an auth view to validate (username, password, service) by remote service

2015-06-03 18:15:37 +02:00 · 2015-06-03 18:15:37 +02:00 · cb84936b6c
parent 690c2c3b29
commit cb84936b6c
3 changed files with 47 additions and 3 deletions
--- a/cas_server/models.py
+++ b/cas_server/models.py
@ -102,16 +102,18 @@ class User(models.Model):
        url = utils.update_url(service, {'ticket':ticket.value})
        return url

-class BadUsername(Exception):
+class ServicePatternException(Exception):
+    pass
+class BadUsername(ServicePatternException):
    """Exception raised then an non allowed username
    try to get a ticket for a service"""
    pass
-class BadFilter(Exception):
+class BadFilter(ServicePatternException):
    """"Exception raised then a user try
    to get a ticket for a service and do not reach a condition"""
    pass

-class UserFieldNotDefined(Exception):
+class UserFieldNotDefined(ServicePatternException):
    """Exception raised then a user try to get a ticket for a service
    using as username an attribut not present on this user"""
    pass
--- a/cas_server/urls.py
+++ b/cas_server/urls.py
@ -27,5 +27,6 @@ urlpatterns = patterns(
    url('^p3/serviceValidate$', views.ValidateService.as_view(allow_proxy_ticket=False), name='p3_serviceValidate'),
    url('^p3/proxyValidate$', views.ValidateService.as_view(allow_proxy_ticket=True), name='p3_proxyValidate'),
    url('^samlValidate$', views.SamlValidate.as_view(), name='samlValidate'),
+    url('^auth$', views.Auth.as_view(), name='auth'),
 )

--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -281,6 +281,47 @@ class LoginView(View, LogoutMixin):
        else:
            return self.not_authenticated()

+class Auth(View):
+    """A simple view to validate username/password/service tuple"""
+    @method_decorator(csrf_exempt)
+    def dispatch(self, request, *args, **kwargs):
+        """dispatch requests based on method GET, POST, ..."""
+        return super(Auth, self).dispatch(request, *args, **kwargs)
+
+    @staticmethod
+    def post(request):
+        """methode called on GET request on this view"""
+        username = request.POST.get('username')
+        password = request.POST.get('password')
+        service = request.POST.get('service')
+
+        if not username or not password or not service:
+            print "not username or service or password"
+            return HttpResponse("no\n", content_type="text/plain")
+        form = forms.UserCredential(
+            request.POST,
+            initial={
+                'service':service,
+                'method':'POST',
+                'warn':False
+            }
+        )
+        if form.is_valid():
+            try:
+                user = models.User.objects.get(username=form.cleaned_data['username'])
+                # is the service allowed
+                service_pattern = models.ServicePattern.validate(service)
+                # is the current user allowed on this service
+                service_pattern.check_user(user)
+                # if the user has asked to be warned before any login to a service
+                return HttpResponse("yes\n", content_type="text/plain")
+            except (models.ServicePattern.DoesNotExist, models.ServicePatternException) as error:
+                print "error: %r" % error
+                return HttpResponse("no\n", content_type="text/plain")
+        else:
+            print "bad password"
+            return HttpResponse("no\n", content_type="text/plain")
+
 class Validate(View):
    """service ticket validation"""
    @staticmethod