def cas_callback_authorize(request): """ Authorize a callback (From CAS IdP) """ if "code" not in request.GET: # TODO - Maybe: Redirect into a login return HttpResponse("") oauth_client = get_cas_oauth_client() oauth_code = request.GET["code"] # Exchange code for ticket access_token, expiry_date = oauth_client.get_access_token(oauth_code) if not access_token: logger.warn("The Code %s is invalid/expired. Attempting another login." % oauth_code) return o_login_redirect(request) # Exchange token for profile user_profile = oauth_client.get_profile(access_token) if not user_profile or "id" not in user_profile: logger.error( "AccessToken is producing an INVALID profile!" " Check the CAS server and caslib.py for more" " information." ) # NOTE: Make sure this redirects the user OUT of the loop! return login(request) # ASSERT: A valid OAuth token gave us the Users Profile. # Now create an AuthToken and return it username = user_profile["id"] auth_token = create_token(username, access_token, expiry_date, issuer="CAS+OAuth") # Set the username to the user to be emulated # to whom the token also belongs request.session["username"] = username request.session["token"] = auth_token.key return HttpResponseRedirect(settings.REDIRECT_URL + "/application/")
def o_login_redirect(request): oauth_client = get_cas_oauth_client() url = oauth_client.authorize_url() return HttpResponseRedirect(url)