Esempio n. 1
0
 def test_perform_service_validate_separate_url(self):
     cas_client = CASClient('https://dummy.url',
                            validate_url='https://validate.url')
     assert not cas_client.headers
     with mock.patch('cas_client.CASClient._perform_get') as m:
         m.return_value = self.response_text
         response = cas_client.perform_service_validate(
             ticket='FOO',
             service_url='BAR',
         )
         m.assert_called_once_with(
             'https://validate.url/cas/serviceValidate?ticket=FOO&service=BAR',
             headers=None)
     self.assertTrue(response.success)
     self.assertEqual(
         response.attributes, {
             u'i2a2characteristics': u'0,3592,2000',
             u'puid': u'0012345678',
             u'firstname': u'Jeffrey A',
             u'lastname': u'Ott',
             u'fullname': u'Jeffrey A Ott',
             u'email': u'*****@*****.**',
         })
     self.assertEqual(response.response_type, 'authenticationSuccess')
     self.assertEqual(response.user, 'jott')
Esempio n. 2
0
 def test_get_destroy_other_sessions_url(self):
     cas_client = CASClient('https://dummy.url')
     service_url = 'https://app.url'
     url = cas_client.get_destroy_other_sessions_url(
         service_url=service_url)
     self.assertEqual(
         url,
         'https://dummy.url/cas/destroy-other-sessions?service=https://app.url'
     )
Esempio n. 3
0
class CASAuthProvider(AuthProvider):
    """Provides authentication using CAS

    The type name to instantiate this provider is *cas*.
    """
    def __init__(self, *args, **kwargs):
        super(CASAuthProvider, self).__init__(*args, **kwargs)
        self.settings.setdefault('callback_uri',
                                 '/cas_auth/{}'.format(self.name))
        if not self.settings.get('cas_url_base'):
            raise MultipassException(
                "`cas_url_base` must be specified in the provider settings")
        self.cas_client = CASClient(self.settings['cas_url_base'],
                                    auth_prefix='')
        self.cas_endpoint = '_flaskmultipass_cas_' + self.name
        current_app.add_url_rule(self.settings['callback_uri'],
                                 self.cas_endpoint,
                                 self._authorize_callback,
                                 methods=('GET', 'POST'))

    @property
    def cas_callback_url(self):
        return request.url_root + self.settings['callback_uri']

    def initiate_external_login(self):
        cas_login_url = self.cas_client.get_login_url(
            service_url=self.cas_callback_url)
        return redirect(cas_login_url)

    def process_logout(self, return_url):
        cas_logout_url = self.cas_client.get_logout_url(
            service_url=self.cas_callback_url)
        return redirect(cas_logout_url)

    def _make_auth_info(self, resp):
        return AuthInfo(self, token=resp[self.settings['token_field']])

    @login_view
    def _authorize_callback(self):
        ticket = request.args.get('ticket')

        if not ticket:
            raise AuthenticationFailed('ticket is not provided')

        cas_response = self.cas_client.perform_service_validate(
            ticket=ticket,
            service_url=self.cas_callback_url,
        )

        if cas_response and cas_response.success:
            auth_info = cas_response.attributes
            auth_info['_username'] = cas_response.user
            return self.multipass.handle_auth_success(
                AuthInfo(self, **auth_info))

        raise AuthenticationFailed("CAS result: Access denied")
Esempio n. 4
0
 def test_parse_logout_request(self):
     cas_client = CASClient('https://dummy.url')
     parsed_message = cas_client.parse_logout_request(self.slo_text)
     self.assertEqual(
         parsed_message, {
             'ID': '[RANDOM ID]',
             'IssueInstant': '[CURRENT DATE/TIME]',
             'Version': '2.0',
             'session_index': '[SESSION IDENTIFIER]',
             'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
             'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
         })
Esempio n. 5
0
 def test_parse_logout_request_2(self):
     cas_client = CASClient('https://dummy.url')
     parsed_message = cas_client.parse_logout_request(self.slo_text_2)
     self.assertEqual(
         parsed_message, {
             'ID': '935a2d0c-4026-481e-be3d-20a1b2cdd553',
             'IssueInstant': '2016-04-08 00:40:55 +0000',
             'Version': '2.0',
             'session_index':
             'ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH',
             'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
             'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
         })
Esempio n. 6
0
    def get(self, request, *args):
        # 统一身份认证登录
        ticket = request.GET.get('ticket')
        cas_url = 'https://passport.ustc.edu.cn'
        app_login_url = 'http://home.ustc.edu.cn/~via'
        cas_client = CASClient(cas_url, auth_prefix='')
        if ticket:
            try:
                cas_response = cas_client.perform_service_validate(
                    ticket=ticket,
                    service_url=app_login_url,
                )
            except Exception:
                # CAS server is currently broken, try again later.
                return Response('CAS server is currently broken, try again later.', status.HTTP_503_SERVICE_UNAVAILABLE)
            if cas_response and cas_response.success:
                student_id = cas_response.user
                try:
                    user = User.objects.get(student_id=student_id)
                    # request.session['username'] = user.username
                    # request.session['userid'] = user.id
                    # request.session['isadmin'] = user.is_superuser
                    login(request, user)
                except:
                    gid = cas_response.data.get('attributes', {}).get('gid')
                    username = str(gid)
                    
