Changeset 10416


Ignore:
Timestamp:
8 Jul 2013, 08:35:22 (12 years ago)
Author:
uli
Message:

Support /validate (CAS 1.0).

Location:
main/waeup.cas/trunk/waeup/cas
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.cas/trunk/waeup/cas/server.py

    r10415 r10416  
    5959
    6060
     61def check_service_ticket(db, ticket, service, renew=False):
     62    """Check whether (`ticket`, `service`) represents a valid service
     63    ticket in `db`.
     64
     65    Returns a database set or ``None``.
     66    """
     67    if None in (ticket, service):
     68        return None
     69    ticket, service = str(ticket), str(service)
     70    q = db.query(ServiceTicket).filter(
     71        ServiceTicket.ticket == ticket).filter(
     72        ServiceTicket.service == service).first()
     73    if renew and q.sso:
     74        return None
     75    return q
     76
     77
    6178def create_login_ticket():
    6279    """Create a unique login ticket.
     
    7491    if lt_string is None:
    7592        return False
    76     q = db.query(LoginTicket).filter(LoginTicket.ticket == lt_string)
     93    q = db.query(LoginTicket).filter(LoginTicket.ticket == str(lt_string))
    7794    result = [x for x in q]
    7895    if result:
     
    283300
    284301    def validate(self, req):
    285         return exc.HTTPNotImplemented()
     302        service = req.POST.get('service', req.GET.get('service', None))
     303        ticket = req.POST.get('ticket', req.GET.get('ticket', None))
     304        renew = req.POST.get('renew', req.GET.get('renew', None))
     305        renew = renew is not None
     306        st = check_service_ticket(self.db, ticket, service, renew)
     307        if st is not None:
     308            return Response('yes' + chr(0x0a) + st.user + chr(0x0a))
     309        return Response('no' + chr(0x0a) + chr(0x0a))
    286310
    287311    def logout(self, req):
  • main/waeup.cas/trunk/waeup/cas/tests/test_server.py

    r10415 r10416  
    1313    create_tgc_value, check_login_ticket, set_session_cookie,
    1414    check_session_cookie, get_template, delete_session_cookie,
     15    check_service_ticket,
    1516    )
    1617
     
    9596        # we can access a validation page
    9697        app = CASServer()
    97         req = Request.blank('http://localhost/validate')
    98         resp = app(req)
    99         assert resp.status == '501 Not Implemented'
     98        req = Request.blank('http://localhost/validate?service=foo&ticket=bar')
     99        resp = app(req)
     100        assert resp.status == '200 OK'
    100101
    101102    def test_logout(self):
     
    254255        assert b'like you to' in resp.body
    255256        assert b'http://www.logout.com' in resp.body
     257
     258    def test_validate_invalid(self):
     259        # 2.4.2 validation failures is indicated by a given format
     260        app = CASServer()
     261        params = 'ticket=foo&service=bar'
     262        req = Request.blank('https://localhost/validate?%s' % params)
     263        resp = app(req)
     264        assert resp.body == b'no\n\n'
     265
     266    def test_validate_valid(self):
     267        # 2.4 validation success is indicated by a given format
     268        app = CASServer()
     269        sticket = create_service_ticket(
     270            'someuser', 'http://service.com/', sso=False)
     271        app.db.add(sticket)
     272        params = 'ticket=%s&service=%s' % (
     273            sticket.ticket, sticket.service)
     274        req = Request.blank('https://localhost/validate?%s' % params)
     275        resp = app(req)
     276        assert resp.body == b'yes\nsomeuser\n'
     277
     278    def test_validate_renew_invalid(self):
     279        # 2.4.1 with `renew` we accept only non-sso issued tickets
     280        app = CASServer()
     281        sticket = create_service_ticket(
     282            'someuser', 'http://service.com/', sso=True)
     283        app.db.add(sticket)
     284        params = 'ticket=%s&service=%s&renew=true' % (
     285            sticket.ticket, sticket.service)
     286        req = Request.blank('https://localhost/validate?%s' % params)
     287        resp = app(req)
     288        assert resp.body == b'no\n\n'
     289
     290    def test_validate_renew_valid(self):
     291        # 2.4.1 with `renew` we accept only non-sso issued tickets
     292        app = CASServer()
     293        sticket = create_service_ticket(
     294            'someuser', 'http://service.com/', sso=False)
     295        app.db.add(sticket)
     296        params = 'ticket=%s&service=%s&renew=true' % (
     297            sticket.ticket, sticket.service)
     298        req = Request.blank('https://localhost/validate?%s' % params)
     299        resp = app(req)
     300        assert resp.body == b'yes\nsomeuser\n'
    256301
    257302
     
    480525            TicketGrantingCookie.value == value)
    481526        assert len(list(q)) == 0
     527
     528    def test_check_service_ticket(self):
     529        db = DB('sqlite:///')
     530        st = ServiceTicket(
     531            'ST-123456', 'someuser', 'http://myservice.com', True)
     532        db.add(st)
     533        assert check_service_ticket(db, None, 'foo') is None
     534        assert check_service_ticket(db, 'foo', None) is None
     535        assert check_service_ticket(db, 'ST-123456', 'foo') is None
     536        assert check_service_ticket(db, 'foo', 'http://myservice.com') is None
     537        result = check_service_ticket(db, 'ST-123456', 'http://myservice.com')
     538        assert isinstance(result, ServiceTicket)
     539        assert result.user == 'someuser'
     540        assert check_service_ticket(
     541            db,  'ST-123456', 'http://myservice.com', True) is None
     542        assert check_service_ticket(
     543            db,  'ST-123456', 'http://myservice.com', False) is not None
Note: See TracChangeset for help on using the changeset viewer.