def logout(request, next_page=None): """Redirects to CAS logout page""" # try to find the ticket matching current session for logout signal try: st = SessionTicket.objects.get(session_key=request.session.session_key) ticket = st.ticket except SessionTicket.DoesNotExist: ticket = None # send logout signal cas_user_logout.send( sender="manual", user=request.user, session=request.session, ticket=ticket, ) auth_logout(request) # clean current session ProxyGrantingTicket and SessionTicket ProxyGrantingTicket.objects.filter(session_key=request.session.session_key).delete() SessionTicket.objects.filter(session_key=request.session.session_key).delete() next_page = next_page or get_redirect_url(request) if settings.CAS_LOGOUT_COMPLETELY: protocol = get_protocol(request) host = request.get_host() redirect_url = urllib_parse.urlunparse( (protocol, host, next_page, '', '', ''), ) client = get_cas_client(request=request) return HttpResponseRedirect(settings.CLIENT_HOST) else: # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return render(request, 'index.html')
def test_redirect_url_with_url_as_get_parameter(): factory = RequestFactory() request = factory.get('/login/', data={'next': '/landing-page/'}) actual = get_redirect_url(request) expected = '/landing-page/' assert actual == expected
def test_redirect_url_strips_domain_prefix(settings): settings.CAS_IGNORE_REFERER = True settings.CAS_REDIRECT_URL = 'http://testserver/landing-page/' factory = RequestFactory() request = factory.get('/login/') actual = get_redirect_url(request) expected = '/landing-page/' assert actual == expected
def test_params_redirect_url_preceeds_settings_redirect_url(settings): settings.CAS_IGNORE_REFERER = True settings.CAS_REDIRECT_URL = '/landing-page/' factory = RequestFactory() request = factory.get('/login/', data={'next': '/override/'}) actual = get_redirect_url(request) expected = '/override/' assert actual == expected
def test_redirect_url_named_pattern(settings): settings.CAS_IGNORE_REFERER = False settings.CAS_REDIRECT_URL = 'home' factory = RequestFactory() request = factory.get('/login/') actual = get_redirect_url(request) expected = '/' assert actual == expected
def test_redirect_url_falls_back_to_http_referrer(settings): settings.CAS_IGNORE_REFERER = False settings.CAS_REDIRECT_URL = '/wrong-landing-page/' factory = RequestFactory() request = factory.get('/login/', HTTP_REFERER='/landing-page/') actual = get_redirect_url(request) expected = '/landing-page/' assert actual == expected
def test_redirect_url_named_pattern_without_referrer(settings): settings.CAS_IGNORE_REFERER = True settings.CAS_REDIRECT_URL = 'home' factory = RequestFactory() request = factory.get('/login/', HTTP_REFERER='/landing-page/') actual = get_redirect_url(request) expected = '/' assert actual == expected
def test_redirect_url_falls_back_to_cas_redirect_url_setting(settings): settings.CAS_IGNORE_REFERER = True settings.CAS_REDIRECT_URL = '/landing-page/' factory = RequestFactory() request = factory.get('/login/') actual = get_redirect_url(request) expected = '/landing-page/' assert actual == expected
def test_redirect_url_next_no_named_pattern(settings): settings.CAS_IGNORE_REFERER = False settings.CAS_REDIRECT_URL = '/wrong-landing-page/' factory = RequestFactory() request = factory.get('/login/', data={'next': 'home'}) actual = get_redirect_url(request) expected = 'home' assert actual == expected
def get(self, request): """ Redirects to CAS logout page :param request: :return: """ next_page = request.GET.get('next') token = request.GET.get('token') session_key = request.GET.get('session_key') print('token: {} session_key: {}'.format(token, session_key)) # try to find the ticket matching current session for logout signal try: st = SessionTicket.objects.get(session_key=session_key) ticket = st.ticket except SessionTicket.DoesNotExist: ticket = None # send logout signal # print('request.COOKIES: {}'.format(request.COOKIES)) # print('request.session: {}'.format(request.session)) logger.info('request.user: {}'.format(request.user)) logger.info('logout ticket: {}'.format(ticket)) logger.info('Start cas logout.') cas_user_logout.send( sender="manual", user=request.user, session=request.session, ticket=ticket, ) logger.info('Start sys logout.') auth_logout(request) # clean current session ProxyGrantingTicket and SessionTicket ProxyGrantingTicket.objects.filter(session_key=session_key).delete() SessionTicket.objects.filter(session_key=session_key).delete() Token.objects.filter(key=token).delete() next_page = next_page or get_redirect_url(request) logger.info('Logout next_page: {}'.format(next_page)) if settings.CAS_LOGOUT_COMPLETELY: protocol = get_protocol(request) host = request.get_host() redirect_url = urllib_parse.urlunparse( (protocol, host, next_page, '', '', ''), ) logger.info('Logout redirect_url: {}'.format(redirect_url)) client = get_cas_client(request=request) # logger.info('Logout client.get_logout_url(redirect_url): {}'.format(client.get_logout_url(redirect_url))) return HttpResponseRedirect(client.get_logout_url(next_page)) else: # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return HttpResponseRedirect(next_page)
