def test_parse_logout_request(self): cas_client = CASClient('https://dummy.url') parsed_message = cas_client.parse_logout_request(self.slo_text) self.assertEqual( parsed_message, { 'ID': '[RANDOM ID]', 'IssueInstant': '[CURRENT DATE/TIME]', 'Version': '2.0', 'session_index': '[SESSION IDENTIFIER]', 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', })
def test_parse_logout_request_2(self): cas_client = CASClient('https://dummy.url') parsed_message = cas_client.parse_logout_request(self.slo_text_2) self.assertEqual( parsed_message, { 'ID': '935a2d0c-4026-481e-be3d-20a1b2cdd553', 'IssueInstant': '2016-04-08 00:40:55 +0000', 'Version': '2.0', 'session_index': 'ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH', 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', })
def test_parse_logout_request_2(self): cas_client = CASClient("dummy.url") parsed_message = cas_client.parse_logout_request(self.slo_text_2) self.assertEqual( parsed_message, { "ID": "935a2d0c-4026-481e-be3d-20a1b2cdd553", "IssueInstant": "2016-04-08 00:40:55 +0000", "Version": "2.0", "session_index": "ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH", "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion", "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", }, )
def test_parse_logout_request(self): cas_client = CASClient("dummy.url") parsed_message = cas_client.parse_logout_request(self.slo_text) self.assertEqual( parsed_message, { "ID": "[RANDOM ID]", "IssueInstant": "[CURRENT DATE/TIME]", "Version": "2.0", "session_index": "[SESSION IDENTIFIER]", "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion", "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", }, )
def cas(): """Handles the login page, logging a user in on correct authentication.""" #CAS client init cas_client = CASClient(app.config['CAS_SERVER_URL'], app.config['CAS_SERVICE_URL'], verify_certificates=True) #SLO if request.method == 'POST' and session.get( 'cas_ticket') is not None and 'logoutRequest' in request.form: #check the verify the ticket to prevent cross orign attacks message = cas_client.parse_logout_request( request.form.get('logoutRequest')) if message.get('session_index', None) == session.get('cas_ticket'): cortex.lib.user.clear_session() return ('', 200) abort(400) # If the user is already logged in, just redirect them to their dashboard if cortex.lib.user.is_logged_in(): return redirect(url_for('dashboard')) ticket = request.args.get('ticket', None) if ticket is not None: try: cas_response = cas_client.perform_service_validate(ticket=ticket) except Exception: return root() if cas_response and cas_response.success: try: # keep the ticket for SLO session['cas_ticket'] = ticket return cortex.lib.user.logon_ok( cas_response.attributes.get('uid')) except KeyError: # required user attributes not returned flash( "CAS SSO authentication successful but missing required information consider using LDAP authentication", 'alert-warning') return root() return redirect(cas_client.get_login_url())