class CASAuthProvider(AuthProvider): """Provides authentication using CAS The type name to instantiate this provider is *cas*. """ def __init__(self, *args, **kwargs): super(CASAuthProvider, self).__init__(*args, **kwargs) self.settings.setdefault('callback_uri', '/cas_auth/{}'.format(self.name)) if not self.settings.get('cas_url_base'): raise MultipassException( "`cas_url_base` must be specified in the provider settings") self.cas_client = CASClient(self.settings['cas_url_base'], auth_prefix='') self.cas_endpoint = '_flaskmultipass_cas_' + self.name current_app.add_url_rule(self.settings['callback_uri'], self.cas_endpoint, self._authorize_callback, methods=('GET', 'POST')) @property def cas_callback_url(self): return request.url_root + self.settings['callback_uri'] def initiate_external_login(self): cas_login_url = self.cas_client.get_login_url( service_url=self.cas_callback_url) return redirect(cas_login_url) def process_logout(self, return_url): cas_logout_url = self.cas_client.get_logout_url( service_url=self.cas_callback_url) return redirect(cas_logout_url) def _make_auth_info(self, resp): return AuthInfo(self, token=resp[self.settings['token_field']]) @login_view def _authorize_callback(self): ticket = request.args.get('ticket') if not ticket: raise AuthenticationFailed('ticket is not provided') cas_response = self.cas_client.perform_service_validate( ticket=ticket, service_url=self.cas_callback_url, ) if cas_response and cas_response.success: auth_info = cas_response.attributes auth_info['_username'] = cas_response.user return self.multipass.handle_auth_success( AuthInfo(self, **auth_info)) raise AuthenticationFailed("CAS result: Access denied")
def logout(): """Logs a user out""" #CAS client init cas_client = CASClient(app.config['CAS_SERVER_URL'], app.config['CAS_SERVICE_URL'], verify_certificates=True) # destroy the session cas_ticket = session.get('cas_ticket', None) cortex.lib.user.clear_session() if cas_ticket is not None: # Tell cas about the logout return redirect(cas_client.get_logout_url()) else: return login()
def test_get_logout_url(self): cas_client = CASClient("dummy.url") service_url = "app.url" url = cas_client.get_logout_url(service_url=service_url) self.assertEqual(url, "dummy.url/cas/logout?service=app.url")
def test_get_logout_url(self): cas_client = CASClient('https://dummy.url') service_url = 'https://app.url' url = cas_client.get_logout_url(service_url=service_url) self.assertEqual( url, 'https://dummy.url/cas/logout?service=https://app.url')