def _setup_view(request, next_page): ''' Common logic to set up these views: make sure Django auth is done and check our conditions. ''' if not next_page and 'next' in request.GET: next_page = request.GET['next'] if not next_page: next_page = get_redirect_url(request) if not request.maybe_stale_user.is_authenticated: # Not authenticated at all. Force standard-Django auth. return next_page, False, False good_auth, good_2fa = request.session_info.okay_auth(request, request.maybe_stale_user) return next_page, good_auth, good_2fa
def get(self, request): """ Redirects to CAS logout page :param request: :return: """ next_page = clean_next_page(request, request.GET.get('next')) # try to find the ticket matching current session for logout signal try: st = SessionTicket.objects.get( session_key=request.session.session_key) ticket = st.ticket except SessionTicket.DoesNotExist: ticket = None # send logout signal cas_user_logout.send( sender="manual", user=request.user, session=request.session, ticket=ticket, ) auth_logout(request) # clean current session ProxyGrantingTicket and SessionTicket ProxyGrantingTicket.objects.filter( session_key=request.session.session_key).delete() SessionTicket.objects.filter( session_key=request.session.session_key).delete() next_page = next_page or get_redirect_url(request) if settings.CAS_LOGOUT_COMPLETELY: protocol = get_protocol(request) host = request.get_host() redirect_url = SERVICE_URL client = get_cas_client(request=request) return HttpResponseRedirect(client.get_logout_url(redirect_url)) else: # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return HttpResponseRedirect(next_page)
def brcas_token(request): service_url = get_service_url(request) redirect_url = get_redirect_url(request) client = get_cas_client(service_url=service_url, request=request) ticket = request.GET.get('ticket') if ticket: user = django.contrib.auth.authenticate( ticket=ticket, service="https://api.x-passion.binets.fr/api-brcas-token-auth/", request=request) if user is not None: jwt_payload_handler = rest_framework_jwt.settings.api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = rest_framework_jwt.settings.api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return render(request, "storer.html", context={ "token": token, "redirect_url": redirect_url }) raise PermissionDenied('BR CAS login failed.')
def get(self, request: HttpRequest) -> HttpResponse: next_page = settings.SUCCESS_SSO_AUTH_REDIRECT try: del request.session['token'] except KeyError: pass # try to find the ticket matching current session for logout signal try: st = SessionTicket.objects.get( session_key=request.session.session_key) ticket = st.ticket except SessionTicket.DoesNotExist: ticket = None # send logout signal cas_user_logout.send( sender="manual", user=request.user, session=request.session, ticket=ticket, ) # clean current session ProxyGrantingTicket and SessionTicket ProxyGrantingTicket.objects.filter( session_key=request.session.session_key).delete() SessionTicket.objects.filter( session_key=request.session.session_key).delete() auth_logout(request) next_page = next_page or get_redirect_url(request) if settings.CAS_LOGOUT_COMPLETELY: client = get_cas_client(request=request) return HttpResponseRedirect(client.get_logout_url(next_page)) # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return HttpResponseRedirect(next_page)
def logout(request, next_page=None, **kwargs): backend = request.session.get("_auth_user_backend", "").split(".")[-1] if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend": cas_logout(request, next_page, **kwargs) next_page = next_page or get_redirect_url(request) if settings.CAS_LOGOUT_COMPLETELY: protocol = get_protocol(request) host = request.get_host() redirect_url = urllib_parse.urlunparse( (protocol, host, next_page, "", "", "") ) client = get_cas_client() client.server_url = settings.CAS_SERVER_URL[:-3] return HttpResponseRedirect(client.get_logout_url(redirect_url)) else: # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return HttpResponseRedirect(next_page) else: next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login" return auth_logout_view(request, next_page=next_page, **kwargs)
