def verify_auth_token(data): """ Verifies a Auth Token in a QueryDict. Returns a django.contrib.auth.models.User instance if successful or False. """ if 'auth_token' not in data: return False if 'request_token' not in data: return False auth_token = data['auth_token'] params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(('signature', signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/' response = requests.get(url, params=dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if 'signature' not in data: return False if 'user' not in data: return False params = [(key, value) for key,value in data.items() if key != 'signature'] if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET): return False return load_json_user(data['user'])
def verify_auth_token(data): """ Verifies a Auth Token in a QueryDict. Returns a django.contrib.auth.models.User instance if successful or False. """ if 'auth_token' not in data: return False if 'request_token' not in data: return False auth_token = data['auth_token'] params = [('auth_token', auth_token), ('key', settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(('signature', signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, 'verify') + '/' response = requests.get(url, params=dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if 'signature' not in data: return False if 'user' not in data: return False params = [(key, value) for key, value in data.items() if key != 'signature'] if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET): return False return load_json_user(data['user'])
def form_valid(self): token = self.get_token() params = [('request_token', token.request_token)] signature = build_signature(params, token.client.secret) params.append(('signature', signature)) data = urllib.urlencode(params) return HttpResponse(data)
def verify_auth_token(data): """ Verifies a Auth Token in a QueryDict. Returns a django.contrib.auth.models.User instance if successful or False. """ if "auth_token" not in data: return False if "request_token" not in data: return False auth_token = data["auth_token"] params = [("auth_token", auth_token), ("key", settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(("signature", signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, "verify") + "/" response = requests.get(url, dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if "signature" not in data: return False if "user" not in data: return False params = [(key, value) for key, value in data.items() if key != "signature"] if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET): return False return load_json_user(data["user"])
def success(self): url = urljoin(self.token.client.root_url, 'authenticate') + '/' params = [('request_token', self.token.request_token), ('auth_token', self.token.auth_token)] signature = build_signature(params, self.token.client.secret) params.append(('signature', signature)) self.token.user = self.request.user self.token.save() return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params)))
def form_valid(self): self.token = self.form.cleaned_data['token'] self.user = self.get_user_json() params = [('user', self.user)] signature = build_signature(params, self.token.client.secret) params.append(('signature', signature)) data = urllib.urlencode(params) self.token.delete() return HttpResponse(data)
def test_authorize_view_invalid_request_token(self): client = Client.objects.create(root_url='/client/') data = { 'key': client.key, 'request_token': 'x' * 64, } data['signature'] = build_signature(data.items(), client.secret) response = self.client.get(reverse('simple-sso-authorize'), data) self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)
def test_authorize_view_token_timeout(self): client = Client.objects.create(root_url="/client/") token = Token.objects.create_for_client(client) token.created = datetime.datetime.now() - test_server.token_timeout - datetime.timedelta(hours=1) token.save() data = {"key": client.key, "request_token": token.request_token} data["signature"] = build_signature(data.items(), client.secret) response = self.client.get(reverse("simple-sso-authorize"), data) self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def request_token(request): form = RequestTokenRequestForm(request.GET) if form.is_valid(): token = Token.objects.create_for_client(form.client) params = [('request_token', token.request_token)] signature = build_signature(params, token.client.secret) params.append(('signature', signature)) data = urllib.urlencode(params) return HttpResponse(data) else: if form.invalid_signature: return HttpResponseForbidden() return HttpResponseBadRequest()
def test_authorize_view_token_timeout(self): client = Client.objects.create(root_url='/client/') token = Token.objects.create_for_client(client) token.created = datetime.datetime.now( ) - test_server.token_timeout - datetime.timedelta(hours=1) token.save() data = { 'key': client.key, 'request_token': token.request_token, } data['signature'] = build_signature(data.items(), client.secret) response = self.client.get(reverse('simple-sso-authorize'), data) self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def verify(request): form = VerificationForm(request.GET) if form.is_valid(): token = form.cleaned_data['token'] user = get_user_json(token.user, token.client) params = [('user', user)] signature = build_signature(params, token.client.secret) params.append(('signature', signature)) data = urllib.urlencode(params) token.delete() return HttpResponse(data) else: if form.invalid_signature: return HttpResponseForbidden() return HttpResponseBadRequest()
