def test_validate_ticket_fails_with_invalid_ticket(self, MockHTTPSHandler): MockHTTPSHandler.https_request.return_value = MockRequest() MockHTTPSHandler.https_open.return_value = MockResponse( get_data('service_validate_invalid_ticket.xml')) self.assertFalse( validate_ticket('ST-001-abc', 'https://cas.domain.net', 'https://service.domain.net'))
def test_validate_ticket_fails_with_invalid_xml_response(self, MockHTTPSHandler): MockHTTPSHandler.https_request.return_value = MockRequest() MockHTTPSHandler.https_open.return_value = MockResponse("<resp>invalid</resp>") self.assertFalse(validate_ticket( 'ST-001-abc', 'https://cas.domain.net', 'https://service.domain.net'))
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler): MockHTTPSHandler.https_request.return_value = MockRequest() MockHTTPSHandler.https_open.return_value = MockResponse( get_data('service_validate_success.xml')) self.assertEqual( 'james', validate_ticket('ST-001-abc', 'https://cas.domain.net', 'https://service.domain.net'))
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler): MockHTTPSHandler.https_request.return_value = MockRequest() MockHTTPSHandler.https_open.return_value = MockResponse( get_data('service_validate_success.xml')) self.assertEqual('james', validate_ticket( 'ST-001-abc', 'https://cas.domain.net', 'https://service.domain.net'))
def reply(self): data = json_body(self.request) if 'ticket' not in data: self.request.response.setStatus(400) return dict( error=dict(type='Missing service ticket', message='Service ticket must be provided in body.')) if 'service' in data: service = data['service'] else: service = service_url(self.request)[:-10], # Strip `/@caslogin` # Disable CSRF protection if 'IDisableCSRFProtection' in dir(plone.protect.interfaces): alsoProvides(self.request, plone.protect.interfaces.IDisableCSRFProtection) uf = getToolByName(self.context, 'acl_users') plugins = uf._getOb('plugins') authenticators = plugins.listPlugins(IAuthenticationPlugin) cas_plugin = None jwt_plugin = None for id_, authenticator in authenticators: if authenticator.meta_type == "CAS Authentication Plugin": cas_plugin = authenticator elif authenticator.meta_type == "JWT Authentication Plugin": jwt_plugin = authenticator if cas_plugin is None or jwt_plugin is None: self.request.response.setStatus(501) return dict(error=dict( type='Login failed', message='CAS/JWT authentication plugin not installed.')) userid = validate_ticket( data['ticket'], cas_plugin.cas_server_url, service, ) user = uf.getUserById(userid) if not user: return dict(error=dict( type='Login failed', message='User with userid {} not found.'.format(userid))) cas_plugin.handle_login(userid) payload = {'fullname': user.getProperty('fullname')} return {'token': jwt_plugin.create_token(userid, data=payload)}
def test_validate_ticket_suceeds_with_valid_ticket(self, MockHTTPSHandler): MockHTTPSHandler.https_request.return_value = MockRequest() MockHTTPSHandler.https_open.return_value = MockResponse( get_data('service_validate_success.xml')) user_id, attrs = validate_ticket('ST-001-abc', 'https://cas.domain.net', 'https://service.domain.net') self.assertEqual(user_id, 'james', 'Wrong validated user ID') self.assertEqual( attrs, { 'authenticationDate': '2014-08-12T19:28:07Z', 'longTermAuthenticationRequestTokenUsed': 'false', 'isFromNewLogin': '******', 'email': '*****@*****.**', 'fullname': 'James Bond' }, 'Wrong validated user attributes')
def authenticateCredentials(self, credentials): # Ignore credentials that are not from our extractor extractor = credentials.get('extractor') if extractor != self.getId(): return None userid = validate_ticket( credentials['ticket'], self.cas_server_url, credentials['service_url'], ) if not userid: return None result = self.login_user(userid) if not result: return None return userid, userid
def authenticateCredentials(self, credentials): # Ignore credentials that are not from our extractor extractor = credentials.get('extractor') if extractor != self.getId(): return None userid = validate_ticket( credentials['ticket'], self.cas_server_url, credentials['service_url'], ) if not userid: return None pas = self._getPAS() info = pas._verifyUser(pas.plugins, user_id=userid) if info is None: return None pas.updateCredentials(self.REQUEST, self.REQUEST.RESPONSE, userid, '') return userid, userid