Switch to Authens for GestioCOF authentication

This commit is contained in:
Martin Pépin 2020-09-17 21:35:15 +02:00
parent 26455ae5c6
commit a98e56d316
No known key found for this signature in database
GPG key ID: E7520278B1774448
8 changed files with 18 additions and 124 deletions

View file

@ -18,17 +18,5 @@ STATIC_URL = "/gestion2/static/"
MEDIA_ROOT = "/srv/bds.ens.fr/gestion2/media" MEDIA_ROOT = "/srv/bds.ens.fr/gestion2/media"
MEDIA_URL = "/gestion2/media/" MEDIA_URL = "/gestion2/media/"
# ---
# Auth-related stuff
# ---
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
"authens.backends.ENSCASBackend",
"authens.backends.OldCASBackend",
]
LOGIN_URL = "authens:login"
LOGIN_REDIRECT_URL = "bds:home" LOGIN_REDIRECT_URL = "bds:home"
LOGOUT_REDIRECT_URL = "bds:home" LOGOUT_REDIRECT_URL = "bds:home"

View file

@ -4,7 +4,6 @@ The settings that are not listed here are imported from .common
""" """
import os import os
from .common import * # NOQA
from .common import ( from .common import (
AUTHENTICATION_BACKENDS, AUTHENTICATION_BACKENDS,
BASE_DIR, BASE_DIR,
@ -14,6 +13,8 @@ from .common import (
import_secret, import_secret,
) )
from .common import * # NOQA
# --- # ---
# COF-specific secrets # COF-specific secrets
# --- # ---
@ -108,13 +109,10 @@ CORS_ORIGIN_WHITELIST = ("bda.ens.fr", "www.bda.ens.fr" "cof.ens.fr", "www.cof.e
# Auth-related stuff # Auth-related stuff
# --- # ---
AUTHENTICATION_BACKENDS += [ AUTHENTICATION_BACKENDS.append("kfet.auth.backends.GenericBackend")
"gestioncof.shared.COFCASBackend",
"kfet.auth.backends.GenericBackend",
]
LOGIN_URL = "cof-login"
LOGIN_REDIRECT_URL = "home" LOGIN_REDIRECT_URL = "home"
LOGOUT_REDIRECT_URL = "home"
# --- # ---
# Cache settings # Cache settings

View file

@ -134,13 +134,11 @@ FORMAT_MODULE_PATH = "cof.locale"
# Auth-related stuff # Auth-related stuff
# --- # ---
AUTHENTICATION_BACKENDS = ["django.contrib.auth.backends.ModelBackend"] AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
CAS_SERVER_URL = "https://cas.eleves.ens.fr/" "authens.backends.ENSCASBackend",
CAS_VERSION = "2" ]
CAS_LOGIN_MSG = None
CAS_IGNORE_REFERER = True
CAS_REDIRECT_URL = "/"
CAS_EMAIL_FORMAT = "%s@clipper.ens.fr"
AUTHENS_USE_OLDCAS = False AUTHENS_USE_OLDCAS = False
LOGIN_URL = "authens:login"

View file

@ -11,7 +11,7 @@
</a> </a>
<div class="secondary"> <div class="secondary">
<span class="hidden-xxs">&nbsp;&nbsp;|&nbsp; </span> <span class="hidden-xxs">&nbsp;&nbsp;|&nbsp; </span>
<span><a href="{% url "cof-logout" %}">Se déconnecter&nbsp;<span class="glyphicon glyphicon-log-out"></span></a></span> <span><a href="{% url "authens:logout" %}">Se déconnecter&nbsp;<span class="glyphicon glyphicon-log-out"></span></a></span>
</div> </div>
<h2 class="member-status">{% if user.first_name %}{{ user.first_name }}{% else %}<tt>{{ user.username }}</tt>{% endif %}, {% if user.profile.is_cof %}<tt class="user-is-cof">au COF{% else %}<tt class="user-is-not-cof">non-COF{% endif %}</tt></h2> <h2 class="member-status">{% if user.first_name %}{{ user.first_name }}{% else %}<tt>{{ user.username }}</tt>{% endif %}, {% if user.profile.is_cof %}<tt class="user-is-cof">au COF{% else %}<tt class="user-is-not-cof">non-COF{% endif %}</tt></h2>
</div><!-- /.container --> </div><!-- /.container -->

