def _cas_client(target_url=None):
cas_server = app.config['CAS_SERVER']
# One (possible) advantage this has over "request.base_url" is that it embeds the configured SERVER_NAME.
service_url = url_for('.cas_login', _external=True)
if target_url:
service_url = service_url + '?' + urlencode({'url': target_url})
return cas.CASClientV3(server_url=cas_server, service_url=service_url)
def cas_login_verify():
client = cas.CASClientV3(renew=False,
extra_login_params=False,
server_url=app.config['CAS_SERVER_URL'],
service_url=url_for('cas_login_verify',
_external=True))
if 'ticket' in request.args:
(username, attributes,
pgtiou) = client.verify_ticket(request.args['ticket'])
if username is None:
return redirect(client.get_login_url())
else:
username = username.lower()
if not zero.lib.user.is_user_authorised(username):
app.logger.info(
"User " + username +
" tried to use the service, but they were not in linuxsys or linuxadm, rejecting"
)
flash("You are not authorised to use this service, sorry!",
"alert-danger")
return redirect(url_for('login'))
# Logon is OK to proceed
return zero.lib.user.logon_ok(username)
else:
abort(400)
def cas_login():
client = cas.CASClientV3(renew=False,
extra_login_params=False,
server_url=app.config['CAS_SERVER_URL'],
service_url=url_for('cas_login_verify',
_external=True))
return redirect(client.get_login_url())
def setup_app():
fernet_key = fernet.Fernet.generate_key()
secret_key = base64.urlsafe_b64decode(fernet_key)
app = web.Application(
debug=True,
middlewares=[
session_middleware(EncryptedCookieStorage(secret_key)),
cas_middleware
]
)
app['cas_client'] = cas.CASClientV3(
server_url=CAS_SERVER_URL,
service_url=SERVICE_NAME,
extra_login_params=False,
renew=False
)
aiohttp_jinja2.setup(
app,
loader=jinja2.FileSystemLoader(os.path.join(PROJECT_ROOT, 'templates'))
)
setup_routes(app)
return app
def __init__(self, db: DBConnector, ticket: str = None):
self.client = cas.CASClientV3(renew=False,
extra_login_params=False,
server_url='https://login.case.edu/cas/',
service_url=request.url_root)
self.login_url = self.client.get_login_url()
self.logout_url = self.client.get_logout_url(
f"{request.url_root}logout")
#there is a user logged in
if USER_SESSION_KEY in session and session.get(
USER_SESSION_KEY) is not None:
self.__login_from_session()
#we got a ticket from CAS, so the user just logged in
elif ticket is not None:
self.__login_from_cas_ticket(db, ticket)
#no logged in user
else:
self.user = None
from requests.exceptions import HTTPError
import cas
import requests
from flask import Flask
app = Flask(__name__)
CAS_URL_LOGIN = '******'
CAS_SERVER_URL = 'http://cas.somenergia.coop:8000/'
SERVICE_NAME = 'http://api.somenergia.coop'
CAS_CLIENT = cas.CASClientV3(server_url=CAS_SERVER_URL,
service_url=SERVICE_NAME,
extra_login_params=False,
renew=False)
def _get_ticket(response):
response_info = response.raw.info().get('Location', '')
if response_info:
return parse_qs(urlparse(response_info).query)['ticket'][0]
raise HTTPError()
def cas_login(username, password):
resp = requests.get(CAS_URL_LOGIN)
headers = {
def logout_client_v3():
return cas.CASClientV3(server_url='http://www.example.com/cas/')
def client_v3():
return cas.CASClientV3()
