Esempio n. 1
0
def logout(request, next_page=None):
    """Redirects to CAS logout page"""
    # try to find the ticket matching current session for logout signal
    try:
        st = SessionTicket.objects.get(session_key=request.session.session_key)
        ticket = st.ticket
    except SessionTicket.DoesNotExist:
        ticket = None
    # send logout signal
    cas_user_logout.send(
        sender="manual",
        user=request.user,
        session=request.session,
        ticket=ticket,
    )
    auth_logout(request)
    # clean current session ProxyGrantingTicket and SessionTicket
    ProxyGrantingTicket.objects.filter(session_key=request.session.session_key).delete()
    SessionTicket.objects.filter(session_key=request.session.session_key).delete()
    next_page = next_page or get_redirect_url(request)
    if settings.CAS_LOGOUT_COMPLETELY:
        protocol = get_protocol(request)
        host = request.get_host()
        redirect_url = urllib_parse.urlunparse(
            (protocol, host, next_page, '', '', ''),
        )
        client = get_cas_client(request=request)
        return HttpResponseRedirect(settings.CLIENT_HOST)
    else:
        # This is in most cases pointless if not CAS_RENEW is set. The user will
        # simply be logged in again on next request requiring authorization.
        return render(request, 'index.html')
Esempio n. 2
0
def test_redirect_url_with_url_as_get_parameter():
    factory = RequestFactory()
    request = factory.get('/login/', data={'next': '/landing-page/'})

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 3
0
def test_redirect_url_with_url_as_get_parameter():
    factory = RequestFactory()
    request = factory.get('/login/', data={'next': '/landing-page/'})

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 4
0
def test_redirect_url_strips_domain_prefix(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = 'http://testserver/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 5
0
def test_params_redirect_url_preceeds_settings_redirect_url(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = '/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', data={'next': '/override/'})

    actual = get_redirect_url(request)
    expected = '/override/'

    assert actual == expected
Esempio n. 6
0
def test_redirect_url_named_pattern(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = 'home'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/'

    assert actual == expected
Esempio n. 7
0
def test_redirect_url_falls_back_to_http_referrer(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = '/wrong-landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', HTTP_REFERER='/landing-page/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 8
0
def test_redirect_url_named_pattern_without_referrer(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = 'home'

    factory = RequestFactory()
    request = factory.get('/login/', HTTP_REFERER='/landing-page/')

    actual = get_redirect_url(request)
    expected = '/'

    assert actual == expected
Esempio n. 9
0
def test_redirect_url_named_pattern_without_referrer(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = 'home'

    factory = RequestFactory()
    request = factory.get('/login/', HTTP_REFERER='/landing-page/')

    actual = get_redirect_url(request)
    expected = '/'

    assert actual == expected
Esempio n. 10
0
def test_params_redirect_url_preceeds_settings_redirect_url(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = '/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', data={'next': '/override/'})

    actual = get_redirect_url(request)
    expected = '/override/'

    assert actual == expected
Esempio n. 11
0
def test_redirect_url_named_pattern(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = 'home'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/'

    assert actual == expected
Esempio n. 12
0
def test_redirect_url_falls_back_to_http_referrer(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = '/wrong-landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', HTTP_REFERER='/landing-page/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 13
0
def test_redirect_url_falls_back_to_cas_redirect_url_setting(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = '/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 14
0
def test_redirect_url_next_no_named_pattern(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = '/wrong-landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', data={'next': 'home'})

    actual = get_redirect_url(request)
    expected = 'home'

    assert actual == expected
Esempio n. 15
0
def test_redirect_url_falls_back_to_cas_redirect_url_setting(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = '/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 16
0
def test_redirect_url_strips_domain_prefix(settings):
    settings.CAS_IGNORE_REFERER = True
    settings.CAS_REDIRECT_URL = 'http://testserver/landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/')

    actual = get_redirect_url(request)
    expected = '/landing-page/'

    assert actual == expected
Esempio n. 17
0
def test_redirect_url_next_no_named_pattern(settings):
    settings.CAS_IGNORE_REFERER = False
    settings.CAS_REDIRECT_URL = '/wrong-landing-page/'

    factory = RequestFactory()
    request = factory.get('/login/', data={'next': 'home'})

    actual = get_redirect_url(request)
    expected = 'home'

    assert actual == expected
Esempio n. 18
0
    def get(self, request):
        """
        Redirects to CAS logout page

