def get_file_url(path, absolute=None, internet=True):
"""
:param path: 不包含bucket_name或media,保存在FileObj中的url的原始路径
:param abs: 是否返回包含域名的绝对地址
:param internet: 是否返回外网地址,否则返回内网地址,abs为True时生效
:return: 返回文件的url
"""
from django_cas_ng.utils import get_service_url
url = ""
if not path:
return url
path = get_storage_obj().get_relative_url(path)
# 不包含该参数时采用系统配置
if settings.DATA_STORAGE_USE_S3_HOST_URL and settings.DATA_STORAGE_USE_S3: # 开发环境才使用该配置
url = 'http://' + settings.AWS_S3_HOST + ":" + str(
settings.AWS_S3_PORT) + path
elif absolute and not internet and settings.DATA_STORAGE_USE_S3: # 采用S3存储,获取内网下载地址
url = 'http://' + settings.AWS_S3_HOST + ":" + str(
settings.AWS_S3_PORT) + path
elif absolute or (absolute is None
and settings.DATA_STORAGE_USE_ABSOLUTE_URL):
url = get_service_url(settings.SELF_APP, internet) + path
else:
url = path
return url
def test_service_url_preserves_query_parameters():
factory = RequestFactory()
request = factory.get('/login/?foo=bar', secure=True)
actual = get_service_url(request,
redirect_to='https://testserver/landing-page/')
assert 'next=https%3A%2F%2Ftestserver%2Flanding-page%2F' in actual
def test_service_url_helper():
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'http://testserver/login/?next=%2F'
assert actual == expected
def test_service_url_helper_with_redirect():
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request, redirect_to='http://testserver/landing-page/')
expected = 'http://testserver/login/?next=http%3A%2F%2Ftestserver%2Flanding-page%2F'
assert actual == expected
def post(self, request):
if request.POST.get('logoutRequest'):
next_page = request.POST.get('next', settings.CAS_REDIRECT_URL)
service_url = get_service_url(request, next_page)
client = get_cas_client(service_url=service_url, request=request)
clean_sessions(client, request)
return HttpResponseRedirect(next_page)
def test_service_url_helper():
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'http://testserver/login/?next=%2F'
assert actual == expected
def test_service_url_helper_with_redirect():
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request, redirect_to='http://testserver/landing-page/')
expected = 'http://testserver/login/?next=http://testserver/landing-page/'
assert actual == expected
def test_service_url_helper_as_https():
factory = RequestFactory()
kwargs = {'secure': True, 'wsgi.url_scheme': 'https', 'SERVER_PORT': '443'}
request = factory.get('/login/', **kwargs)
actual = get_service_url(request)
expected = 'https://testserver/login/?next=%2F'
assert actual == expected
def test_service_url_avoids_next(settings):
settings.CAS_STORE_NEXT = True
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request, redirect_to='/admin/')
expected = 'http://testserver/login/'
assert actual == expected
def test_service_url_helper_as_https():
factory = RequestFactory()
kwargs = {'secure': True, 'wsgi.url_scheme': 'https', 'SERVER_PORT': '443'}
request = factory.get('/login/', **kwargs)
actual = get_service_url(request)
expected = 'https://testserver/login/?next=%2F'
assert actual == expected
def test_service_url_avoids_next(settings):
settings.CAS_STORE_NEXT = True
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request, redirect_to='/admin/')
expected = 'http://testserver/login/'
assert actual == expected
def test_service_url_root_proxied_as(settings):
settings.CAS_ROOT_PROXIED_AS = 'https://foo.bar:8443'
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'https://foo.bar:8443/login/?next=%2F'
assert actual == expected
def test_service_url_root_proxied_as(settings):
settings.CAS_ROOT_PROXIED_AS = 'https://foo.bar:8443'
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'https://foo.bar:8443/login/?next=%2F'
assert actual == expected
def test_force_ssl_service_url(settings):
settings.CAS_FORCE_SSL_SERVICE_URL = True
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'https://testserver/login/?next=%2F'
assert actual == expected
def post(self, request):
next_page = clean_next_page(
request, request.POST.get('next', settings.CAS_REDIRECT_URL))
service_url = get_service_url(request, next_page)
client = get_cas_client(service_url=SERVICE_URL + LOGIN_PATH,
request=request)
if request.POST.get('logoutRequest'):
clean_sessions(client, request)
return HttpResponseRedirect(next_page)
return HttpResponseRedirect(client.get_login_url())
def test_service_url_root_proxied_as_empty_string(settings):
"""
If the settings module has the attribute CAS_ROOT_PROXIED_AS but its value
is an empty string (or another falsy value), we must make sure the setting
is not considered while constructing the redirect url.
