Changeset 10412 for main/waeup.cas


Ignore:
Timestamp:
6 Jul 2013, 11:06:53 (11 years ago)
Author:
uli
Message:

Support gateway param for login.

Location:
main/waeup.cas/trunk/waeup/cas
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.cas/trunk/waeup/cas/server.py

    r10411 r10412  
    133133
    134134
    135 def login_redirect_service(db, service, sso=True):
     135def login_redirect_service(db, service, sso=True, create_ticket=True):
    136136    """Return a response redirecting to a service via HTTP 303 See Other.
    137137    """
    138138    # safely redirect to service given
    139     st = create_service_ticket(service, sso)
    140     db.add(st)
    141     service = '%s?ticket=%s' % (service, st.ticket)
     139    if create_ticket:
     140        st = create_service_ticket(service, sso)
     141        db.add(st)
     142        service = '%s?ticket=%s' % (service, st.ticket)
    142143    html = get_template('login_service_redirect.html')
    143144    html = html.replace('SERVICE_URL', service)
     
    209210        service = req.POST.get('service', req.GET.get('service', None))
    210211        renew = req.POST.get('renew', req.GET.get('renew', None))
     212        gateway = req.POST.get('gateway', req.GET.get('gateway', None))
     213        if renew is not None and gateway is not None:
     214            gateway = None
    211215        service_field = ''
    212216        msg = ''
     
    215219        valid_lt = check_login_ticket(self.db, req.POST.get('lt'))
    216220        tgc = check_session_cookie(self.db, req.cookies.get('cas-tgc', None))
    217         if tgc and renew is None:
     221        if gateway and (not tgc) and service:
     222            return login_redirect_service(
     223                self.db, service, sso=True, create_ticket=False)
     224        if tgc and (renew is None):
    218225            if service:
    219226                return login_redirect_service(self.db, service, sso=True)

  • main/waeup.cas/trunk/waeup/cas/tests/test_server.py

    r10411 r10412  
    140140        assert 'Set-Cookie' not in resp.headers
    141141
     142    def test_login_renew_without_cookie(self):
     143        # 2.1.1: with renew and no cookie, normal auth will happen
     144        app = CASServer()
     145        req = Request.blank('https://localhost/login?renew=true')
     146        resp = app(req)
     147        assert resp.status == '200 OK'
     148        assert b'username' in resp.body
     149
    142150    def test_login_renew_as_empty_string(self):
    143151        # `renew` is handled correctly, even with empty value
     
    149157        req.headers['Cookie'] = 'cas-tgc=%s' % value
    150158        resp = app(req)
     159        assert resp.status == '200 OK'
     160        assert b'username' in resp.body
     161        assert 'Set-Cookie' not in resp.headers
     162
     163    def test_login_gateway_no_cookie_with_service(self):
     164        # 2.1.1: with gateway but w/o cookie we will be redirected to service
     165        # no service ticket will be issued
     166        app = CASServer()
     167        params = 'gateway=true&service=http%3A%2F%2Fwww.service.com'
     168        req = Request.blank('https://localhost/login?%s' % params)
     169        resp = app(req)
     170        assert resp.status == '303 See Other'
     171        assert 'Location' in resp.headers
     172        assert resp.headers['Location'] == 'http://www.service.com'
     173
     174    def test_login_gateway_with_cookie_and_service(self):
     175        # 2.1.1: with cookie and gateway we will be redirected to service
     176        app = CASServer()
     177        tgc = create_tgc_value()
     178        app.db.add(tgc)
     179        value = str(tgc.value)
     180        params = 'gateway=true&service=http%3A%2F%2Fwww.service.com'
     181        req = Request.blank('https://localhost/login?%s' % params)
     182        req.headers['Cookie'] = 'cas-tgc=%s' % value
     183        resp = app(req)
     184        assert resp.status == '303 See Other'
     185        assert 'Location' in resp.headers
     186        assert resp.headers['Location'].startswith(
     187            'http://www.service.com?ticket=ST-')
     188
     189    def test_login_gateway_and_renew(self):
     190        # 2.1.1 if both, gateway and renew are specified, only renew is valid
     191        app = CASServer()
     192        tgc = create_tgc_value()
     193        app.db.add(tgc)
     194        value = str(tgc.value)
     195        req = Request.blank('https://localhost/login?renew=true&gateway=true')
     196        req.headers['Cookie'] = 'cas-tgc=%s' % value
     197        resp = app(req)
     198        # with only gateway true, this would lead to a redirect
    151199        assert resp.status == '200 OK'
    152200        assert b'username' in resp.body
Note: See TracChangeset for help on using the changeset viewer.