Compare commits
6 commits
master
...
fix-shared
Author | SHA1 | Date | |
---|---|---|---|
|
89cb540f02 | ||
|
c3d6e2b144 | ||
|
27c7a47c46 | ||
|
f8ebff12f3 | ||
|
975cc4aa1d | ||
|
316f6b1041 |
2 changed files with 41 additions and 17 deletions
|
@ -166,10 +166,19 @@ class GenericLoginViewTests(TestCase):
|
||||||
self.client.login(username="team", password="team")
|
self.client.login(username="team", password="team")
|
||||||
|
|
||||||
r = self.client.post(self.url)
|
r = self.client.post(self.url)
|
||||||
|
profile = getattr(self.user, "profile", None)
|
||||||
self.assertRedirects(
|
if profile and profile.login_clipper:
|
||||||
r, "/logout?next={}".format(self.url), fetch_redirect_response=False
|
self.assertRedirects(
|
||||||
)
|
r,
|
||||||
|
"https://cas.eleves.ens.fr/logout?service={}".format(self.url),
|
||||||
|
fetch_redirect_response=False,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
self.assertRedirects(
|
||||||
|
r,
|
||||||
|
"/logout?next=http%3A%2F%2Ftestserver{}".format(self.url),
|
||||||
|
fetch_redirect_response=False,
|
||||||
|
)
|
||||||
|
|
||||||
def test_notoken_not_team(self):
|
def test_notoken_not_team(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
from django.conf import settings as django_settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.contrib.auth import authenticate, login
|
from django.contrib.auth import authenticate, login
|
||||||
from django.contrib.auth.decorators import permission_required
|
from django.contrib.auth.decorators import permission_required
|
||||||
|
@ -42,7 +43,7 @@ class GenericLoginView(View):
|
||||||
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
# Step 1: set token and logout user.
|
# Step 1: set token and logout user.
|
||||||
return self.prepare_auth()
|
return self.prepare_auth(request)
|
||||||
else:
|
else:
|
||||||
# GET request should not change server/client states. Send a
|
# GET request should not change server/client states. Send a
|
||||||
# confirmation template to emit a POST request.
|
# confirmation template to emit a POST request.
|
||||||
|
@ -61,22 +62,36 @@ class GenericLoginView(View):
|
||||||
# Step 2: validate token.
|
# Step 2: validate token.
|
||||||
return self.validate_auth(token)
|
return self.validate_auth(token)
|
||||||
|
|
||||||
def prepare_auth(self):
|
def prepare_auth(self, request):
|
||||||
# Issue token.
|
# Issue token.
|
||||||
token = GenericTeamToken.objects.create_token()
|
token = GenericTeamToken.objects.create_token()
|
||||||
|
|
||||||
# Prepare callback of logout.
|
# When CAS logs the user out, the generic login has to be called back.
|
||||||
here_url = reverse(login_generic)
|
# The corresponding callback URL is provided as a GET parameter.
|
||||||
if "next" in self.request.GET:
|
# The renaming of the CAS logout "url" parameter to "service" is being forced,
|
||||||
# Keep given next page.
|
# which is why the CAS logout URL with callback is constructed ad hoc,
|
||||||
here_qd = QueryDict(mutable=True)
|
# without relying on Django redirection to Django CAS.
|
||||||
here_qd["next"] = self.request.GET["next"]
|
|
||||||
here_url += "?{}".format(here_qd.urlencode())
|
|
||||||
|
|
||||||
logout_url = reverse("cof-logout")
|
here_url = request.build_absolute_uri() # preserves next parameter
|
||||||
logout_qd = QueryDict(mutable=True)
|
profile = getattr(request.user, "profile", None)
|
||||||
logout_qd["next"] = here_url
|
|
||||||
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
|
if profile and profile.login_clipper:
|
||||||
|
generic_login_url = here_url
|
||||||
|
generic_login_qd = QueryDict(mutable=True)
|
||||||
|
generic_login_qd["service"] = generic_login_url
|
||||||
|
|
||||||
|
cas_server_url = django_settings.CAS_SERVER_URL
|
||||||
|
cas_logout_url = cas_server_url + "logout"
|
||||||
|
cas_callback_url = cas_logout_url + "?{}".format(
|
||||||
|
generic_login_qd.urlencode()
|
||||||
|
)
|
||||||
|
|
||||||
|
logout_url = cas_callback_url
|
||||||
|
else:
|
||||||
|
logout_url = reverse("cof-logout")
|
||||||
|
logout_qd = QueryDict(mutable=True)
|
||||||
|
logout_qd["next"] = here_url
|
||||||
|
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
|
||||||
|
|
||||||
resp = redirect(logout_url)
|
resp = redirect(logout_url)
|
||||||
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)
|
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)
|
||||||
|
|
Loading…
Reference in a new issue