        :param request:
        :return:
        """
        next_page = request.GET.get('next')
        token = request.GET.get('token')
        session_key = request.GET.get('session_key')

        print('token: {} session_key: {}'.format(token, session_key))
        # try to find the ticket matching current session for logout signal
        try:
            st = SessionTicket.objects.get(session_key=session_key)
            ticket = st.ticket
        except SessionTicket.DoesNotExist:
            ticket = None
        # send logout signal
        # print('request.COOKIES: {}'.format(request.COOKIES))
        # print('request.session: {}'.format(request.session))
        logger.info('request.user: {}'.format(request.user))
        logger.info('logout ticket: {}'.format(ticket))
        logger.info('Start cas logout.')
        cas_user_logout.send(
            sender="manual",
            user=request.user,
            session=request.session,
            ticket=ticket,
        )
        logger.info('Start sys logout.')
        auth_logout(request)
        # clean current session ProxyGrantingTicket and SessionTicket
        ProxyGrantingTicket.objects.filter(session_key=session_key).delete()
        SessionTicket.objects.filter(session_key=session_key).delete()
        Token.objects.filter(key=token).delete()

        next_page = next_page or get_redirect_url(request)
        logger.info('Logout next_page: {}'.format(next_page))
        if settings.CAS_LOGOUT_COMPLETELY:
            protocol = get_protocol(request)
            host = request.get_host()
            redirect_url = urllib_parse.urlunparse(
                (protocol, host, next_page, '', '', ''), )
            logger.info('Logout redirect_url: {}'.format(redirect_url))
            client = get_cas_client(request=request)
            # logger.info('Logout client.get_logout_url(redirect_url): {}'.format(client.get_logout_url(redirect_url)))
            return HttpResponseRedirect(client.get_logout_url(next_page))
        else:
            # This is in most cases pointless if not CAS_RENEW is set. The user will
            # simply be logged in again on next request requiring authorization.
            return HttpResponseRedirect(next_page)
Esempio n. 19
0
def _setup_view(request, next_page):
    '''
    Common logic to set up these views: make sure Django auth is done and check our conditions.
    '''
    if not next_page and 'next' in request.GET:
        next_page = request.GET['next']
    if not next_page:
        next_page = get_redirect_url(request)

    if not request.maybe_stale_user.is_authenticated:
        # Not authenticated at all. Force standard-Django auth.
        return next_page, False, False

    good_auth, good_2fa = request.session_info.okay_auth(request, request.maybe_stale_user)

    return next_page, good_auth, good_2fa
Esempio n. 20
0
    def get(self, request):
        """
        Redirects to CAS logout page
        :param request:
        :return:
        """
        next_page = clean_next_page(request, request.GET.get('next'))