def login_view(request): """ Login view. Requests a Request Token and then redirects the User to the the SSO Server. """ next = get_next(request) request.session["simple-sso-next"] = next request_token = get_request_token() if not request_token: return HttpResponseBadRequest() params = [("request_token", request_token), ("key", settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(("signature", signature)) query_string = urllib.urlencode(params) url = urljoin(settings.SIMPLE_SSO_SERVER, "authorize") + "/" return HttpResponseRedirect("%s?%s" % (url, query_string))
def login_view(request): """ Login view. Requests a Request Token and then redirects the User to the the SSO Server. """ next = get_next(request) request.session['simple-sso-next'] = next request_token = get_request_token() if not request_token: return HttpResponseBadRequest() params = [('request_token', request_token), ('key', settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(('signature', signature)) query_string = urllib.urlencode(params) url = urljoin(settings.SIMPLE_SSO_SERVER, 'authorize') + '/' return HttpResponseRedirect('%s?%s' % (url, query_string))
def test_authorize_view_no_access(self): class NoAccessAuthorizeView(AuthorizeView): server = test_server def has_access(self): return False client = Client.objects.create(root_url="/client/") token = Token.objects.create_for_client(client) data = {"key": client.key, "request_token": token.request_token} data["signature"] = build_signature(data.items(), client.secret) request = RequestFactory().get(reverse("simple-sso-authorize"), data) USERNAME = PASSWORD = "******" server_user = User.objects.create_user(USERNAME, "*****@*****.**", PASSWORD) request.user = server_user view = NoAccessAuthorizeView.as_view() response = view(request) self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def authorize(request): form = AuthorizeForm(request.GET) if form.is_valid(): token = form.cleaned_data['token'] if request.user.is_authenticated(): url = urljoin(token.client.root_url, 'authenticate') + '/' params = [('request_token', token.request_token), ('auth_token', token.auth_token)] signature = build_signature(params, token.client.secret) params.append(('signature', signature)) token.user = request.user token.save() return HttpResponseRedirect('%s?%s' % (url, urllib.urlencode(params))) else: params = urllib.urlencode([('next', '%s?%s' % (request.path, urllib.urlencode(request.GET)))]) return HttpResponseRedirect('%s?%s' % (reverse('django.contrib.auth.views.login'), params)) else: if form.invalid_signature: return HttpResponseForbidden() return HttpResponseBadRequest()
def get_request_token(): """ Requests a Request Token from the SSO Server. Returns False if the request failed. """ params = [("key", settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(("signature", signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, "request-token") + "/" response = requests.get(url, dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if "signature" not in data: return False if "request_token" not in data: return False params = [(key, value) for key, value in data.items() if key != "signature"] if not verify_signature(params, data["signature"], settings.SIMPLE_SSO_SECRET): return False return data["request_token"]
def get_request_token(): """ Requests a Request Token from the SSO Server. Returns False if the request failed. """ params = [('key', settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(('signature', signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/' response = requests.get(url, params=dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if 'signature' not in data: return False if 'request_token' not in data: return False params = [(key, value) for key,value in data.items() if key != 'signature'] if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET): return False return data['request_token']
def get_request_token(): """ Requests a Request Token from the SSO Server. Returns False if the request failed. """ params = [('key', settings.SIMPLE_SSO_KEY)] signature = build_signature(params, settings.SIMPLE_SSO_SECRET) params.append(('signature', signature)) url = urljoin(settings.SIMPLE_SSO_SERVER, 'request-token') + '/' response = requests.get(url, params=dict(params)) if response.status_code != 200: return False data = QueryDict(response.content) if 'signature' not in data: return False if 'request_token' not in data: return False params = [(key, value) for key, value in data.items() if key != 'signature'] if not verify_signature(params, data['signature'], settings.SIMPLE_SSO_SECRET): return False return data['request_token']
def test_authorize_view_no_access(self): class NoAccessAuthorizeView(AuthorizeView): server = test_server def has_access(self): return False client = Client.objects.create(root_url='/client/') token = Token.objects.create_for_client(client) data = { 'key': client.key, 'request_token': token.request_token, } data['signature'] = build_signature(data.items(), client.secret) request = RequestFactory().get(reverse('simple-sso-authorize'), data) USERNAME = PASSWORD = '******' server_user = User.objects.create_user(USERNAME, '*****@*****.**', PASSWORD) request.user = server_user view = NoAccessAuthorizeView.as_view() response = view(request) self.assertEqual(response.status_code, HttpResponseForbidden.status_code)
def test_authorize_view_invalid_request_token(self): client = Client.objects.create(root_url="/client/") data = {"key": client.key, "request_token": "x" * 64} data["signature"] = build_signature(data.items(), client.secret) response = self.client.get(reverse("simple-sso-authorize"), data) self.assertEqual(response.status_code, HttpResponseBadRequest.status_code)