def test01_create_cookie(self): secret = os.urandom(32) cookie = SecureCookie(secret, 'pjk', '127.0.0.1') cookie_val = cookie.cookie_value() log.info('Cookie value: %r', cookie_val)
def test02_check_cookie(self): secret = os.urandom(32) cookie = SecureCookie(secret, 'pjk', '127.0.0.1') cookie_val = cookie.cookie_value() session = { 'authkit.cookie.user': None, 'authkit.cookie.user_data': None } ticket = SecureCookie.parse_ticket(secret, cookie_val, '127.0.0.1', session) self.assertEqual('pjk', ticket[1], 'Error parsing user id') log.info('ticket: %r', ticket)
def home(request): if request.method == 'GET': ''' requested directly or redirected from THREDDS/authentication filter or redirected from OpenID/OAuth2 server or ''' if request.user.is_authenticated(): social = None try: social = request.user.social_auth.get(provider='esgf') except Exception: pass try: social = request.user.social_auth.get(provider='esgf-openid') except Exception: pass log.info('User {} successfully authenticated'.format(social.uid)) redirect_url = request.GET.get('redirect', request.session.get('redirect')) if not redirect_url: ''' not redirected from THREDDS/authentication filter ''' return render(request, 'auth/home.j2', {'openid_identifier': social.uid}) ''' redirected from OpenID/OAuth2 server or redirected from THREDD/authentication filter ''' # create a session cookie encoded_secret_key = settings.ESGF_SECRET_KEY session_cookie_name = settings.ESGF_SESSION_COOKIE_NAME secret_key = encoded_secret_key.decode('base64') secure_cookie = SecureCookie(secret_key, social.uid, '127.0.0.1', (), '') # redirect back to THREDDS response = redirect(redirect_url) response.set_cookie(session_cookie_name, secure_cookie.cookie_value()) return response else: ''' requested directly or redirected from THREDDS/authentication filter ''' redirect_url = request.GET.get('redirect') ''' Save 'redirect' param passed in the redirection by the THREDDS authentication filter before starting the OAuth2 flow. After the OAuth2 flow is completed, the param will be needed to create a redirection back to THREDDS. ''' request.session['redirect'] = redirect_url return render(request, 'auth/home.j2', {'redirect': redirect_url}) # request.method == 'POST' openid_identifier = request.POST.get('openid_identifier') request.session['openid_identifier'] = openid_identifier protocol = discover(openid_identifier) if protocol: request.session['next'] = request.path credential = get_oauth2_cred(openid_identifier) if protocol == 'OAuth2' and credential: ''' It may create a race condition. When two users authenticate at the same moment through different OAuth2 servers, KEY and SECRET may be set for a wrong server. It will be better to set KEY and SECRET directly on a strategy object. ''' settings.SOCIAL_AUTH_ESGF_KEY = credential['key'] settings.SOCIAL_AUTH_ESGF_SECRET = credential['secret'] return redirect(reverse('social:begin', args=['esgf'])) elif protocol == 'OpenID': return redirect(reverse('social:begin', args=['esgf-openid'])) else: log.error('Could not discover authentication service for {}'.format( openid_identifier)) redirect_url = request.session.get('redirect') return render( request, 'auth/home.j2', { 'redirect': redirect_url, 'message': 'No OpenID/OAuth2/OIDC service discovered' })
def create_cookie(key, value, ip, tokens=(), user_data=''): return SecureCookie(key, value, ip, tokens, user_data)