Changeset 10415 for main/waeup.cas


Ignore:
Timestamp:
7 Jul 2013, 16:11:22 (11 years ago)
Author:
uli
Message:

Support the /logout URL with CAS.

Location:
main/waeup.cas/trunk/waeup/cas
Files:
2 added
2 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.cas/trunk/waeup/cas/server.py

    r10414 r10415  
    286286
    287287    def logout(self, req):
    288         return exc.HTTPNotImplemented()
     288        url = req.GET.get('url', req.POST.get('url', None))
     289        old_val = req.cookies.get('cas-tgc', None)
     290        html = self._get_template('logout.html')
     291        if url is not None:
     292            html = self._get_template('logout_url.html')
     293            html = html.replace('URL_HREF', url)
     294        resp = Response(html)
     295        delete_session_cookie(self.db, resp, old_val)
     296        return resp
     297
    289298
    290299cas_server = CASServer

  • main/waeup.cas/trunk/waeup/cas/tests/test_server.py

    r10414 r10415  
    104104        req = Request.blank('http://localhost/logout')
    105105        resp = app(req)
    106         assert resp.status == '501 Not Implemented'
     106        assert resp.status == '200 OK'
    107107
    108108    def test_login_simple(self):
     
    217217        assert resp.status == '200 OK'
    218218        assert b'CAS login successful' in resp.body
     219
     220    def test_logout_no_cookie(self):
     221        # 2.3 logout displays a logout page.
     222        app = CASServer()
     223        req = Request.blank('https://localhost/logout')
     224        resp = app(req)
     225        assert resp.status == '200 OK'
     226        assert b'logged out' in resp.body
     227
     228    def test_logout_with_cookie(self):
     229        # 2.3 logout destroys any existing SSO session
     230        app = CASServer()
     231        tgc = create_tgc_value()
     232        app.db.add(tgc)
     233        value = str(tgc.value)
     234        req = Request.blank('https://localhost/logout')
     235        req.headers['Cookie'] = 'cas-tgc=%s' % value
     236        resp = app(req)
     237        assert resp.status == '200 OK'
     238        assert b'logged out' in resp.body
     239        assert 'Set-Cookie' in resp.headers
     240        cookie = resp.headers['Set-Cookie']
     241        assert cookie.startswith('cas-tgc=;')
     242        assert 'expires' in cookie
     243        assert 'Max-Age' in cookie
     244        assert len(list(app.db.query(TicketGrantingCookie))) == 0
     245
     246    def test_logout_url(self):
     247        # 2.3.1 with an `url` given we provide a link on logout
     248        app = CASServer()
     249        params = 'url=http%3A%2F%2Fwww.logout.com'
     250        req = Request.blank('https://localhost/logout?%s' % params)
     251        resp = app(req)
     252        assert resp.status == '200 OK'
     253        assert b'logged out' in resp.body
     254        assert b'like you to' in resp.body
     255        assert b'http://www.logout.com' in resp.body
    219256
    220257
Note: See TracChangeset for help on using the changeset viewer.