def callback(request): timeout = getattr(settings, 'PA_SSO_TIMEOUT', 30) token = request.GET.get('sso_token', None) if not verify_url(request, settings.PA_API_SECRET, timeout): return HttpResponseBadRequest('Failed verifying url') try: new_session = GlobalSession.objects.active().get(pk=token) except GlobalSession.DoesNotExist: # Ignore expired sessions pass else: if request.sso_session and \ not request.sso_session.user.id == new_session.user.id: # To avoid reusing another user's session, create a new, # empty session if the existing session corresponds to a # different authenticated user. pa.sso.logout(request) # Update persistent session / request variables pa.sso.login(request, new_session) # Redirect user if request.sso_session: next = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL) else: next = settings.LOGIN_URL return HttpResponseRedirect(next)
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME): apikey = None if request.method == 'POST': params = request.session.get('login_params', dict()) form = PasswordAuthenticationForm(data=request.POST) if form.is_valid(): # Login! user = form.get_user() sso_session = GlobalSession(user=user, expire_date=datetime.utcnow() + timedelta(hours=12)) sso_session.save() # TODO: Setting Cookies? # Authenticate Locally pa.sso.login(request, sso_session) # Clear the cached login params if 'login_params' in request.session: del request.session['login_params'] apikey = pa.api.get_apikey(params) redirect_to = params.get(redirect_field_name, None) else: # Error! # TODO: Strip password pass elif request.method == 'GET': apikey = pa.api.get_apikey(request.GET) if apikey and verify_url(request, apikey.secret_bytes): if request.sso_session: # Initial Request, already logged in... redirect_to = request.GET.get(redirect_field_name, None) else: # Initial Request, store next link and redirect to this view (cleaning up the URL params) request.session['login_params'] = request.GET return HttpResponseRedirect(request.path) elif apikey: return HttpResponseBadRequest('URL Signature Failed!') form = PasswordAuthenticationForm(request) else: # Weird HTTP Method raise NotImplemented if request.sso_session: if not redirect_to or not apikey: # Internal redirects do not need the sso token redirect_to = settings.LOGIN_REDIRECT_URL else: redirect_to = append_query(redirect_to, apikey=apikey.key, sso_token=request.sso_session.key) redirect_to = sign_url(redirect_to, apikey.secret_bytes) # Redirect to callback return HttpResponseRedirect(redirect_to) else: # Display Form request.session.set_test_cookie() return render_to_response(template_name, { 'form': form, }, context_instance=RequestContext(request))
def logout(request, redirect_field_name=REDIRECT_FIELD_NAME, template_name='registration/logout.html'): if request.method == 'GET': next = '/' params = request.GET apikey = pa.api.get_apikey(params) if apikey and verify_url(request, apikey.secret_bytes): next = params.get(redirect_field_name, next) return render_to_response(template_name, { 'next': next, }, context_instance=RequestContext(request)) elif request.method == 'POST': GlobalSession.objects.filter(pk=request.sso_session.pk).delete() pa.sso.logout(request) next = request.POST.get('next', '/') return HttpResponseRedirect(next)