def verify_auth_token(data):
    """
    Verifies a Auth Token in a QueryDict. Returns a
    django.contrib.auth.models.User instance if successful or False.
    """
    if 'auth_token' not in data:
        return False
    if 'request_token' not in data:
        return False
    auth_token = data['auth_token']
    params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(('signature', signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/'
    response = requests.get(url, params=dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if 'signature' not in data:
        return False
    if 'user' not in data:
        return False
    params = [(key, value) for key,value in data.items() if key != 'signature']
    if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET):
        return False
    return load_json_user(data['user'])
Exemple #2
0
def verify_auth_token(data):
    """
    Verifies a Auth Token in a QueryDict. Returns a
    django.contrib.auth.models.User instance if successful or False.
    """
    if 'auth_token' not in data:
        return False
    if 'request_token' not in data:
        return False
    auth_token = data['auth_token']
    params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(('signature', signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/'
    response = requests.get(url, params=dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if 'signature' not in data:
        return False
    if 'user' not in data:
        return False
    params = [(key, value) for key, value in data.items()
              if key != 'signature']
    if not verify_signature(params, data['signature'],
                            settings.SIMPLE_SSO_SECRET):
        return False
    return load_json_user(data['user'])
 def form_valid(self):
     token = self.get_token()
     params = [('request_token', token.request_token)]
     signature = build_signature(params, token.client.secret)
     params.append(('signature', signature))
     data = urllib.urlencode(params)
     return HttpResponse(data)
def verify_auth_token(data):
    """
    Verifies a Auth Token in a QueryDict. Returns a
    django.contrib.auth.models.User instance if successful or False.
    """
    if "auth_token" not in data:
        return False
    if "request_token" not in data:
        return False
    auth_token = data["auth_token"]
    params = [("auth_token", auth_token), ("key", settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(("signature", signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, "verify") + "/"
    response = requests.get(url, dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if "signature" not in data:
        return False
    if "user" not in data:
        return False
    params = [(key, value) for key, value in data.items() if key != "signature"]
    if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET):
        return False
    return load_json_user(data["user"])
 def form_valid(self):
     token = self.get_token()
     params = [('request_token', token.request_token)]
     signature = build_signature(params, token.client.secret)
     params.append(('signature', signature))
     data = urllib.urlencode(params)
     return HttpResponse(data)
 def success(self):
     url = urljoin(self.token.client.root_url, 'authenticate') + '/'
     params = [('request_token', self.token.request_token), ('auth_token', self.token.auth_token)]
     signature = build_signature(params, self.token.client.secret)
     params.append(('signature', signature))
     self.token.user = self.request.user
     self.token.save()
     return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
 def form_valid(self):
     self.token = self.form.cleaned_data['token']
     self.user = self.get_user_json()
     params = [('user', self.user)]
     signature = build_signature(params, self.token.client.secret)
     params.append(('signature', signature))
     data = urllib.urlencode(params)
     self.token.delete()
     return HttpResponse(data)
