From cb84936b6cff2879472bfd02c11e4e4a59c0ac3b Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Wed, 3 Jun 2015 18:15:37 +0200 Subject: [PATCH] an auth view to validate (username, password, service) by remote service --- cas_server/models.py | 8 +++++--- cas_server/urls.py | 1 + cas_server/views.py | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/cas_server/models.py b/cas_server/models.py index af86402..2fa41e6 100644 --- a/cas_server/models.py +++ b/cas_server/models.py @@ -102,16 +102,18 @@ class User(models.Model): url = utils.update_url(service, {'ticket':ticket.value}) return url -class BadUsername(Exception): +class ServicePatternException(Exception): + pass +class BadUsername(ServicePatternException): """Exception raised then an non allowed username try to get a ticket for a service""" pass -class BadFilter(Exception): +class BadFilter(ServicePatternException): """"Exception raised then a user try to get a ticket for a service and do not reach a condition""" pass -class UserFieldNotDefined(Exception): +class UserFieldNotDefined(ServicePatternException): """Exception raised then a user try to get a ticket for a service using as username an attribut not present on this user""" pass diff --git a/cas_server/urls.py b/cas_server/urls.py index 2ba50ea..c792583 100644 --- a/cas_server/urls.py +++ b/cas_server/urls.py @@ -27,5 +27,6 @@ urlpatterns = patterns( url('^p3/serviceValidate$', views.ValidateService.as_view(allow_proxy_ticket=False), name='p3_serviceValidate'), url('^p3/proxyValidate$', views.ValidateService.as_view(allow_proxy_ticket=True), name='p3_proxyValidate'), url('^samlValidate$', views.SamlValidate.as_view(), name='samlValidate'), + url('^auth$', views.Auth.as_view(), name='auth'), ) diff --git a/cas_server/views.py b/cas_server/views.py index 4713008..b154e11 100644 --- a/cas_server/views.py +++ b/cas_server/views.py @@ -281,6 +281,47 @@ class LoginView(View, LogoutMixin): else: return self.not_authenticated() +class Auth(View): + """A simple view to validate username/password/service tuple""" + @method_decorator(csrf_exempt) + def dispatch(self, request, *args, **kwargs): + """dispatch requests based on method GET, POST, ...""" + return super(Auth, self).dispatch(request, *args, **kwargs) + + @staticmethod + def post(request): + """methode called on GET request on this view""" + username = request.POST.get('username') + password = request.POST.get('password') + service = request.POST.get('service') + + if not username or not password or not service: + print "not username or service or password" + return HttpResponse("no\n", content_type="text/plain") + form = forms.UserCredential( + request.POST, + initial={ + 'service':service, + 'method':'POST', + 'warn':False + } + ) + if form.is_valid(): + try: + user = models.User.objects.get(username=form.cleaned_data['username']) + # is the service allowed + service_pattern = models.ServicePattern.validate(service) + # is the current user allowed on this service + service_pattern.check_user(user) + # if the user has asked to be warned before any login to a service + return HttpResponse("yes\n", content_type="text/plain") + except (models.ServicePattern.DoesNotExist, models.ServicePatternException) as error: + print "error: %r" % error + return HttpResponse("no\n", content_type="text/plain") + else: + print "bad password" + return HttpResponse("no\n", content_type="text/plain") + class Validate(View): """service ticket validation""" @staticmethod