Пример #1
0
 def test_invalid_services(self):
     """
     When invalid services are configured, ``service_allowed()``
     should raise ``ImproperlyConfigured``.
     """
     with self.assertRaises(ImproperlyConfigured):
         service_allowed('http://www.example.com')
Пример #2
0
 def test_invalid_services(self):
     """
     When invalid services are configured, ``service_allowed()``
     should raise ``ImproperlyConfigured``.
     """
     with self.assertRaises(ImproperlyConfigured):
         service_allowed('http://www.example.com')
Пример #3
0
 def test_service_allowed(self):
     """
     When valid services are configured, ``service_allowed()``
     should return ``True`` if the provided URL matches, and
     ``False`` otherwise.
     """
     self.assertTrue(service_allowed('http://www.example.com'))
     self.assertFalse(service_allowed('http://www.example.org'))
Пример #4
0
 def test_service_allowed(self):
     """
     When valid services are configured, ``service_allowed()``
     should return ``True`` if the provided URL matches, and
     ``False`` otherwise.
     """
     self.assertTrue(service_allowed('http://www.example.com'))
     self.assertFalse(service_allowed('http://www.example.org'))
Пример #5
0
 def test_custom_backend(self):
     """
     Test that a custom service backend can be used
     """
     # CustomTestServiceBackend allows any service with 'test.com' in
     # addition to defined services
     self.assertFalse(service_allowed('http://www.foo.com'))
     self.assertTrue(service_allowed('http://www.example.com'))
     self.assertTrue(service_allowed('http://www.test.com'))
 def test_custom_backend_security(self):
     """
     Test that a custom service backend can be used and it's service_allowed function is respected, also when the
     `MAMA_CAS_SERVICES` setting isn't present in the django settings.py
     """
     del settings.MAMA_CAS_SERVICES
     # CustomTestServiceBackendNoSettings allows only services containing 'test.com'
     self.assertFalse(service_allowed('http://www.foo.com'))
     self.assertFalse(service_allowed('http://www.example.com'))
     self.assertTrue(service_allowed('http://www.test.com'))
Пример #7
0
 def test_empty_valid_services_tuple(self):
     """
     When no valid services are configured,
     ``service_allowed()`` should return ``True``.
     """
     del settings.MAMA_CAS_SERVICES
     self.assertTrue(service_allowed('http://www.example.com'))
Пример #8
0
 def test_empty_valid_services_tuple(self):
     """
     When no valid services are configured,
     ``service_allowed()`` should return ``True``.
     """
     del settings.MAMA_CAS_SERVICES
     self.assertTrue(service_allowed('http://www.example.com'))
Пример #9
0
    def validate_ticket(self, ticket, service, renew=False, require_https=False):
        """
        Given a ticket string and service identifier, validate the
        corresponding ``Ticket``. If validation succeeds, return the
        ``Ticket``. If validation fails, raise an appropriate error.

        If ``renew`` is ``True``, ``ServiceTicket`` validation will
        only succeed if the ticket was issued from the presentation
        of the user's primary credentials.

        If ``require_https`` is ``True``, ``ServiceTicket`` validation
        will only succeed if the service URL scheme is HTTPS.
        """
        if not ticket:
            raise InvalidRequest("No ticket string provided")

        if not self.model.TICKET_RE.match(ticket):
            raise InvalidTicket("Ticket string %s is invalid" % ticket)

        try:
            t = self.get(ticket=ticket)
        except self.model.DoesNotExist:
            raise InvalidTicket("Ticket %s does not exist" % ticket)

        if t.is_consumed():
            raise InvalidTicket("%s %s has already been used" %
                                (t.name, ticket))
        if t.is_expired():
            raise InvalidTicket("%s %s has expired" % (t.name, ticket))

        if not service:
            raise InvalidRequest("No service identifier provided")

        if require_https and not is_scheme_https(service):
            raise InvalidService("Service %s is not HTTPS" % service)

        if not service_allowed(service):
            raise InvalidService("Service %s is not a valid %s URL" %
                                 (service, t.name))

        try:
            if not match_service(t.service, service):
                raise InvalidService("%s %s for service %s is invalid for "
                        "service %s" % (t.name, ticket, t.service, service))
        except AttributeError:
            pass

        try:
            if renew and not t.is_primary():
                raise InvalidTicket("%s %s was not issued via primary "
                                    "credentials" % (t.name, ticket))
        except AttributeError:
            pass

        logger.debug("Validated %s %s" % (t.name, ticket))
        return t
Пример #10
0
    def validate_ticket(self, ticket, service, renew=False, require_https=False):
        """
        Given a ticket string and service identifier, validate the
        corresponding ``Ticket``. If validation succeeds, return the
        ``Ticket``. If validation fails, raise an appropriate error.

        If ``renew`` is ``True``, ``ServiceTicket`` validation will
        only succeed if the ticket was issued from the presentation
        of the user's primary credentials.

