Move the auth stuff to gestion/

- The login views are in `gestion/` - The templates are under `gestion/templates/gestion/` - `cof/shared.py` moves to `gestion/` and is splitted into 3 files: - The auth backends are in `backends.py`. - The context_processor is in `context_processor.py` - The LOCK/UNLOCK functions remain in `shared.py`
2017-02-12 14:14:08 +01:00 · 2017-02-12 14:14:08 +01:00 · a28c00e474
commit a28c00e474
parent 50b667993f
16 changed files with 156 additions and 147 deletions
--- a/gestion/backends.py
+++ b/gestion/backends.py
@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+
+from django.conf import settings
+from django_cas_ng.backends import CASBackend
+from django_cas_ng.utils import get_cas_client
+from django.contrib.auth import get_user_model
+
+from gestion.models import Profile
+
+User = get_user_model()
+
+
+class COFCASBackend(CASBackend):
+    def authenticate_cas(self, ticket, service, request):
+        """Verifies CAS ticket and gets or creates User object"""
+
+        client = get_cas_client(service_url=service)
+        username, attributes, _ = client.verify_ticket(ticket)
+        if attributes:
+            request.session['attributes'] = attributes
+        if not username:
+            return None
+
+        # Le CAS de l'ENS accepte les logins avec des espaces au début
+        # et à la fin, ainsi qu’avec une casse variable. On normalise pour
+        # éviter les doublons.
+        username = username.strip().lower()
+
+        profiles = Profile.objects.filter(login_clipper=username)
+        if len(profiles) > 0:
+            # XXX. We have to deal with multiple profiles, this should not
+            # happen
+            # profile = profiles.order_by('-is_cof')[0]
+            profile = profiles.first()
+            user = profile.user
+            return user
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            # user will have an "unusable" password
+            user = User.objects.create_user(username, '')
+            user.save()
+        return user
+
+    def authenticate(self, ticket, service, request):
+        """Authenticates CAS ticket and retrieves user data"""
+        user = self.authenticate_cas(ticket, service, request)
+        if user is None:
+            return user
+        profile = user.profile
+        if not profile.login_clipper:
+            profile.login_clipper = user.username
+            profile.save()
+        if not user.email:
+            user.email = settings.CAS_EMAIL_FORMAT % profile.login_clipper
+            user.save()
+        return user