def callback(request):
timeout = getattr(settings, 'PA_SSO_TIMEOUT', 30)
token = request.GET.get('sso_token', None)
if not verify_url(request, settings.PA_API_SECRET, timeout):
return HttpResponseBadRequest('Failed verifying url')
try:
new_session = GlobalSession.objects.active().get(pk=token)
except GlobalSession.DoesNotExist:
# Ignore expired sessions
pass
else:
if request.sso_session and \
not request.sso_session.user.id == new_session.user.id:
# To avoid reusing another user's session, create a new,
# empty session if the existing session corresponds to a
# different authenticated user.
pa.sso.logout(request)
# Update persistent session / request variables
pa.sso.login(request, new_session)
# Redirect user
if request.sso_session:
next = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL)
else:
next = settings.LOGIN_URL
return HttpResponseRedirect(next)
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
apikey = None
if request.method == 'POST':
params = request.session.get('login_params', dict())
form = PasswordAuthenticationForm(data=request.POST)
if form.is_valid():
# Login!
user = form.get_user()
sso_session = GlobalSession(user=user, expire_date=datetime.utcnow() + timedelta(hours=12))
sso_session.save()
# TODO: Setting Cookies?
# Authenticate Locally
pa.sso.login(request, sso_session)
# Clear the cached login params
if 'login_params' in request.session:
del request.session['login_params']
apikey = pa.api.get_apikey(params)
redirect_to = params.get(redirect_field_name, None)
else:
# Error!
# TODO: Strip password
pass
elif request.method == 'GET':
apikey = pa.api.get_apikey(request.GET)
if apikey and verify_url(request, apikey.secret_bytes):
if request.sso_session:
# Initial Request, already logged in...
redirect_to = request.GET.get(redirect_field_name, None)
else:
# Initial Request, store next link and redirect to this view (cleaning up the URL params)
request.session['login_params'] = request.GET
return HttpResponseRedirect(request.path)
elif apikey:
return HttpResponseBadRequest('URL Signature Failed!')
form = PasswordAuthenticationForm(request)
else:
# Weird HTTP Method
raise NotImplemented
if request.sso_session:
if not redirect_to or not apikey:
# Internal redirects do not need the sso token
redirect_to = settings.LOGIN_REDIRECT_URL
else:
redirect_to = append_query(redirect_to, apikey=apikey.key, sso_token=request.sso_session.key)
redirect_to = sign_url(redirect_to, apikey.secret_bytes)
# Redirect to callback
return HttpResponseRedirect(redirect_to)
else:
# Display Form
request.session.set_test_cookie()
return render_to_response(template_name, {
'form': form,
}, context_instance=RequestContext(request))
def logout(request, redirect_field_name=REDIRECT_FIELD_NAME, template_name='registration/logout.html'):
if request.method == 'GET':
next = '/'
params = request.GET
apikey = pa.api.get_apikey(params)
if apikey and verify_url(request, apikey.secret_bytes):
next = params.get(redirect_field_name, next)
return render_to_response(template_name, {
'next': next,
}, context_instance=RequestContext(request))
elif request.method == 'POST':
GlobalSession.objects.filter(pk=request.sso_session.pk).delete()
pa.sso.logout(request)
next = request.POST.get('next', '/')
return HttpResponseRedirect(next)