                    while True:
                        try:
                            user = {'username':username, 'student_id':student_id, 'password':student_id}
                            serializer = UserSerializer(data=user)
                            serializer.is_valid(True)
                            serializer.save()
                            user = User.objects.get(student_id=student_id)
                            # request.session['username'] = user.username
                            # request.session['userid'] = user.id
                            # request.session['isadmin'] = user.is_superuser
                            login(request, user)
                            break
                        except Exception:
                            # import sys
                            # exc_type, exc_obj, exc_tb = sys.exc_info()
                            # print(f"{exc_type.__name__}: {exc_obj}")
                            username = "".join(random.choices('0123456789abcdefghijklmnopqrstuvwxyz@.+-_', k=10))

                # rep = Response('OK', status.HTTP_200_OK)        # 更换为 rep = redirect('home')
                rep = redirect('http://202.38.75.113/')
                rep.set_cookie('userid', user.id)
                return rep
        cas_login_url = cas_client.get_login_url(service_url=app_login_url)
        return redirect(cas_login_url)
Esempio n. 7
0
    def test_acquire_auth_token_ticket_headers_init(self):
        class MockResponse(object):
            text = '{"ticket": "FOO"}'

        cas_client = CASClient('https://dummy.url', headers={'baz': 'quux'})
        assert cas_client.headers == {'baz': 'quux'}
        with mock.patch('requests.post') as m:
            m.return_value = MockResponse()
            cas_client.acquire_auth_token_ticket()
        m.assert_called_with(
            'https://dummy.url/cas/api/auth_token_tickets',
            headers={'baz': 'quux'},
            verify=False,
        )
Esempio n. 8
0
 def test_parse_logout_request(self):
     cas_client = CASClient("dummy.url")
     parsed_message = cas_client.parse_logout_request(self.slo_text)
     self.assertEqual(
         parsed_message,
         {
             "ID": "[RANDOM ID]",
             "IssueInstant": "[CURRENT DATE/TIME]",
             "Version": "2.0",
             "session_index": "[SESSION IDENTIFIER]",
             "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
             "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
         },
     )
Esempio n. 9
0
 def __init__(self, *args, **kwargs):
     super(CASAuthProvider, self).__init__(*args, **kwargs)
     self.settings.setdefault('callback_uri',
                              '/cas_auth/{}'.format(self.name))
     if not self.settings.get('cas_url_base'):
         raise MultipassException(
             "`cas_url_base` must be specified in the provider settings")
     self.cas_client = CASClient(self.settings['cas_url_base'],
                                 auth_prefix='')
     self.cas_endpoint = '_flaskmultipass_cas_' + self.name
     current_app.add_url_rule(self.settings['callback_uri'],
                              self.cas_endpoint,
                              self._authorize_callback,
                              methods=('GET', 'POST'))
Esempio n. 10
0
 def test_parse_logout_request_2(self):
     cas_client = CASClient("dummy.url")
     parsed_message = cas_client.parse_logout_request(self.slo_text_2)
     self.assertEqual(
         parsed_message,
         {
             "ID": "935a2d0c-4026-481e-be3d-20a1b2cdd553",
             "IssueInstant": "2016-04-08 00:40:55 +0000",
             "Version": "2.0",
             "session_index": "ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH",
             "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion",
             "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
         },
     )
Esempio n. 11
0
File: user.py Progetto: jrdan/cortex
def logout():
	"""Logs a user out"""

	#CAS client init
	cas_client = CASClient(app.config['CAS_SERVER_URL'], app.config['CAS_SERVICE_URL'], verify_certificates=True)