View file

@ -1,7 +1,7 @@
from authens.views import LogoutView
from django.contrib.auth import views as django_auth_views from django.contrib.auth import views as django_auth_views
from django.urls import include, path from django.urls import include, path
from django.views.generic.base import TemplateView from django.views.generic.base import TemplateView
from django_cas_ng import views as django_cas_views
from gestioncof import csv_views, views from gestioncof import csv_views, views
@ -96,21 +96,7 @@ urlpatterns = [
TemplateView.as_view(template_name="cof-denied.html"), TemplateView.as_view(template_name="cof-denied.html"),
name="cof-denied", name="cof-denied",
), ),
path("cas/login", django_cas_views.LoginView.as_view(), name="cas_login_view"), path("admin/logout/", LogoutView.as_view()),
path("cas/logout", django_cas_views.LogoutView.as_view()),
path(
"outsider/login",
views.LoginExtView.as_view(),
name="ext_login_view",
),
path(
"outsider/logout",
django_auth_views.LogoutView.as_view(),
{"next_page": "home"},
),
path("login", views.login, name="cof-login"),
path("logout", views.logout, name="cof-logout"),
path("admin/logout/", views.logout),
# ----- # -----
# Infos persos # Infos persos
# ----- # -----

View file

@ -2,17 +2,12 @@ import csv
import uuid import uuid
from datetime import timedelta from datetime import timedelta
from smtplib import SMTPRecipientsRefused from smtplib import SMTPRecipientsRefused
from urllib.parse import parse_qs, urlencode, urlparse, urlunparse
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.contrib.auth.views import ( from django.contrib.auth.views import redirect_to_login
LoginView as DjangoLoginView,
LogoutView as DjangoLogoutView,
redirect_to_login,
)
from django.contrib.sites.models import Site from django.contrib.sites.models import Site
from django.core.mail import send_mail from django.core.mail import send_mail
from django.http import Http404, HttpResponse, HttpResponseForbidden from django.http import Http404, HttpResponse, HttpResponseForbidden
@ -22,7 +17,6 @@ from django.urls import reverse_lazy
from django.utils import timezone from django.utils import timezone
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.views.generic import FormView, TemplateView from django.views.generic import FormView, TemplateView
from django_cas_ng.views import LogoutView as CasLogoutView
from icalendar import Calendar, Event as Vevent from icalendar import Calendar, Event as Vevent
from bda.models import Spectacle, Tirage from bda.models import Spectacle, Tirage
@ -34,7 +28,6 @@ from gestioncof.forms import (
EventForm, EventForm,
EventFormset, EventFormset,
EventStatusFilterForm, EventStatusFilterForm,
ExteAuthenticationForm,
GestioncofConfigForm, GestioncofConfigForm,
PhoneForm, PhoneForm,
ProfileForm, ProfileForm,
@ -79,75 +72,6 @@ class HomeView(LoginRequiredMixin, TemplateView):
return context return context
def login(request):
if request.user.is_authenticated:
return redirect("home")
context = {}
if request.method == "GET" and "next" in request.GET:
context["next"] = request.GET["next"]
return render(request, "login_switch.html", context)
class LoginExtView(DjangoLoginView):
template_name = "login.html"
form_class = ExteAuthenticationForm
def form_invalid(self, form):
for e in form.non_field_errors().as_data():
if e.code in ["has_clipper", "no_password"]:
return render(self.request, "login_error.html", {"error_code": e.code})
return super().form_invalid(form)
class CustomCasLogoutView(CasLogoutView):
"""
Actuellement, le CAS de l'ENS est pété et n'a pas le bon paramètre GET
pour rediriger après déconnexion. On change la redirection à la main
dans la vue de logout.
"""
def get(self, request):
# CasLogoutView.get() retourne un HttpResponseRedirect
response = super().get(request)
parse_result = urlparse(response.url)
qd = parse_qs(parse_result.query)
if "url" in qd.keys():
# Le 2e pop est nécessaire car CAS n'aime pas
# les paramètres sous forme de liste
qd["service"] = qd.pop("url").pop()
# La méthode _replace est documentée !
new_url = parse_result._replace(query=urlencode(qd))
return redirect(urlunparse(new_url))
@login_required
def logout(request, next_page=None):
if next_page is None:
next_page = request.GET.get("next", None)
profile = getattr(request.user, "profile", None)
if profile and profile.login_clipper:
if next_page is None:
# On ne voit pas les messages quand on se déconnecte de CAS
msg = None
else:
msg = _("Déconnexion de GestioCOF et CAS réussie. À bientôt {}.")
logout_view = CustomCasLogoutView.as_view()
else:
msg = _("Déconnexion de GestioCOF réussie. À bientôt {}.")
logout_view = DjangoLogoutView.as_view(
next_page=next_page, template_name="logout.html"
)
if msg is not None:
messages.success(request, msg.format(request.user.get_short_name()))
return logout_view(request)
@login_required @login_required
def survey(request, survey_id): def survey(request, survey_id):
survey = get_object_or_404( survey = get_object_or_404(

