forked from DGNum/gestioCOF
Compare commits
6 commits
master
...
fix-shared
Author | SHA1 | Date | |
---|---|---|---|
|
89cb540f02 | ||
|
c3d6e2b144 | ||
|
27c7a47c46 | ||
|
f8ebff12f3 | ||
|
975cc4aa1d | ||
|
316f6b1041 |
2 changed files with 41 additions and 17 deletions
|
@ -166,10 +166,19 @@ class GenericLoginViewTests(TestCase):
|
|||
self.client.login(username="team", password="team")
|
||||
|
||||
r = self.client.post(self.url)
|
||||
|
||||
self.assertRedirects(
|
||||
r, "/logout?next={}".format(self.url), fetch_redirect_response=False
|
||||
)
|
||||
profile = getattr(self.user, "profile", None)
|
||||
if profile and profile.login_clipper:
|
||||
self.assertRedirects(
|
||||
r,
|
||||
"https://cas.eleves.ens.fr/logout?service={}".format(self.url),
|
||||
fetch_redirect_response=False,
|
||||
)
|
||||
else:
|
||||
self.assertRedirects(
|
||||
r,
|
||||
"/logout?next=http%3A%2F%2Ftestserver{}".format(self.url),
|
||||
fetch_redirect_response=False,
|
||||
)
|
||||
|
||||
def test_notoken_not_team(self):
|
||||
"""
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from django.conf import settings as django_settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import authenticate, login
|
||||
from django.contrib.auth.decorators import permission_required
|
||||
|
@ -42,7 +43,7 @@ class GenericLoginView(View):
|
|||
|
||||
if request.method == "POST":
|
||||
# Step 1: set token and logout user.
|
||||
return self.prepare_auth()
|
||||
return self.prepare_auth(request)
|
||||
else:
|
||||
# GET request should not change server/client states. Send a
|
||||
# confirmation template to emit a POST request.
|
||||
|
@ -61,22 +62,36 @@ class GenericLoginView(View):
|
|||
# Step 2: validate token.
|
||||
return self.validate_auth(token)
|
||||
|
||||
def prepare_auth(self):
|
||||
def prepare_auth(self, request):
|
||||
# Issue token.
|
||||
token = GenericTeamToken.objects.create_token()
|
||||
|
||||
# Prepare callback of logout.
|
||||
here_url = reverse(login_generic)
|
||||
if "next" in self.request.GET:
|
||||
# Keep given next page.
|
||||
here_qd = QueryDict(mutable=True)
|
||||
here_qd["next"] = self.request.GET["next"]
|
||||
here_url += "?{}".format(here_qd.urlencode())
|
||||
# When CAS logs the user out, the generic login has to be called back.
|
||||
# The corresponding callback URL is provided as a GET parameter.
|
||||
# The renaming of the CAS logout "url" parameter to "service" is being forced,
|
||||
# which is why the CAS logout URL with callback is constructed ad hoc,
|
||||
# without relying on Django redirection to Django CAS.
|
||||
|
||||
logout_url = reverse("cof-logout")
|
||||
logout_qd = QueryDict(mutable=True)
|
||||
logout_qd["next"] = here_url
|
||||
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
|
||||
here_url = request.build_absolute_uri() # preserves next parameter
|
||||
profile = getattr(request.user, "profile", None)
|
||||
|
||||
if profile and profile.login_clipper:
|
||||
generic_login_url = here_url
|
||||
generic_login_qd = QueryDict(mutable=True)
|
||||
generic_login_qd["service"] = generic_login_url
|
||||
|
||||
cas_server_url = django_settings.CAS_SERVER_URL
|
||||
cas_logout_url = cas_server_url + "logout"
|
||||
cas_callback_url = cas_logout_url + "?{}".format(
|
||||
generic_login_qd.urlencode()
|
||||
)
|
||||
|
||||
logout_url = cas_callback_url
|
||||
else:
|
||||
logout_url = reverse("cof-logout")
|
||||
logout_qd = QueryDict(mutable=True)
|
||||
logout_qd["next"] = here_url
|
||||
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
|
||||
|
||||
resp = redirect(logout_url)
|
||||
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)
|
||||
|
|
Loading…
Reference in a new issue