def test_continue_to_next_url(self):
from authentic2.utils import continue_to_next_url
from django.test.client import RequestFactory
rf = RequestFactory()
request = rf.get('/coin', data={'next': '/zob/', 'nonce': 'xxx'})
response = continue_to_next_url(request)
self.assertEqualsURL(response['Location'], '/zob/?nonce=xxx')
def handle_request(request):
# Check certificate validity
ssl_info = util.SSLInfo(request)
accept_self_signed = app_settings.ACCEPT_SELF_SIGNED
if not ssl_info.cert:
logger.error('SSL Client Authentication failed: '
'SSL CGI variable CERT is missing')
messages.add_message(
request, messages.ERROR,
_('SSL Client Authentication failed. '
'No client certificate found.'))
return redirect_to_login(request)
elif not accept_self_signed and not ssl_info.verify:
logger.error('SSL Client Authentication failed: '
'SSL CGI variable VERIFY is not SUCCESS')
messages.add_message(
request, messages.ERROR,
_('SSL Client Authentication failed. '
'Your client certificate is not valid.'))
return redirect_to_login(request)
# SSL entries for this certificate?
user = authenticate(ssl_info=ssl_info)
# If the user is logged in, no need to create an account
# If there is an SSL entries, no need for account creation,
# just need to login, treated after
if 'do_creation' in request.session and not user \
and not request.user.is_authenticated():
from backends import SSLBackend
if SSLBackend().create_user(ssl_info):
user = authenticate(ssl_info=ssl_info)
logger.info(u'account created for %s', user)
else:
logger.error('account creation failure')
messages.add_message(
request, messages.ERROR,
_('SSL Client Authentication failed. Internal server error.'))
return redirect_to_login(request)
# No SSL entries and no user session, redirect account linking page
if not user and not request.user.is_authenticated():
return render(request, 'auth/account_linking_ssl.html')
# No SSL entries but active user session, perform account linking
if not user and request.user.is_authenticated():
from backend import SSLBackend
if SSLBackend().link_user(ssl_info, request.user):
logger.info('Successful linking of the SSL '
'Certificate to an account, redirection to %s' %
next_url)
else:
logger.error('login() failed')
messages.add_message(
request, messages.ERROR,
_('SSL Client Authentication failed. Internal server error.'))
return redirect_to_login(request)
# SSL Entries found for this certificate,
# if the user is logged out, we login
if not request.user.is_authenticated():
login(request, user)
record_authentication_event(request, how='ssl')
return continue_to_next_url(request)
# SSL Entries found for this certificate, if the user is logged in, we
# check that the SSL entry for the certificate is this user.
# else, we make this certificate point on that user.
if user.username != request.user.username:
logger.warning(
u'The certificate belongs to %s, '
'but %s is logged with, we change the association!', user,
request.user)
from backends import SSLBackend
cert = SSLBackend().get_certificate(ssl_info)
cert.user = request.user
cert.save()
return continue_to_next_url(request)
def handle_request(request):
# Check certificate validity
ssl_info = util.SSLInfo(request)
accept_self_signed = app_settings.ACCEPT_SELF_SIGNED
if not ssl_info.cert:
logger.error('SSL Client Authentication failed: '
'SSL CGI variable CERT is missing')
messages.add_message(request, messages.ERROR,
_('SSL Client Authentication failed. '
'No client certificate found.'))
return redirect_to_login(request)
elif not accept_self_signed and not ssl_info.verify:
logger.error('SSL Client Authentication failed: '
'SSL CGI variable VERIFY is not SUCCESS')
messages.add_message(request, messages.ERROR,
_('SSL Client Authentication failed. '
'Your client certificate is not valid.'))
return redirect_to_login(request)
# SSL entries for this certificate?
user = authenticate(ssl_info=ssl_info)
# If the user is logged in, no need to create an account
# If there is an SSL entries, no need for account creation,
# just need to login, treated after
if 'do_creation' in request.session and not user \
and not request.user.is_authenticated():
from backends import SSLBackend
if SSLBackend().create_user(ssl_info):
user = authenticate(ssl_info=ssl_info)
logger.info(u'account created for %s', user)
else:
logger.error('account creation failure')
messages.add_message(request, messages.ERROR,
_('SSL Client Authentication failed. Internal server error.'))
return redirect_to_login(request)
# No SSL entries and no user session, redirect account linking page
if not user and not request.user.is_authenticated():
return render_to_response('auth/account_linking_ssl.html',
context_instance=RequestContext(request))
# No SSL entries but active user session, perform account linking
if not user and request.user.is_authenticated():
from backend import SSLBackend
if SSLBackend().link_user(ssl_info, request.user):
logger.info('Successful linking of the SSL '
'Certificate to an account, redirection to %s' % next_url)
else:
logger.error('login() failed')
messages.add_message(request, messages.ERROR,
_('SSL Client Authentication failed. Internal server error.'))
return redirect_to_login(request)
# SSL Entries found for this certificate,
# if the user is logged out, we login
if not request.user.is_authenticated():
login(request, user)
record_authentication_event(request, how='ssl')
return continue_to_next_url(request)
# SSL Entries found for this certificate, if the user is logged in, we
# check that the SSL entry for the certificate is this user.
# else, we make this certificate point on that user.
if user.username != request.user.username:
logger.warning(u'The certificate belongs to %s, '
'but %s is logged with, we change the association!',
user, request.user)
from backends import SSLBackend
cert = SSLBackend().get_certificate(ssl_info)
cert.user = request.user
cert.save()
return continue_to_next_url(request)