"""
settings.CAS_ROOT_PROXIED_AS = ''
factory = RequestFactory()
request = factory.get('/login/')
actual = get_service_url(request)
expected = 'http://testserver/login/?next=%2F'
assert actual == expected
def brcas_token(request):
service_url = get_service_url(request)
redirect_url = get_redirect_url(request)
client = get_cas_client(service_url=service_url, request=request)
ticket = request.GET.get('ticket')
if ticket:
user = django.contrib.auth.authenticate(
ticket=ticket,
service="https://api.x-passion.binets.fr/api-brcas-token-auth/",
request=request)
if user is not None:
jwt_payload_handler = rest_framework_jwt.settings.api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = rest_framework_jwt.settings.api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return render(request,
"storer.html",
context={
"token": token,
"redirect_url": redirect_url
})
raise PermissionDenied('BR CAS login failed.')
def get(self, request):
"""
Forwards to CAS login URL or verifies CAS ticket
:param request:
:return:
"""
next_page = request.GET.get('next')
required = request.GET.get('required', False)
service_url = get_service_url(request, next_page)
# logger.info('service_url: {}'.format(service_url))
client = get_cas_client(service_url=service_url, request=request)
if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session:
next_page = request.session['CASNEXT']
del request.session['CASNEXT']
if not next_page:
next_page = get_redirect_url(request)
if request.user.is_authenticated:
if settings.CAS_LOGGED_MSG is not None:
message = settings.CAS_LOGGED_MSG % request.user.get_username()
messages.success(request, message)
logger.info('user is authenticated')
user = request.user
Token.objects.update_or_create(user=user)
return self.successful_login(request=request, next_page=next_page)
ticket = request.GET.get('ticket')
logger.info('Login ticket: {}'.format(ticket))
if ticket:
user = authenticate(ticket=ticket,
service=service_url,
request=request)
logger.info('ticket user: {}'.format(user))
# print('user:'******'Login failed.'))
else:
if settings.CAS_STORE_NEXT:
request.session['CASNEXT'] = next_page
return HttpResponseRedirect(client.get_login_url())
def login(request, next_page=None, required=False):
"""Forwards to CAS login URL or verifies CAS ticket"""
service_url = get_service_url(request, next_page)
client = get_cas_client(service_url=service_url, request=request)
if not next_page and settings.CAS_STORE_NEXT and 'CASNEXT' in request.session:
next_page = request.session['CASNEXT']
del request.session['CASNEXT']
if not next_page:
next_page = get_redirect_url(request)
if request.method == 'POST' and request.POST.get('logoutRequest'):
clean_sessions(client, request)
return HttpResponseRedirect(next_page)
# backward compability for django < 2.0
is_user_authenticated = False
if sys.version_info >= (3, 0):
bool_type = bool
else:
bool_type = types.BooleanType
if isinstance(request.user.is_authenticated, bool_type):
is_user_authenticated = request.user.is_authenticated
else:
is_user_authenticated = request.user.is_authenticated()
if is_user_authenticated:
if settings.CAS_LOGGED_MSG is not None:
message = settings.CAS_LOGGED_MSG % request.user.get_username()
user = request.user
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user_profile = UserProfile.objects.get(user=user)
profile_id = user_profile.id
name = user_profile.name
npm = user_profile.npm
email = user_profile.email
role = user_profile.role.role_name
angkatan = user_profile.angkatan.name
data = {'user_id': user.id, 'user': user.username, 'token': token,
'profile_id': profile_id,
'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan}
return render(request, 'index.html')
ticket = request.GET.get('ticket')
if ticket:
user = authenticate(ticket=ticket,
service=service_url,
request=request)
pgtiou = request.session.get("pgtiou")
if user is not None:
if not request.session.exists(request.session.session_key):
request.session.create()
auth_login(request, user)
SessionTicket.objects.create(
session_key=request.session.session_key,
ticket=ticket
)
if pgtiou and settings.CAS_PROXY_CALLBACK:
# Delete old PGT
ProxyGrantingTicket.objects.filter(
user=user,
session_key=request.session.session_key
).delete()
# Set new PGT ticket
try:
pgt = ProxyGrantingTicket.objects.get(pgtiou=pgtiou)
pgt.user = user
pgt.session_key = request.session.session_key
pgt.save()
except ProxyGrantingTicket.DoesNotExist:
pass
if settings.CAS_LOGIN_MSG is not None:
name = user.get_username()
message = settings.CAS_LOGIN_MSG % name
messages.success(request, message)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user_profile = UserProfile.objects.get(user=user)
profile_id = user_profile.id
name = user_profile.name
npm = user_profile.npm
email = user_profile.email
role = user_profile.role.role_name
angkatan = user_profile.angkatan.name
data = {'user_id': user.id, 'user': user.username, 'token': token,
'profile_id': profile_id,
'name': name, 'npm': npm, 'email': email, 'role': role, 'angkatan': angkatan}
return render(request, 'index.html', data)
elif settings.CAS_RETRY_LOGIN or required:
return HttpResponseRedirect(client.get_login_url())
else:
raise PermissionDenied(_('Login failed.'))
else:
if settings.CAS_STORE_NEXT:
request.session['CASNEXT'] = next_page
return HttpResponseRedirect(client.get_login_url())
def test_service_url_preserves_query_parameters():
factory = RequestFactory()
request = factory.get('/login/?foo=bar', secure=True)
actual = get_service_url(request, redirect_to='https://testserver/landing-page/')
assert 'next=https%3A%2F%2Ftestserver%2Flanding-page%2F' in actual
def dispatch(self, request, *args, **kwargs):
self.ticket = request.GET.get('ticket')
self.service = get_service_url(request)
return super(LoginView, self).dispatch(request, *args, **kwargs)