def test_continue_to_next_url(self): from authentic2.utils import continue_to_next_url from django.test.client import RequestFactory rf = RequestFactory() request = rf.get('/coin', data={'next': '/zob/', 'nonce': 'xxx'}) response = continue_to_next_url(request) self.assertEqualsURL(response['Location'], '/zob/?nonce=xxx')
def handle_request(request): # Check certificate validity ssl_info = util.SSLInfo(request) accept_self_signed = app_settings.ACCEPT_SELF_SIGNED if not ssl_info.cert: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable CERT is missing') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. ' 'No client certificate found.')) return redirect_to_login(request) elif not accept_self_signed and not ssl_info.verify: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable VERIFY is not SUCCESS') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. ' 'Your client certificate is not valid.')) return redirect_to_login(request) # SSL entries for this certificate? user = authenticate(ssl_info=ssl_info) # If the user is logged in, no need to create an account # If there is an SSL entries, no need for account creation, # just need to login, treated after if 'do_creation' in request.session and not user \ and not request.user.is_authenticated(): from backends import SSLBackend if SSLBackend().create_user(ssl_info): user = authenticate(ssl_info=ssl_info) logger.info(u'account created for %s', user) else: logger.error('account creation failure') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # No SSL entries and no user session, redirect account linking page if not user and not request.user.is_authenticated(): return render(request, 'auth/account_linking_ssl.html') # No SSL entries but active user session, perform account linking if not user and request.user.is_authenticated(): from backend import SSLBackend if SSLBackend().link_user(ssl_info, request.user): logger.info('Successful linking of the SSL ' 'Certificate to an account, redirection to %s' % next_url) else: logger.error('login() failed') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # SSL Entries found for this certificate, # if the user is logged out, we login if not request.user.is_authenticated(): login(request, user) record_authentication_event(request, how='ssl') return continue_to_next_url(request) # SSL Entries found for this certificate, if the user is logged in, we # check that the SSL entry for the certificate is this user. # else, we make this certificate point on that user. if user.username != request.user.username: logger.warning( u'The certificate belongs to %s, ' 'but %s is logged with, we change the association!', user, request.user) from backends import SSLBackend cert = SSLBackend().get_certificate(ssl_info) cert.user = request.user cert.save() return continue_to_next_url(request)
def handle_request(request): # Check certificate validity ssl_info = util.SSLInfo(request) accept_self_signed = app_settings.ACCEPT_SELF_SIGNED if not ssl_info.cert: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable CERT is missing') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. ' 'No client certificate found.')) return redirect_to_login(request) elif not accept_self_signed and not ssl_info.verify: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable VERIFY is not SUCCESS') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. ' 'Your client certificate is not valid.')) return redirect_to_login(request) # SSL entries for this certificate? user = authenticate(ssl_info=ssl_info) # If the user is logged in, no need to create an account # If there is an SSL entries, no need for account creation, # just need to login, treated after if 'do_creation' in request.session and not user \ and not request.user.is_authenticated(): from backends import SSLBackend if SSLBackend().create_user(ssl_info): user = authenticate(ssl_info=ssl_info) logger.info(u'account created for %s', user) else: logger.error('account creation failure') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # No SSL entries and no user session, redirect account linking page if not user and not request.user.is_authenticated(): return render_to_response('auth/account_linking_ssl.html', context_instance=RequestContext(request)) # No SSL entries but active user session, perform account linking if not user and request.user.is_authenticated(): from backend import SSLBackend if SSLBackend().link_user(ssl_info, request.user): logger.info('Successful linking of the SSL ' 'Certificate to an account, redirection to %s' % next_url) else: logger.error('login() failed') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # SSL Entries found for this certificate, # if the user is logged out, we login if not request.user.is_authenticated(): login(request, user) record_authentication_event(request, how='ssl') return continue_to_next_url(request) # SSL Entries found for this certificate, if the user is logged in, we # check that the SSL entry for the certificate is this user. # else, we make this certificate point on that user. if user.username != request.user.username: logger.warning(u'The certificate belongs to %s, ' 'but %s is logged with, we change the association!', user, request.user) from backends import SSLBackend cert = SSLBackend().get_certificate(ssl_info) cert.user = request.user cert.save() return continue_to_next_url(request)