	# destroy the session
	cas_ticket = session.get('cas_ticket', None)
	cortex.lib.user.clear_session()

	if cas_ticket is not None:
		# Tell cas about the logout
		return redirect(cas_client.get_logout_url())
	else:
		return login()
Esempio n. 12
0
    def test_acquire_auth_token_ticket_no_headers(self):
        class MockResponse(object):
            text = '{"ticket": "FOO"}'

        cas_client = CASClient('https://dummy.url')
        assert not cas_client.headers
        with mock.patch('requests.post') as m:
            m.return_value = MockResponse()
            cas_client.acquire_auth_token_ticket()
        m.assert_called_with(
            'https://dummy.url/cas/api/auth_token_tickets',
            data=None,
            headers=None,
            verify=False,
        )
Esempio n. 13
0
 def test_get_auth_token_logic_url(self):
     cas_client = CASClient("dummy.url")
     auth_token_ticket = "AT-1234"
     authenticator = "my_company_ldap"
     username = "******"
     service_url = "example.com"
     private_key_filepath = "test_private_key.pem"
     with open(private_key_filepath, "r") as file_pointer:
         private_key = file_pointer.read()
     cas_client.get_auth_token_login_url(
         auth_token_ticket=auth_token_ticket,
         authenticator=authenticator,
         private_key=private_key,
         service_url=service_url,
         username=username,
     )
Esempio n. 14
0
    def test_perform_service_validate_headers_init(self):
        class MockResponse(object):
            text = self.response_text

        cas_client = CASClient('https://dummy.url', headers={'baz': 'quux'})
        assert cas_client.headers == {'baz': 'quux'}
        with mock.patch('requests.get') as m:
            m.return_value = MockResponse()
            cas_client.perform_service_validate(
                ticket='FOO',
                service_url='BAR',
            )
        m.assert_called_with(
            'https://dummy.url/cas/serviceValidate?ticket=FOO&service=BAR',
            headers={'baz': 'quux'},
            verify=False,
        )
Esempio n. 15
0
 def _get_test_api_url(self):
     cas_client = CASClient('https://dummy.url')
     api_resource = 'do_something_useful'
     auth_token_ticket = 'ATT-1234'
     authenticator = 'my_company_ldap'
     with open(self.private_key_filepath, 'r') as file_pointer:
         private_key = file_pointer.read()
     service_url = 'https://example.com'
     kwargs = {
         'and': 'another_thing',
         'you': 'should_know',
     }
     return cas_client.get_api_url(api_resource=api_resource,
                                   auth_token_ticket=auth_token_ticket,
                                   authenticator=authenticator,
                                   private_key=private_key,
                                   service_url=service_url,
                                   **kwargs)
Esempio n. 16
0
 def test_perform_service_validate(self):
     cas_client = CASClient("dummy.url")
     cas_client._request_cas_response = lambda url: self.response_text
     response = cas_client.perform_service_validate(ticket="FOO", service_url="BAR")
     self.assertTrue(response.success)
     self.assertEqual(
         response.attributes,
         {
             u"i2a2characteristics": u"0,3592,2000",
             u"puid": u"0012345678",
             u"firstname": u"Jeffrey A",
             u"lastname": u"Ott",
             u"fullname": u"Jeffrey A Ott",
             u"email": u"*****@*****.**",
         },
     )
     self.assertEqual(response.response_type, "authenticationSuccess")
     self.assertEqual(response.user, "jott")
Esempio n. 17
0
 def test_get_api_url(self):
     cas_client = CASClient('https://dummy.url')
     api_resource = 'do_something_useful'
     auth_token_ticket = 'ATT-1234'
     authenticator = 'my_company_ldap'
     with open(self.private_key_filepath, 'r') as file_pointer:
         private_key = file_pointer.read()
     service_url = 'https://example.com'
     kwargs = {
         'and': 'another_thing',
         'you': 'should_know',
     }
     url = cas_client.get_api_url(api_resource=api_resource,
                                  auth_token_ticket=auth_token_ticket,
                                  authenticator=authenticator,
                                  private_key=private_key,
                                  service_url=service_url,
                                  **kwargs)
     query_string = url.partition('?')[-1]
     query_parameters = {
         key: value[0]
         for key, value in parse_qs(query_string).items()
     }
     assert query_parameters == {
         'at':
         ('eyJhbmQiOiAiYW5vdGhlcl90aGluZyIsICJhdXRoZW50aWNhdG9yIjogIm15'
          'X2NvbXBhbnlfbGRhcCIsICJ0aWNrZXQiOiAiQVRULTEyMzQiLCAieW91Ijog'
          'InNob3VsZF9rbm93In0='),
         'ats':
         ('FISMx+fVfKKzI160MQRMauKdeqBRzzg+Ihwh0WqhqcnW4d+S0IyrTg6/oY1a'
          'wGvhBGrSMzOEBfYyihj5SxmLMr+xWm5Ndt+m0WcjuOR2GEwtEimIbbEQslCu'
          'f+//tG2u3UacStBRctt/cWnIGlW9cIPlUgU4iVVQtpbC7DdJc9+2rwzN10jV'
          '36JUwAWWT3iQseTiyMy+Bbuu1bzTcdtKvBdHTnCwcu1m9vkQraH/ZuVbYVMB'
          'jZC1s5lXECLN+fnC00laglYmgQ1w59EoQIXuaaHFqgq+zRvRxm4r0ASG5F0D'
          'bPT0fEDihQulSAbyOY5/6nhkFq6NYlJADKuGchFusk9D3Pcgs2KyEW3xvBb4'
          'ZArn2oaI8sxjOYUXutf1xe5MBGy8oTW+3QbHVv+hzXOrwJXsbSz6bx3gmDYb'
          'bDilhbRgPQeTH17IwqArrVgnjgcAMoDk6cTqU548S19KMc8B99pVZ7JMM5Ls'
          'uKx/ZWUF0naXFeuEaFJ5TdaO6HhhiRhUAEwlnwTQwwJuR1VtcYx4z3Lb5NhN'
          'CtH658M8acru4Dv4jV5NC3IPJcCijKGVjZQ0K6GrD863fr3usnH1gvnTzNgJ'
          '1jijF4FmyIr8E9kpNM5Mk7D0AqSGCC2nZcu/r4+2rcLiq9XxViv3jpe44alQ'
          'RjhkcqcbkcJvnhckfgjrU7w='),
         'service':
         'https://example.com',
     }
Esempio n. 18
0
def cas():
    """Handles the login page, logging a user in on correct authentication."""