 def success(self):
     url = urljoin(self.token.client.root_url, 'authenticate') + '/'
     params = [('request_token', self.token.request_token),
               ('auth_token', self.token.auth_token)]
     signature = build_signature(params, self.token.client.secret)
     params.append(('signature', signature))
     self.token.user = self.request.user
     self.token.save()
     return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
 def test_authorize_view_invalid_request_token(self):
     client = Client.objects.create(root_url='/client/')
     data = {
         'key': client.key,
         'request_token': 'x' * 64,
     }
     data['signature'] = build_signature(data.items(), client.secret)
     response = self.client.get(reverse('simple-sso-authorize'), data)
     self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)
 def test_authorize_view_token_timeout(self):
     client = Client.objects.create(root_url="/client/")
     token = Token.objects.create_for_client(client)
     token.created = datetime.datetime.now() - test_server.token_timeout - datetime.timedelta(hours=1)
     token.save()
     data = {"key": client.key, "request_token": token.request_token}
     data["signature"] = build_signature(data.items(), client.secret)
     response = self.client.get(reverse("simple-sso-authorize"), data)
     self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
 def form_valid(self):
     self.token = self.form.cleaned_data['token']
     self.user = self.get_user_json()
     params = [('user', self.user)]
     signature = build_signature(params, self.token.client.secret)
     params.append(('signature', signature))
     data = urllib.urlencode(params)
     self.token.delete()
     return HttpResponse(data)
Exemple #12
0
 def test_authorize_view_invalid_request_token(self):
     client = Client.objects.create(root_url='/client/')
     data = {
         'key': client.key,
         'request_token': 'x' * 64,
     }
     data['signature'] = build_signature(data.items(), client.secret)
     response = self.client.get(reverse('simple-sso-authorize'), data)
     self.assertEqual(response.status_code,
                      HttpResponseBadRequest.status_code)
Exemple #13
0
def request_token(request):
    form = RequestTokenRequestForm(request.GET)
    if form.is_valid():
        token = Token.objects.create_for_client(form.client)
        params = [('request_token', token.request_token)]
        signature = build_signature(params, token.client.secret)
        params.append(('signature', signature))
        data = urllib.urlencode(params)
        return HttpResponse(data)
    else:
        if form.invalid_signature:
            return HttpResponseForbidden()
        return HttpResponseBadRequest()
Exemple #14
0
 def test_authorize_view_token_timeout(self):
     client = Client.objects.create(root_url='/client/')
     token = Token.objects.create_for_client(client)
     token.created = datetime.datetime.now(
     ) - test_server.token_timeout - datetime.timedelta(hours=1)
     token.save()
     data = {
         'key': client.key,
         'request_token': token.request_token,
     }
     data['signature'] = build_signature(data.items(), client.secret)
     response = self.client.get(reverse('simple-sso-authorize'), data)
     self.assertEqual(response.status_code,
                      HttpResponseForbidden.status_code)
Exemple #15
0
def verify(request):
    form = VerificationForm(request.GET)
    if form.is_valid():
        token = form.cleaned_data['token']
        user = get_user_json(token.user, token.client)
        params = [('user', user)]
        signature = build_signature(params, token.client.secret)
        params.append(('signature', signature))
        data = urllib.urlencode(params)
        token.delete()
        return HttpResponse(data)
    else:
        if form.invalid_signature:
            return HttpResponseForbidden()
        return HttpResponseBadRequest()
Exemple #16
0
def login_view(request):
    """
    Login view.
    
