request_token,
}
data['signature'] = build_signature(data.items(), client.secret)
request = RequestFactory().get(reverse('simple-sso-authorize'), data)
USERNAME = PASSWORD = '******'
server_user = User.objects.create_user(USERNAME, '*****@*****.**',
PASSWORD)
request.user = server_user
view = NoAccessAuthorizeView.as_view()
response = view(request)
self.assertEqual(response.status_code,
HttpResponseForbidden.status_code)
def test_authorize_view_invalid_request_token(self):
client = Client.objects.create(root_url="/client/")
data = {"key": client.key, "request_token": "x" * 64}
data["signature"] = build_signature(data.items(), client.secret)
response = self.client.get(reverse("simple-sso-authorize"), data)
self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)