        # try to find the ticket matching current session for logout signal
        try:
            st = SessionTicket.objects.get(
                session_key=request.session.session_key)
            ticket = st.ticket
        except SessionTicket.DoesNotExist:
            ticket = None
        # send logout signal
        cas_user_logout.send(
            sender="manual",
            user=request.user,
            session=request.session,
            ticket=ticket,
        )
        auth_logout(request)
        # clean current session ProxyGrantingTicket and SessionTicket
        ProxyGrantingTicket.objects.filter(
            session_key=request.session.session_key).delete()
        SessionTicket.objects.filter(
            session_key=request.session.session_key).delete()
        next_page = next_page or get_redirect_url(request)
        if settings.CAS_LOGOUT_COMPLETELY:
            protocol = get_protocol(request)
            host = request.get_host()
            redirect_url = SERVICE_URL
            client = get_cas_client(request=request)
            return HttpResponseRedirect(client.get_logout_url(redirect_url))
        else:
            # This is in most cases pointless if not CAS_RENEW is set. The user will
            # simply be logged in again on next request requiring authorization.
            return HttpResponseRedirect(next_page)
Esempio n. 21
0
def brcas_token(request):
    service_url = get_service_url(request)
    redirect_url = get_redirect_url(request)
    client = get_cas_client(service_url=service_url, request=request)
    ticket = request.GET.get('ticket')
    if ticket:
        user = django.contrib.auth.authenticate(
            ticket=ticket,
            service="https://api.x-passion.binets.fr/api-brcas-token-auth/",
            request=request)
        if user is not None:
            jwt_payload_handler = rest_framework_jwt.settings.api_settings.JWT_PAYLOAD_HANDLER
            jwt_encode_handler = rest_framework_jwt.settings.api_settings.JWT_ENCODE_HANDLER
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)
            return render(request,
                          "storer.html",
                          context={
                              "token": token,
                              "redirect_url": redirect_url
                          })
    raise PermissionDenied('BR CAS login failed.')
Esempio n. 22
0
    def get(self, request: HttpRequest) -> HttpResponse:
        next_page = settings.SUCCESS_SSO_AUTH_REDIRECT

        try:
            del request.session['token']
        except KeyError:
            pass

        # try to find the ticket matching current session for logout signal
        try:
            st = SessionTicket.objects.get(
                session_key=request.session.session_key)
            ticket = st.ticket
        except SessionTicket.DoesNotExist:
            ticket = None
        # send logout signal
        cas_user_logout.send(
            sender="manual",
            user=request.user,
            session=request.session,
            ticket=ticket,
        )

        # clean current session ProxyGrantingTicket and SessionTicket
        ProxyGrantingTicket.objects.filter(
            session_key=request.session.session_key).delete()
        SessionTicket.objects.filter(
            session_key=request.session.session_key).delete()
        auth_logout(request)

        next_page = next_page or get_redirect_url(request)
        if settings.CAS_LOGOUT_COMPLETELY:
            client = get_cas_client(request=request)
            return HttpResponseRedirect(client.get_logout_url(next_page))

        # This is in most cases pointless if not CAS_RENEW is set. The user will
        # simply be logged in again on next request requiring authorization.
        return HttpResponseRedirect(next_page)
Esempio n. 23
0
def logout(request, next_page=None, **kwargs):

    backend = request.session.get("_auth_user_backend", "").split(".")[-1]

    if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend":
        cas_logout(request, next_page, **kwargs)

        next_page = next_page or get_redirect_url(request)
        if settings.CAS_LOGOUT_COMPLETELY:
            protocol = get_protocol(request)
            host = request.get_host()
            redirect_url = urllib_parse.urlunparse(
                (protocol, host, next_page, "", "", "")
            )
            client = get_cas_client()
            client.server_url = settings.CAS_SERVER_URL[:-3]
            return HttpResponseRedirect(client.get_logout_url(redirect_url))
        else:
            # This is in most cases pointless if not CAS_RENEW is set. The user will
            # simply be logged in again on next request requiring authorization.
            return HttpResponseRedirect(next_page)
    else:
        next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login"
        return auth_logout_view(request, next_page=next_page, **kwargs)
Esempio n. 24
0
def login(request, next_page=None, required=False):
    """Forwards to CAS login URL or verifies CAS ticket"""
    service_url = get_service_url(request, next_page)
    client = get_cas_client(service_url=service_url, request=request)

    if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session:
        next_page = request.session['CASNEXT']
        del request.session['CASNEXT']

    if not next_page:
        next_page = get_redirect_url(request)

    if request.method == 'POST' and request.POST.get('logoutRequest'):
        clean_sessions(client, request)
        return HttpResponseRedirect(next_page)

