def test_validate_ticket_fails_with_invalid_ticket(self, MockHTTPSHandler):
MockHTTPSHandler.https_request.return_value = MockRequest()
MockHTTPSHandler.https_open.return_value = MockResponse(
get_data('service_validate_invalid_ticket.xml'))
self.assertFalse(
validate_ticket('ST-001-abc', 'https://cas.domain.net',
'https://service.domain.net'))
def test_validate_ticket_fails_with_invalid_xml_response(self, MockHTTPSHandler):
MockHTTPSHandler.https_request.return_value = MockRequest()
MockHTTPSHandler.https_open.return_value = MockResponse("<resp>invalid</resp>")
self.assertFalse(validate_ticket(
'ST-001-abc',
'https://cas.domain.net',
'https://service.domain.net'))
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler):
MockHTTPSHandler.https_request.return_value = MockRequest()
MockHTTPSHandler.https_open.return_value = MockResponse(
get_data('service_validate_success.xml'))
self.assertEqual(
'james',
validate_ticket('ST-001-abc', 'https://cas.domain.net',
'https://service.domain.net'))
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler):
MockHTTPSHandler.https_request.return_value = MockRequest()
MockHTTPSHandler.https_open.return_value = MockResponse(
get_data('service_validate_success.xml'))
self.assertEqual('james', validate_ticket(
'ST-001-abc',
'https://cas.domain.net',
'https://service.domain.net'))
def reply(self):
data = json_body(self.request)
if 'ticket' not in data:
self.request.response.setStatus(400)
return dict(
error=dict(type='Missing service ticket',
message='Service ticket must be provided in body.'))
if 'service' in data:
service = data['service']
else:
service = service_url(self.request)[:-10], # Strip `/@caslogin`
# Disable CSRF protection
if 'IDisableCSRFProtection' in dir(plone.protect.interfaces):
alsoProvides(self.request,
plone.protect.interfaces.IDisableCSRFProtection)
uf = getToolByName(self.context, 'acl_users')
plugins = uf._getOb('plugins')
authenticators = plugins.listPlugins(IAuthenticationPlugin)
cas_plugin = None
jwt_plugin = None
for id_, authenticator in authenticators:
if authenticator.meta_type == "CAS Authentication Plugin":
cas_plugin = authenticator
elif authenticator.meta_type == "JWT Authentication Plugin":
jwt_plugin = authenticator
if cas_plugin is None or jwt_plugin is None:
self.request.response.setStatus(501)
return dict(error=dict(
type='Login failed',
message='CAS/JWT authentication plugin not installed.'))
userid = validate_ticket(
data['ticket'],
cas_plugin.cas_server_url,
service,
)
user = uf.getUserById(userid)
if not user:
return dict(error=dict(
type='Login failed',
message='User with userid {} not found.'.format(userid)))
cas_plugin.handle_login(userid)
payload = {'fullname': user.getProperty('fullname')}
return {'token': jwt_plugin.create_token(userid, data=payload)}
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler):
MockHTTPSHandler.https_request.return_value = MockRequest()
MockHTTPSHandler.https_open.return_value = MockResponse(
get_data('service_validate_success.xml'))
user_id, attrs = validate_ticket('ST-001-abc',
'https://cas.domain.net',
'https://service.domain.net')
self.assertEqual(user_id, 'james', 'Wrong validated user ID')
self.assertEqual(
attrs, {
'authenticationDate': '2014-08-12T19:28:07Z',
'longTermAuthenticationRequestTokenUsed': 'false',
'isFromNewLogin': '******',
'email': '*****@*****.**',
'fullname': 'James Bond'
}, 'Wrong validated user attributes')
def authenticateCredentials(self, credentials):
# Ignore credentials that are not from our extractor
extractor = credentials.get('extractor')
if extractor != self.getId():
return None
userid = validate_ticket(
credentials['ticket'],
self.cas_server_url,
credentials['service_url'],
)
if not userid:
return None
result = self.login_user(userid)
if not result:
return None
return userid, userid
def authenticateCredentials(self, credentials):
# Ignore credentials that are not from our extractor
extractor = credentials.get('extractor')
if extractor != self.getId():
return None
userid = validate_ticket(
credentials['ticket'],
self.cas_server_url,
credentials['service_url'],
)
if not userid:
return None
result = self.login_user(userid)
if not result:
return None
return userid, userid
def authenticateCredentials(self, credentials):
# Ignore credentials that are not from our extractor
extractor = credentials.get('extractor')
if extractor != self.getId():
return None
userid = validate_ticket(
credentials['ticket'],
self.cas_server_url,
credentials['service_url'],
)
if not userid:
return None
pas = self._getPAS()
info = pas._verifyUser(pas.plugins, user_id=userid)
if info is None:
return None
pas.updateCredentials(self.REQUEST, self.REQUEST.RESPONSE, userid, '')
return userid, userid
def authenticateCredentials(self, credentials):
# Ignore credentials that are not from our extractor
extractor = credentials.get('extractor')
if extractor != self.getId():
return None
userid = validate_ticket(
credentials['ticket'],
self.cas_server_url,
credentials['service_url'],
)
if not userid:
return None
pas = self._getPAS()
info = pas._verifyUser(pas.plugins, user_id=userid)
if info is None:
return None
pas.updateCredentials(self.REQUEST, self.REQUEST.RESPONSE, userid, '')
return userid, userid
