Compare commits

...

6 commits

Author SHA1 Message Date
Antonin Reitz
89cb540f02 Fix non-CAS users case 2019-11-27 12:57:14 +01:00
Antonin Reitz
c3d6e2b144 Reformat for black linter 2019-11-27 12:01:52 +01:00
Antonin Reitz
27c7a47c46 Simplify the code 2019-11-27 11:51:29 +01:00
Antonin Reitz
f8ebff12f3 Patch 1/2 failing tests 2019-11-27 10:41:52 +01:00
Antonin Reitz
975cc4aa1d Reformat for black linter 2019-11-27 10:41:52 +01:00
Antonin Reitz
316f6b1041 Force CAS logout redirection parameter name
'service' instead of 'url'
2019-11-27 10:41:52 +01:00
2 changed files with 41 additions and 17 deletions

View file

@ -166,10 +166,19 @@ class GenericLoginViewTests(TestCase):
self.client.login(username="team", password="team")
r = self.client.post(self.url)
self.assertRedirects(
r, "/logout?next={}".format(self.url), fetch_redirect_response=False
)
profile = getattr(self.user, "profile", None)
if profile and profile.login_clipper:
self.assertRedirects(
r,
"https://cas.eleves.ens.fr/logout?service={}".format(self.url),
fetch_redirect_response=False,
)
else:
self.assertRedirects(
r,
"/logout?next=http%3A%2F%2Ftestserver{}".format(self.url),
fetch_redirect_response=False,
)
def test_notoken_not_team(self):
"""

View file

@ -1,3 +1,4 @@
from django.conf import settings as django_settings
from django.contrib import messages
from django.contrib.auth import authenticate, login
from django.contrib.auth.decorators import permission_required
@ -42,7 +43,7 @@ class GenericLoginView(View):
if request.method == "POST":
# Step 1: set token and logout user.
return self.prepare_auth()
return self.prepare_auth(request)
else:
# GET request should not change server/client states. Send a
# confirmation template to emit a POST request.
@ -61,22 +62,36 @@ class GenericLoginView(View):
# Step 2: validate token.
return self.validate_auth(token)
def prepare_auth(self):
def prepare_auth(self, request):
# Issue token.
token = GenericTeamToken.objects.create_token()
# Prepare callback of logout.
here_url = reverse(login_generic)
if "next" in self.request.GET:
# Keep given next page.
here_qd = QueryDict(mutable=True)
here_qd["next"] = self.request.GET["next"]
here_url += "?{}".format(here_qd.urlencode())
# When CAS logs the user out, the generic login has to be called back.
# The corresponding callback URL is provided as a GET parameter.
# The renaming of the CAS logout "url" parameter to "service" is being forced,
# which is why the CAS logout URL with callback is constructed ad hoc,
# without relying on Django redirection to Django CAS.
logout_url = reverse("cof-logout")
logout_qd = QueryDict(mutable=True)
logout_qd["next"] = here_url
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
here_url = request.build_absolute_uri() # preserves next parameter
profile = getattr(request.user, "profile", None)
if profile and profile.login_clipper:
generic_login_url = here_url
generic_login_qd = QueryDict(mutable=True)
generic_login_qd["service"] = generic_login_url
cas_server_url = django_settings.CAS_SERVER_URL
cas_logout_url = cas_server_url + "logout"
cas_callback_url = cas_logout_url + "?{}".format(
generic_login_qd.urlencode()
)
logout_url = cas_callback_url
else:
logout_url = reverse("cof-logout")
logout_qd = QueryDict(mutable=True)
logout_qd["next"] = here_url
logout_url += "?{}".format(logout_qd.urlencode(safe="/"))
resp = redirect(logout_url)
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)