    #CAS client init
    cas_client = CASClient(app.config['CAS_SERVER_URL'],
                           app.config['CAS_SERVICE_URL'],
                           verify_certificates=True)

    #SLO
    if request.method == 'POST' and session.get(
            'cas_ticket') is not None and 'logoutRequest' in request.form:
        #check the verify the ticket to prevent cross orign attacks
        message = cas_client.parse_logout_request(
            request.form.get('logoutRequest'))
        if message.get('session_index', None) == session.get('cas_ticket'):
            cortex.lib.user.clear_session()
            return ('', 200)

        abort(400)

    # If the user is already logged in, just redirect them to their dashboard
    if cortex.lib.user.is_logged_in():
        return redirect(url_for('dashboard'))

    ticket = request.args.get('ticket', None)
    if ticket is not None:
        try:
            cas_response = cas_client.perform_service_validate(ticket=ticket)
        except Exception:
            return root()
        if cas_response and cas_response.success:
            try:
                # keep the ticket for SLO
                session['cas_ticket'] = ticket
                return cortex.lib.user.logon_ok(
                    cas_response.attributes.get('uid'))
            except KeyError:
                # required user attributes not returned
                flash(
                    "CAS SSO authentication successful but missing required information consider using LDAP authentication",
                    'alert-warning')
                return root()

    return redirect(cas_client.get_login_url())
Esempio n. 19
0
    def test_perform_api_request(self):
        class MockResponse(object):
            text = '{"something": "useful"}'
            success = True

        cas_client = CASClient('https://dummy.url')
        url = self._get_test_api_url()
        service_ticket = 'ST-14600760351898-0B3lSFt2jOWSbgQ377B4CtbD9uq0MXR9kG23vAuH'