    Requests a Request Token and then redirects the User to the the SSO Server.
    """
    next = get_next(request)
    request.session["simple-sso-next"] = next
    request_token = get_request_token()
    if not request_token:
        return HttpResponseBadRequest()
    params = [("request_token", request_token), ("key", settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(("signature", signature))
    query_string = urllib.urlencode(params)
    url = urljoin(settings.SIMPLE_SSO_SERVER, "authorize") + "/"
    return HttpResponseRedirect("%s?%s" % (url, query_string))
Exemple #17
0
def login_view(request):
    """
    Login view.
    
    Requests a Request Token and then redirects the User to the the SSO Server.
    """
    next = get_next(request)
    request.session['simple-sso-next'] = next
    request_token = get_request_token()
    if not request_token:
        return HttpResponseBadRequest()
    params = [('request_token', request_token),
              ('key', settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(('signature', signature))
    query_string = urllib.urlencode(params)
    url = urljoin(settings.SIMPLE_SSO_SERVER, 'authorize') + '/'
    return HttpResponseRedirect('%s?%s' % (url, query_string))
    def test_authorize_view_no_access(self):
        class NoAccessAuthorizeView(AuthorizeView):
            server = test_server

            def has_access(self):
                return False

        client = Client.objects.create(root_url="/client/")
        token = Token.objects.create_for_client(client)
        data = {"key": client.key, "request_token": token.request_token}
        data["signature"] = build_signature(data.items(), client.secret)
        request = RequestFactory().get(reverse("simple-sso-authorize"), data)
        USERNAME = PASSWORD = "******"
        server_user = User.objects.create_user(USERNAME, "*****@*****.**", PASSWORD)
        request.user = server_user
        view = NoAccessAuthorizeView.as_view()
        response = view(request)
        self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
Exemple #19
0
def authorize(request):
    form = AuthorizeForm(request.GET)
    if form.is_valid():
        token = form.cleaned_data['token']
        if request.user.is_authenticated():
            url = urljoin(token.client.root_url, 'authenticate') + '/'
            params = [('request_token', token.request_token), ('auth_token', token.auth_token)]
            signature = build_signature(params, token.client.secret)
            params.append(('signature', signature))
            token.user = request.user
            token.save()
            return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
        else:
            params = urllib.urlencode([('next', '%s?%s' % (request.path, urllib.urlencode(request.GET)))])
            return HttpResponseRedirect('%s?%s' % (reverse('django.contrib.auth.views.login'), params))
    else:
        if form.invalid_signature:
            return HttpResponseForbidden()
        return HttpResponseBadRequest()
Exemple #20
0
def get_request_token():
    """
    Requests a Request Token from the SSO Server. Returns False if the request
    failed.
    """
    params = [("key", settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(("signature", signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, "request-token") + "/"
    response = requests.get(url, dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if "signature" not in data:
        return False
    if "request_token" not in data:
        return False
    params = [(key, value) for key, value in data.items() if key != "signature"]
    if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET):
        return False
    return data["request_token"]
def get_request_token():
    """
    Requests a Request Token from the SSO Server. Returns False if the request
    failed.
    """
    params = [('key', settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(('signature', signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/'
    response = requests.get(url, params=dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if 'signature' not in data:
        return False
    if 'request_token' not in data:
        return False
    params = [(key, value) for key,value in data.items() if key != 'signature']
    if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET):
        return False
    return data['request_token']
Exemple #22
0
def get_request_token():
    """
    Requests a Request Token from the SSO Server. Returns False if the request
    failed.
    """
    params = [('key', settings.SIMPLE_SSO_KEY)]
    signature = build_signature(params, settings.SIMPLE_SSO_SECRET)
    params.append(('signature', signature))
    url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/'
    response = requests.get(url, params=dict(params))
    if response.status_code != 200:
        return False
    data = QueryDict(response.content)
    if 'signature' not in data:
        return False
    if 'request_token' not in data:
        return False
    params = [(key, value) for key, value in data.items()
              if key != 'signature']
    if not verify_signature(params, data['signature'],
                            settings.SIMPLE_SSO_SECRET):
        return False
    return data['request_token']
Exemple #23
0
    def test_authorize_view_no_access(self):
        class NoAccessAuthorizeView(AuthorizeView):
            server = test_server

            def has_access(self):
                return False

        client = Client.objects.create(root_url='/client/')
        token = Token.objects.create_for_client(client)
        data = {
            'key': client.key,
            'request_token': token.request_token,
        }
        data['signature'] = build_signature(data.items(), client.secret)
        request = RequestFactory().get(reverse('simple-sso-authorize'), data)
        USERNAME = PASSWORD = '******'
        server_user = User.objects.create_user(USERNAME, '*****@*****.**',
                                               PASSWORD)
        request.user = server_user
        view = NoAccessAuthorizeView.as_view()
        response = view(request)
        self.assertEqual(response.status_code,
                         HttpResponseForbidden.status_code)
 def test_authorize_view_invalid_request_token(self):
     client = Client.objects.create(root_url="/client/")
     data = {"key": client.key, "request_token": "x" * 64}
     data["signature"] = build_signature(data.items(), client.secret)
     response = self.client.get(reverse("simple-sso-authorize"), data)
     self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)