ynerant
/
django-cas-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use session to transmist username/ticket from fedeare view to login view 

Hence, these parameter are not recorder in the user history, and thus
the user username do not apear anymore in the history. This respect more the
user privacy.
This commit is contained in:
Valentin Samir 2016-06-22 12:46:18 +02:00
parent 8ddf06b82a
commit d1c5ff4019
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cas_server/federate.py
View File

@ -29,7 +29,6 @@ class CASFederateValidateUser(object):
service_url=service_url, service_url=service_url,
version=version, version=version,
server_url=server_url, server_url=server_url,
extra_login_params={"provider": provider},
renew=False, renew=False,
) )

20
cas_server/views.py
View File

@ -215,8 +215,9 @@ class FederateAuth(View):
else: else:
ticket = request.GET['ticket'] ticket = request.GET['ticket']
if auth.verify_ticket(ticket): if auth.verify_ticket(ticket):
params = utils.copy_params(request.GET) params = utils.copy_params(request.GET, ignore={"ticket"})
params['username'] = "%s@%s" % (auth.username, auth.provider) request.session["federate_username"] = "%s@%s" % (auth.username, auth.provider)
request.session["federate_ticket"] = ticket
url = utils.reverse_params("cas_server:login", params) url = utils.reverse_params("cas_server:login", params)
return HttpResponseRedirect(url) return HttpResponseRedirect(url)
else: else:
@ -242,6 +243,10 @@ class LoginView(View, LogoutMixin):
renewed = False renewed = False
warned = False warned = False
if settings.CAS_FEDERATE:
username = None
ticket = None
INVALID_LOGIN_TICKET = 1 INVALID_LOGIN_TICKET = 1
USER_LOGIN_OK = 2 USER_LOGIN_OK = 2
USER_LOGIN_FAILURE = 3 USER_LOGIN_FAILURE = 3
@ -307,7 +312,10 @@ class LoginView(View, LogoutMixin):
) )
self.user.save() self.user.save()
elif ret == self.USER_LOGIN_FAILURE: # bad user login elif ret == self.USER_LOGIN_FAILURE: # bad user login
if settings.CAS_FEDERATE:
self.ticket = None self.ticket = None
self.usernalme = None
self.init_form()
self.logout() self.logout()
elif ret == self.USER_ALREADY_LOGGED: elif ret == self.USER_ALREADY_LOGGED:
pass pass
@ -353,8 +361,12 @@ class LoginView(View, LogoutMixin):
self.ajax = 'HTTP_X_AJAX' in request.META self.ajax = 'HTTP_X_AJAX' in request.META
self.warn = request.GET.get('warn') self.warn = request.GET.get('warn')
if settings.CAS_FEDERATE: if settings.CAS_FEDERATE:
self.username = request.GET.get('username') self.username = request.session.get("federate_username")
self.ticket = request.GET.get('ticket') self.ticket = request.session.get("federate_ticket")
if self.username:
del request.session["federate_username"]
if self.ticket:
del request.session["federate_ticket"]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
"""methode called on GET request on this view""" """methode called on GET request on this view"""