def login(request, next_page=None, required=False): """Forwards to CAS login URL or verifies CAS ticket""" service_url = get_service_url(request, next_page) client = get_cas_client(service_url=service_url, request=request) if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session: next_page = request.session['CASNEXT'] del request.session['CASNEXT'] if not next_page: next_page = get_redirect_url(request) if request.method == 'POST' and request.POST.get('logoutRequest'): clean_sessions(client, request) return HttpResponseRedirect(next_page) # backward compability for django < 2.0 is_user_authenticated = False if sys.version_info >= (3, 0): bool_type = bool else: bool_type = types.BooleanType if isinstance(request.user.is_authenticated, bool_type): is_user_authenticated = request.user.is_authenticated else: is_user_authenticated = request.user.is_authenticated() if is_user_authenticated: if settings.CAS_LOGGED_MSG is not None: message = settings.CAS_LOGGED_MSG % request.user.get_username() user = request.user payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) user_profile = UserProfile.objects.get(user=user) profile_id = user_profile.id name = user_profile.name npm = user_profile.npm email = user_profile.email role = user_profile.role.role_name angkatan = user_profile.angkatan.name data = {'user_id': user.id, 'user': user.username, 'token': token, 'profile_id': profile_id, 'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan} return render(request, 'index.html') ticket = request.GET.get('ticket') if ticket: user = authenticate(ticket=ticket, service=service_url, request=request) pgtiou = request.session.get("pgtiou") if user is not None: if not request.session.exists(request.session.session_key): request.session.create() auth_login(request, user) SessionTicket.objects.create( session_key=request.session.session_key, ticket=ticket ) if pgtiou and settings.CAS_PROXY_CALLBACK: # Delete old PGT ProxyGrantingTicket.objects.filter( user=user, session_key=request.session.session_key ).delete() # Set new PGT ticket try: pgt = ProxyGrantingTicket.objects.get(pgtiou=pgtiou) pgt.user = user pgt.session_key = request.session.session_key pgt.save() except ProxyGrantingTicket.DoesNotExist: pass if settings.CAS_LOGIN_MSG is not None: name = user.get_username() message = settings.CAS_LOGIN_MSG % name messages.success(request, message) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) user_profile = UserProfile.objects.get(user=user) profile_id = user_profile.id name = user_profile.name npm = user_profile.npm email = user_profile.email role = user_profile.role.role_name angkatan = user_profile.angkatan.name data = {'user_id': user.id, 'user': user.username, 'token': token, 'profile_id': profile_id, 'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan} return render(request, 'index.html', data) elif settings.CAS_RETRY_LOGIN or required: return HttpResponseRedirect(client.get_login_url()) else: raise PermissionDenied(_('Login failed.')) else: if settings.CAS_STORE_NEXT: request.session['CASNEXT'] = next_page return HttpResponseRedirect(client.get_login_url())
def get(self, request): """ Forwards to CAS login URL or verifies CAS ticket :param request: :return: """ next_page = request.GET.get('next') required = request.GET.get('required', False) service_url = get_service_url(request, next_page) # logger.info('service_url: {}'.format(service_url)) client = get_cas_client(service_url=service_url, request=request) if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session: next_page = request.session['CASNEXT'] del request.session['CASNEXT'] if not next_page: next_page = get_redirect_url(request) if request.user.is_authenticated: if settings.CAS_LOGGED_MSG is not None: message = settings.CAS_LOGGED_MSG % request.user.get_username() messages.success(request, message) logger.info('user is authenticated') user = request.user Token.objects.update_or_create(user=user) return self.successful_login(request=request, next_page=next_page) ticket = request.GET.get('ticket') logger.info('Login ticket: {}'.format(ticket)) if ticket: user = authenticate(ticket=ticket, service=service_url, request=request) logger.info('ticket user: {}'.format(user)) # print('user:'******'Login failed.')) else: if settings.CAS_STORE_NEXT: request.session['CASNEXT'] = next_page return HttpResponseRedirect(client.get_login_url())