    # backward compability for django < 2.0
    is_user_authenticated = False

    if sys.version_info >= (3, 0):
        bool_type = bool
    else:
        bool_type = types.BooleanType

    if isinstance(request.user.is_authenticated, bool_type):
        is_user_authenticated = request.user.is_authenticated
    else:
        is_user_authenticated = request.user.is_authenticated()

    if is_user_authenticated:
        if settings.CAS_LOGGED_MSG is not None:
            message = settings.CAS_LOGGED_MSG % request.user.get_username()
            user = request.user
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)
            user_profile = UserProfile.objects.get(user=user)
            profile_id = user_profile.id
            name = user_profile.name
            npm = user_profile.npm
            email = user_profile.email
            role = user_profile.role.role_name
            angkatan = user_profile.angkatan.name

            data = {'user_id': user.id, 'user': user.username, 'token': token,
                    'profile_id': profile_id,
                    'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan}
        return render(request, 'index.html')

    ticket = request.GET.get('ticket')
    if ticket:
        user = authenticate(ticket=ticket,
                            service=service_url,
                            request=request)
        pgtiou = request.session.get("pgtiou")
        if user is not None:
            if not request.session.exists(request.session.session_key):
                request.session.create()
            auth_login(request, user)
            SessionTicket.objects.create(
                session_key=request.session.session_key,
                ticket=ticket
            )

            if pgtiou and settings.CAS_PROXY_CALLBACK:
                # Delete old PGT
                ProxyGrantingTicket.objects.filter(
                    user=user,
                    session_key=request.session.session_key
                ).delete()
                # Set new PGT ticket
                try:
                    pgt = ProxyGrantingTicket.objects.get(pgtiou=pgtiou)
                    pgt.user = user
                    pgt.session_key = request.session.session_key
                    pgt.save()
                except ProxyGrantingTicket.DoesNotExist:
                    pass

            if settings.CAS_LOGIN_MSG is not None:
                name = user.get_username()
                message = settings.CAS_LOGIN_MSG % name
                messages.success(request, message)
            
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)

            user_profile = UserProfile.objects.get(user=user)
            profile_id = user_profile.id
            name = user_profile.name
            npm = user_profile.npm
            email = user_profile.email
            role = user_profile.role.role_name
            angkatan = user_profile.angkatan.name

            data = {'user_id': user.id, 'user': user.username, 'token': token,
                    'profile_id': profile_id,
                    'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan}
            return render(request, 'index.html', data)
        elif settings.CAS_RETRY_LOGIN or required:
            return HttpResponseRedirect(client.get_login_url())
        else:
            raise PermissionDenied(_('Login failed.'))
    else:
        if settings.CAS_STORE_NEXT:
            request.session['CASNEXT'] = next_page
        return HttpResponseRedirect(client.get_login_url())
Esempio n. 25
0
    def get(self, request):
        """
        Forwards to CAS login URL or verifies CAS ticket

        :param request:
        :return:
        """
        next_page = request.GET.get('next')
        required = request.GET.get('required', False)

        service_url = get_service_url(request, next_page)
        # logger.info('service_url: {}'.format(service_url))
        client = get_cas_client(service_url=service_url, request=request)

        if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session:
            next_page = request.session['CASNEXT']
            del request.session['CASNEXT']

        if not next_page:
            next_page = get_redirect_url(request)

        if request.user.is_authenticated:
            if settings.CAS_LOGGED_MSG is not None:
                message = settings.CAS_LOGGED_MSG % request.user.get_username()
                messages.success(request, message)
                logger.info('user is authenticated')
                user = request.user
                Token.objects.update_or_create(user=user)
            return self.successful_login(request=request, next_page=next_page)

        ticket = request.GET.get('ticket')
        logger.info('Login ticket: {}'.format(ticket))
        if ticket:
            user = authenticate(ticket=ticket,
                                service=service_url,
                                request=request)
            logger.info('ticket user: {}'.format(user))
            # print('user:'******'Login failed.'))
        else:
            if settings.CAS_STORE_NEXT:
                request.session['CASNEXT'] = next_page
            return HttpResponseRedirect(client.get_login_url())