Changeset 10398


Ignore:
Timestamp:
4 Jul 2013, 22:08:53 (12 years ago)
Author:
uli
Message:

Enable session cookies for single sign on.

Location:
main/waeup.cas/trunk/waeup/cas
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.cas/trunk/waeup/cas/server.py

    r10397 r10398  
    100100
    101101
     102def check_session_cookie(db, cookie_value):
     103    """Check whether `cookie_value` represents a valid ticket granting
     104    ticket in `db`.
     105    """
     106    if cookie_value is None:
     107        return False
     108    print("VAL1: ", cookie_value)
     109    try:
     110        # turn value into unicode (py2.x) / str (py3.x)
     111        cookie_value = cookie_value.decode('utf-8')
     112    except AttributeError:                         # pragma: no cover
     113        pass
     114    print("VAL2: ", cookie_value)
     115    q = db.query(TicketGrantingCookie).filter(
     116        TicketGrantingCookie.value == cookie_value)
     117    result = [x for x in q]
     118    if len(result):
     119        return result[0]
     120    return None
     121
     122
    102123class CASServer(object):
    103124    """A WSGI CAS server.
     
    142163        password = req.POST.get('password', None)
    143164        valid_lt = check_login_ticket(self.db, req.POST.get('lt'))
    144         if username and password and valid_lt:
     165        tgc = req.cookies.get('cas-tgc', None)
     166        print('TGC: ', tgc)
     167        tgc = check_session_cookie(self.db, tgc)
     168        print("TGC2: ", tgc)
     169        print([(x, y) for x, y, in req.headers.items()])
     170        if username and password and valid_lt or tgc:
    145171            # act as credentials acceptor
    146             cred_ok, reason = self.auth.check_credentials(username, password)
     172            if tgc:
     173                cred_ok, reason = True, ''
     174                if not service:
     175                    msg = 'You logged in already.'
     176            else:
     177                cred_ok, reason = self.auth.check_credentials(
     178                    username, password)
    147179            if cred_ok:
    148180                if service is None:
    149181                    # show logged-in screen
    150182                    html = self._get_template('login_successful.html')
     183                    html = html.replace('MSG_TEXT', msg)
    151184                    resp = Response(html)
    152                     resp = set_session_cookie(resp, self.db)
     185                    if not tgc:
     186                        resp = set_session_cookie(resp, self.db)
    153187                    return resp
    154188                else:
  • main/waeup.cas/trunk/waeup/cas/templates/login_successful.html

    r10394 r10398  
    11<html>
    22  <head>
    3     <title>Single Sign-On initiated</title>
     3    <title>WAeUP Central Authentication Services</title>
    44  </head>
    55  <body>
     6    <div>MSG_TEXT</div>
    67    <h1>Logged in</h1>
    78    <div>You successfully initiated single sign-on!</div>
  • main/waeup.cas/trunk/waeup/cas/tests/test_server.py

    r10397 r10398  
    1212    CASServer, create_service_ticket, create_login_ticket,
    1313    create_tgc_value, check_login_ticket, set_session_cookie,
     14    check_session_cookie,
    1415    )
    15 
    1616
    1717RE_ALPHABET = re.compile('^[a-zA-Z0-9\-]*$')
     
    184184        assert b'ticket=ST-' in resp.body
    185185
     186    def test_login_cred_acceptor_sso_no_service(self):
     187        # 2.2.4: successful login via single sign on
     188        db = self.raw_app.db
     189        tgc = create_tgc_value()
     190        db.add(tgc)
     191        value = str(tgc.value)
     192        resp = self.app.get('/login', headers={'Cookie': 'cas-tgc=%s' % value})
     193        assert resp.status == '200 OK'
     194        assert b'already' in resp.body
     195        assert 'Set-Cookie' not in resp.headers
     196        return
     197
    186198    def test_login_cred_acceptor_failed(self):
    187199        # 2.2.4: failed login yields a message
     
    269281            TicketGrantingCookie.value == value)
    270282        assert len(list(q)) == 1
     283
     284    def test_check_session_cookie(self):
     285        db = DB('sqlite:///')
     286        tgc = create_tgc_value()
     287        db.add(tgc)
     288        value = tgc.value
     289        assert check_session_cookie(db, value) == tgc
     290        assert check_session_cookie(db, 'foo') is None
     291        assert check_session_cookie(db, b'foo') is None
     292        value2 = value.encode('utf-8')
     293        assert check_session_cookie(db, value2) == tgc
Note: See TracChangeset for help on using the changeset viewer.