        If ``require_https`` is ``True``, ``ServiceTicket`` validation
        will only succeed if the service URL scheme is HTTPS.
        """
        if not ticket:
            raise InvalidRequest("No ticket string provided")

        if not self.model.TICKET_RE.match(ticket):
            raise InvalidTicket("Ticket string %s is invalid" % ticket)

        try:
            t = self.get(ticket=ticket)
        except self.model.DoesNotExist:
            raise InvalidTicket("Ticket %s does not exist" % ticket)

        if t.is_consumed():
            raise InvalidTicket("%s %s has already been used" %
                                (t.name, ticket))
        if t.is_expired():
            raise InvalidTicket("%s %s has expired" % (t.name, ticket))

        if not service:
            raise InvalidRequest("No service identifier provided")

        if require_https and not is_scheme_https(service):
            raise InvalidService("Service %s is not HTTPS" % service)

        if not service_allowed(service):
            raise InvalidService("Service %s is not a valid %s URL" %
                                 (service, t.name))

        try:
            if not match_service(t.service, service):
                raise InvalidService("%s %s for service %s is invalid for "
                        "service %s" % (t.name, ticket, t.service, service))
        except AttributeError:
            pass

        try:
            if renew and not t.is_primary():
                raise InvalidTicket("%s %s was not issued via primary "
                                    "credentials" % (t.name, ticket))
        except AttributeError:
            pass

        logger.debug("Validated %s %s" % (t.name, ticket))
        return t
Пример #11
0
    def test_invalid_custom_backend(self):
        """
        Test that a custom service backend without properly defined
        attributes raises ``NotImplementedError``
        """

        with self.assertRaises(NotImplementedError):
            service_allowed('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            get_callbacks('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            get_logout_url('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            logout_allowed('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            proxy_allowed('http://www.example.com')
Пример #12
0
    def get(self, request, *args, **kwargs):
        service = request.GET.get('service')
        ticket = request.GET.get('ticket')

        if not service_allowed(service):
            return redirect('cas_login')

        msg = _("Do you want to access %(service)s as %(user)s?") % {
                'service': clean_service_url(service),
                'user': request.user}
        messages.info(request, msg)
        kwargs['service'] = add_query_params(service, {'ticket': ticket})
        return super(WarnView, self).get(request, *args, **kwargs)
Пример #13
0
 def handle(self, **options):
     service = options['service']
     pgturl = options['pgturl']
     if service_allowed(service):
         self.stdout.write('Valid Service: %s' % service)
         self.stdout.write('Proxy Allowed: %s' % proxy_allowed(service))
         if pgturl:
             self.stdout.write('Proxy Callback Allowed: %s' %
                               proxy_callback_allowed(service, pgturl))
         self.stdout.write('Logout Allowed: %s' % logout_allowed(service))
         self.stdout.write('Logout URL: %s' % get_logout_url(service))
         self.stdout.write('Callbacks: %s' % get_callbacks(service))
     else:
         self.stdout.write(self.style.ERROR('Invalid Service: %s' %
                                            service))
Пример #14
0
def redirect(to, *args, **kwargs):
    """
    Similar to the Django ``redirect`` shortcut but with altered
    functionality. If an optional ``params`` argument is provided, the
    dictionary items will be injected as query parameters on the
    redirection URL.
    """
    params = kwargs.pop('params', {})

    try:
        to = urlresolvers.reverse(to, args=args, kwargs=kwargs)
    except urlresolvers.NoReverseMatch:
        if '/' not in to and '.' not in to:
            to = urlresolvers.reverse('cas_login')
        elif not service_allowed(to):
            raise PermissionDenied()

    if params:
        to = add_query_params(to, params)

    logger.debug("Redirecting to %s" % to)
    return HttpResponseRedirect(to)
Пример #15
0
def redirect(to, *args, **kwargs):
    """
    Similar to the Django ``redirect`` shortcut but with altered
    functionality. If an optional ``params`` argument is provided, the
    dictionary items will be injected as query parameters on the
    redirection URL.
    """
    params = kwargs.pop('params', {})

    try:
        to = urlresolvers.reverse(to, args=args, kwargs=kwargs)
    except urlresolvers.NoReverseMatch:
        if '/' not in to and '.' not in to:
            to = urlresolvers.reverse('cas_login')
        elif not service_allowed(to):
            raise PermissionDenied()

    if params:
        to = add_query_params(to, params)

    logger.debug("Redirecting to %s" % to)
    return HttpResponseRedirect(to)
Пример #16
0
    def handle(self, **options):
        self.service = options['service']
        self.pgturl = options['pgturl']
        self.verbosity = options['verbosity']

        if service_allowed(self.service):
            try:
                self.stdout.write(self.style.SUCCESS("Valid service: %s" % self.service))
            except AttributeError:
                # Django 1.8 does not have the "Success" style
                self.stdout.write(self.style.SQL_FIELD("Valid service: %s" % self.service))
            if self.verbosity >= 1:
                self.format_output('Proxy allowed', proxy_allowed(self.service))
                if self.pgturl:
                    self.format_output('Proxy callback allowed', proxy_callback_allowed(self.service, self.pgturl))
                self.format_output('Logout allowed', logout_allowed(self.service))
                self.format_output('Logout URL', get_logout_url(self.service))
                self.format_output('Callbacks', ', '.join(get_callbacks(self.service)))
            if self.verbosity >= 2:
                self.format_output('Backend', get_backend_path(self.service))
        else:
            self.stdout.write(self.style.ERROR("Invalid service: %s" % self.service))
Пример #17
0
 def test_empty_services(self):
     """
     When no valid services are configured,
     ``service_allowed()`` should return ``True``.
     """
     self.assertTrue(service_allowed('http://www.example.com'))
Пример #18
0
 def test_empty_services(self):
     """
     When no valid services are configured,
     ``service_allowed()`` should return ``True``.
     """
     self.assertTrue(service_allowed('http://www.example.com'))