diff --git a/gestiojeux/settings_base.py b/gestiojeux/settings_base.py index 126c8ac..999788a 100644 --- a/gestiojeux/settings_base.py +++ b/gestiojeux/settings_base.py @@ -40,7 +40,7 @@ MIDDLEWARE = [ "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", - 'django_cas_ng.middleware.CASMiddleware' + "django_cas_ng.middleware.CASMiddleware", ] ROOT_URLCONF = "gestiojeux.urls" @@ -64,8 +64,8 @@ TEMPLATES = [ WSGI_APPLICATION = "gestiojeux.wsgi.application" AUTHENTICATION_BACKENDS = ( - 'django.contrib.auth.backends.ModelBackend', - 'django_cas_ng.backends.CASBackend', + "django.contrib.auth.backends.ModelBackend", + "django_cas_ng.backends.CASBackend", ) # Password validation @@ -90,8 +90,10 @@ STATIC_URL = "/static/" MEDIA_URL = "/media/" CAS_SERVER_URL = "https://cas.eleves.ens.fr/" -CAS_VERSION = "2" -CAS_LOGIN_MSG = None +CAS_VERIFY_URL = "https://cas.eleves.ens.fr/" +CAS_VERSION = "CAS_2_SAML_1_0" CAS_IGNORE_REFERER = True -CAS_EMAIL_FORMAT = "%s@clipper.ens.fr" - +CAS_FORCE_CHANGE_USERNAME_CASE = "lower" +CAS_LOGIN_MSG = None +CAS_LOGIN_URL_NAME = "gestiojeux_auth:cas_ng_login" +CAS_LOGOUT_URL_NAME = "gestiojeux_auth:cas_ng_logout" diff --git a/gestiojeux_auth/urls.py b/gestiojeux_auth/urls.py index 05a5d80..eeb00a6 100644 --- a/gestiojeux_auth/urls.py +++ b/gestiojeux_auth/urls.py @@ -1,6 +1,6 @@ from django.urls import include, path import django.contrib.auth.views as dj_auth_views -from .views import login, logout +from .views import LoginView, LogoutView import django_cas_ng.views app_name = "gestiojeux_auth" @@ -17,8 +17,8 @@ cas_patterns = [ accounts_patterns = [ path("cas/", include(cas_patterns)), - path("login/", login, name="login"), - path("logout/", logout, name="logout"), + path("login/", LoginView.as_view(), name="login"), + path("logout/", LogoutView.as_view(), name="logout"), path("password_login/", dj_auth_views.LoginView.as_view(), name="password_login"), ] diff --git a/gestiojeux_auth/views.py b/gestiojeux_auth/views.py index 16b3ed6..6d8869d 100644 --- a/gestiojeux_auth/views.py +++ b/gestiojeux_auth/views.py @@ -1,52 +1,83 @@ -from django.shortcuts import render, redirect +from django.views.generic import TemplateView, RedirectView +from django.shortcuts import redirect from django.urls import reverse +from django.dispatch import receiver from django.contrib.auth import logout as auth_logout -from django.contrib.auth.decorators import login_required +from django.contrib.auth import user_logged_in, user_logged_out, user_login_failed +from django.contrib import messages from urllib.parse import quote as urlquote -def login(req): - if req.user.is_authenticated: - return redirect("mainsite:home") +class LoginView(TemplateView): + template_name = "registration/login_switch.html" - if req.method == "GET": - reqDict = req.GET - elif req.method == "POST": - reqDict = req.POST - if "next" in reqDict: - nextUrl = reqDict["next"] - context = { - "pass_url": "{}?next={}".format( - reverse("gestiojeux_auth:password_login"), urlquote(nextUrl, safe="") - ), - "cas_url": "{}?next={}".format( - reverse("gestiojeux_auth:cas_ng_login"), urlquote(nextUrl, safe="") - ), - } - else: - context = { - "pass_url": reverse("gestiojeux_auth:password_login"), - "cas_url": reverse("gestiojeux_auth:cas_ng_login"), - } - - return render(req, "registration/login_switch.html", context=context) - - -@login_required -def logout(req): - CAS_BACKEND_NAME = "django_cas_ng.backends.CASBackend" - if req.session["_auth_user_backend"] != CAS_BACKEND_NAME: - auth_logout(req) - if "next" in req.GET: - return redirect(req.GET["next"]) - return redirect("mainsite:home") - - if "next" in req.GET: - return redirect( - "{}?next={}".format( - reverse("gestiojeux_auth:cas_ng_logout"), - urlquote(req.GET["next"], safe=""), + def dispatch(self, request, *args, **kwargs): + if request.user.is_authenticated: + messages.warning( + request, + "Vous êtes déjà connecté·e en tant que {}.".format( + request.user.username + ), ) - ) - return redirect("gestiojeux_auth:cas_ng_logout") + return redirect(self.get_next_url() or "/") + + return super().dispatch(request, *args, **kwargs) + + def get_next_url(self): + if self.request.method == "GET": + req_dict = self.request.GET + elif self.request.method == "POST": + req_dict = self.request.POST + return req_dict.get("next") + + def get_context_data(self, **kwargs): + context = super().get_context_data(**kwargs) + + next_url = self.get_next_url() + if next_url: + context["pass_url"] = "{}?next={}".format( + reverse("gestiojeux_auth:password_login"), urlquote(next_url, safe="") + ) + context["cas_url"] = "{}?next={}".format( + reverse("gestiojeux_auth:cas_ng_login"), urlquote(next_url, safe="") + ) + else: + context["pass_url"] = reverse("gestiojeux_auth:password_login") + context["cas_url"] = reverse("gestiojeux_auth:cas_ng_login") + + return context + + +class LogoutView(RedirectView): + permanent = False + + def get_redirect_url(self, *args, **kwargs): + CAS_BACKEND_NAME = "django_cas_ng.backends.CASBackend" + if self.request.session["_auth_user_backend"] != CAS_BACKEND_NAME: + auth_logout(self.request) + if "next" in self.request.GET: + return self.request.GET["next"] + return reverse("mainsite:home") + + if "next" in self.request.GET: + return "{}?next={}".format( + reverse("gestiojeux_auth:cas_ng_logout"), + urlquote(self.request.GET["next"], safe=""), + ) + return reverse("gestiojeux_auth:cas_ng_logout") + + +@receiver(user_logged_in) +def on_login(request, user, **kwargs): + messages.success(request, "Connexion réussie. Bienvenue, {}.".format(user)) + + +@receiver(user_logged_out) +def on_logout(request, **kwargs): + messages.info(request, "Vous avez bien été déconnecté·e.") + + +@receiver(user_login_failed) +def on_login_failed(request, **kwargs): + messages.error(request, "Connexion échouée.")