class CASAuthProvider(AuthProvider):
"""Provides authentication using CAS
The type name to instantiate this provider is *cas*.
"""
def __init__(self, *args, **kwargs):
super(CASAuthProvider, self).__init__(*args, **kwargs)
self.settings.setdefault('callback_uri',
'/cas_auth/{}'.format(self.name))
if not self.settings.get('cas_url_base'):
raise MultipassException(
"`cas_url_base` must be specified in the provider settings")
self.cas_client = CASClient(self.settings['cas_url_base'],
auth_prefix='')
self.cas_endpoint = '_flaskmultipass_cas_' + self.name
current_app.add_url_rule(self.settings['callback_uri'],
self.cas_endpoint,
self._authorize_callback,
methods=('GET', 'POST'))
@property
def cas_callback_url(self):
return request.url_root + self.settings['callback_uri']
def initiate_external_login(self):
cas_login_url = self.cas_client.get_login_url(
service_url=self.cas_callback_url)
return redirect(cas_login_url)
def process_logout(self, return_url):
cas_logout_url = self.cas_client.get_logout_url(
service_url=self.cas_callback_url)
return redirect(cas_logout_url)
def _make_auth_info(self, resp):
return AuthInfo(self, token=resp[self.settings['token_field']])
@login_view
def _authorize_callback(self):
ticket = request.args.get('ticket')
if not ticket:
raise AuthenticationFailed('ticket is not provided')
cas_response = self.cas_client.perform_service_validate(
ticket=ticket,
service_url=self.cas_callback_url,
)
if cas_response and cas_response.success:
auth_info = cas_response.attributes
auth_info['_username'] = cas_response.user
return self.multipass.handle_auth_success(
AuthInfo(self, **auth_info))
raise AuthenticationFailed("CAS result: Access denied")
def logout():
"""Logs a user out"""
#CAS client init
cas_client = CASClient(app.config['CAS_SERVER_URL'], app.config['CAS_SERVICE_URL'], verify_certificates=True)
# destroy the session
cas_ticket = session.get('cas_ticket', None)
cortex.lib.user.clear_session()
if cas_ticket is not None:
# Tell cas about the logout
return redirect(cas_client.get_logout_url())
else:
return login()
def test_get_logout_url(self):
cas_client = CASClient("dummy.url")
service_url = "app.url"
url = cas_client.get_logout_url(service_url=service_url)
self.assertEqual(url, "dummy.url/cas/logout?service=app.url")
def test_get_logout_url(self):
cas_client = CASClient('https://dummy.url')
service_url = 'https://app.url'
url = cas_client.get_logout_url(service_url=service_url)
self.assertEqual(
url, 'https://dummy.url/cas/logout?service=https://app.url')