        assert not cas_client.headers
        with mock.patch('cas_client.CASClient._perform_post') as m:
            m.return_value = MockResponse()
            response = cas_client.perform_api_request(
                url, method='POST', body={'st': service_ticket}, timeout=45)
            m.assert_called_once_with(url,
                                      data={'st': service_ticket},
                                      headers=None,
                                      timeout=45)
        print(response)
        self.assertTrue(response.success)
        self.assertEqual(json.loads(response.text), {'something': 'useful'})
Esempio n. 20
0
 def test_get_auth_token_login_url(self):
     cas_client = CASClient('https://dummy.url')
     auth_token_ticket = 'AT-1234'
     authenticator = 'my_company_ldap'
     username = '******'
     service_url = 'https://example.com'
     with open(self.private_key_filepath, 'r') as file_pointer:
         private_key = file_pointer.read()
     url = cas_client.get_auth_token_login_url(
         auth_token_ticket=auth_token_ticket,
         authenticator=authenticator,
         private_key=private_key,
         service_url=service_url,
         username=username,
     )
     query_string = url.partition('?')[-1]
     query_parameters = {
         key: value[0]
         for key, value in parse_qs(query_string).items()
     }
     assert query_parameters == {
         'at':
         ('eyJhdXRoZW50aWNhdG9yIjogIm15X2NvbXBhbnlfbGRhcCIsICJ0aWNrZXQi'
          'OiAiQVQtMTIzNCIsICJ1c2VybmFtZSI6ICJteV91c2VyIn0='),
         'ats':
         ('pZ3m58k8Xpd+TDlYb+VDV89TVGoPIAgsxDMNGtNLqzchg/EFy12NzVaUbVSz'
          '1PNZdQ/klMrfvxzehLlFp9QkyfFoUS5pgUo9XXjpowWe0E9eKX5hBJjpmvD+'
          'PhSMRXFOPUOLRohRX45aPqJ4mjh2MNP0mzKrRfoRoUT/6mmrvLRJu150rtnS'
          'A5E4n0V4BeJXWIFYqqu8B4CP3fbg18HMB5g36P61m6I67kDmBLfTlmtrwvM5'
          'Vh3r9q9HFGn1NGmdMTcqGwAqfrww2XuBBemTpcfvSLNhTf/nZ21042BDt0+J'
          'TLNsGBxNKS39NznyOcf2g5XtscdJXcDcKan/eJI7WHNtpmJPzhA4H5wTuAm7'
          'X0WgAN7hxmTYy3E0241j6Q1DNDuxvgkSMS7CJhD3p0Fp0kHsdCslLuqjMoou'
          'THSshfJU6lvE4dc1vh3fdzKiAcmvMQ2RT4ACNQVwVYiE9UWu23D16yz08sV2'
          '9kzlFTCTXT608tHMVCx1x7K959IxcRUFld314ooqJ5BgrK/2QqtZXS0w581f'
          '8P5qViQoOrQ5gRiPZ/bT6eF24RLuKN78VEkak2z0B1aZqpEcG3wQC4qHeUaM'
          'TgrihbVi6eIv7N5k6srSyGCAQ/9k7o53ZKG8MzkqMJq53AoEXNj8HNQxgO0D'
          'OtFwXLMrlrFpmqPS5OcO9NM='),
         'service':
         'https://example.com',
     }
Esempio n. 21
0
 def test_get_logout_url(self):
     cas_client = CASClient("dummy.url")
     service_url = "app.url"
     url = cas_client.get_logout_url(service_url=service_url)
     self.assertEqual(url, "dummy.url/cas/logout?service=app.url")
Esempio n. 22
0
[sys.path.append(i) for i in ['.', '..', 'server']]
from server.blacklab import search_blacklab  #pylint: disable=wrong-import-position
from server.db import get_db  #pylint: disable=wrong-import-position
from flask_caching import Cache

app = Flask(__name__, static_folder='../build')
CORS(app)

app.debug = True

cache = Cache(config={'CACHE_TYPE': 'simple'})
cache.init_app(app)

# cas authentication URL
cas_url = 'https://secure.its.yale.edu/cas'
cas_client = CASClient(cas_url, auth_prefix='')
app.secret_key = hashlib.new('ripemd160').hexdigest()
use_cas_auth = False
use_param_auth = False

##
# API routes
##


@app.route('/api/tree')
def items():
    '''Fetch tree data'''
    db = get_db()
    try:
        return jsonify(list(db.fragments.find({}, {'_id': 0})))
Esempio n. 23
0
from cas_client import CASClient
from flask import Flask, redirect, request, session, url_for
import logging

logging.basicConfig(level=logging.DEBUG, filename='/tmp/app.log')

app = Flask(__name__)
app.secret_key = '\rr8tIPn7'

app_login_url = 'http://*****:*****@app.route('/login')
def login():
    ticket = request.args.get('ticket')
    if ticket:
        try:
            cas_response = cas_client.perform_service_validate(
                ticket=ticket,
                service_url=app_login_url,
            )
        except:
Esempio n. 24
0
 def test_get_logout_url(self):
     cas_client = CASClient('https://dummy.url')
     service_url = 'https://app.url'
     url = cas_client.get_logout_url(service_url=service_url)
     self.assertEqual(
         url, 'https://dummy.url/cas/logout?service=https://app.url')