View file

@ -73,7 +73,7 @@ class GenericLoginView(View):
here_qd["next"] = self.request.GET["next"] here_qd["next"] = self.request.GET["next"]
here_url += "?{}".format(here_qd.urlencode()) here_url += "?{}".format(here_qd.urlencode())
logout_url = reverse("cof-logout") logout_url = reverse("authens:logout")
logout_qd = QueryDict(mutable=True) logout_qd = QueryDict(mutable=True)
logout_qd["next"] = here_url logout_qd["next"] = here_url
logout_url += "?{}".format(logout_qd.urlencode(safe="/")) logout_url += "?{}".format(logout_qd.urlencode(safe="/"))

View file

@ -101,7 +101,7 @@
{% endif %} {% endif %}
<li class="divider"></li> <li class="divider"></li>
<li> <li>
<a href="{% url "cof-logout" %}?next={{ kfet_home_url|urlencode }}"> <a href="{% url "authens:logout" %}?next={{ kfet_home_url|urlencode }}">
<span class="glyphicon glyphicon-log-out"></span><span>Déconnexion</span> <span class="glyphicon glyphicon-log-out"></span><span>Déconnexion</span>
</a> </a>
</li> </li>
@ -110,13 +110,13 @@
{% endif %} {% endif %}
{% if user.is_authenticated and not perms.kfet.is_team %} {% if user.is_authenticated and not perms.kfet.is_team %}
<li> <li>
<a href="{% url "cof-logout" %}?next={{ kfet_home_url|urlencode }}" title="Déconnexion"> <a href="{% url "authens:logout" %}?next={{ kfet_home_url|urlencode }}" title="Déconnexion">
<span class="glyphicon glyphicon-log-out"></span> <span class="glyphicon glyphicon-log-out"></span>
</a> </a>
</li> </li>
{% elif not user.is_authenticated %} {% elif not user.is_authenticated %}
<li> <li>
<a href="{% url "cof-login" %}?next={{ request.path|urlencode }}" title="Connexion"> <a href="{% url "authens:login" %}?next={{ request.path|urlencode }}" title="Connexion">
<span>Connexion</span><!-- <span>Connexion</span><!--
--><span class="glyphicon glyphicon-log-in"></span> --><span class="glyphicon glyphicon-log-in"></span>
</a> </a>