- Timestamp:
- 8 Jul 2013, 08:35:22 (11 years ago)
- Location:
- main/waeup.cas/trunk/waeup/cas
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.cas/trunk/waeup/cas/server.py
r10415 r10416 59 59 60 60 61 def check_service_ticket(db, ticket, service, renew=False): 62 """Check whether (`ticket`, `service`) represents a valid service 63 ticket in `db`. 64 65 Returns a database set or ``None``. 66 """ 67 if None in (ticket, service): 68 return None 69 ticket, service = str(ticket), str(service) 70 q = db.query(ServiceTicket).filter( 71 ServiceTicket.ticket == ticket).filter( 72 ServiceTicket.service == service).first() 73 if renew and q.sso: 74 return None 75 return q 76 77 61 78 def create_login_ticket(): 62 79 """Create a unique login ticket. … … 74 91 if lt_string is None: 75 92 return False 76 q = db.query(LoginTicket).filter(LoginTicket.ticket == lt_string)93 q = db.query(LoginTicket).filter(LoginTicket.ticket == str(lt_string)) 77 94 result = [x for x in q] 78 95 if result: … … 283 300 284 301 def validate(self, req): 285 return exc.HTTPNotImplemented() 302 service = req.POST.get('service', req.GET.get('service', None)) 303 ticket = req.POST.get('ticket', req.GET.get('ticket', None)) 304 renew = req.POST.get('renew', req.GET.get('renew', None)) 305 renew = renew is not None 306 st = check_service_ticket(self.db, ticket, service, renew) 307 if st is not None: 308 return Response('yes' + chr(0x0a) + st.user + chr(0x0a)) 309 return Response('no' + chr(0x0a) + chr(0x0a)) 286 310 287 311 def logout(self, req): -
main/waeup.cas/trunk/waeup/cas/tests/test_server.py
r10415 r10416 13 13 create_tgc_value, check_login_ticket, set_session_cookie, 14 14 check_session_cookie, get_template, delete_session_cookie, 15 check_service_ticket, 15 16 ) 16 17 … … 95 96 # we can access a validation page 96 97 app = CASServer() 97 req = Request.blank('http://localhost/validate ')98 resp = app(req) 99 assert resp.status == ' 501 Not Implemented'98 req = Request.blank('http://localhost/validate?service=foo&ticket=bar') 99 resp = app(req) 100 assert resp.status == '200 OK' 100 101 101 102 def test_logout(self): … … 254 255 assert b'like you to' in resp.body 255 256 assert b'http://www.logout.com' in resp.body 257 258 def test_validate_invalid(self): 259 # 2.4.2 validation failures is indicated by a given format 260 app = CASServer() 261 params = 'ticket=foo&service=bar' 262 req = Request.blank('https://localhost/validate?%s' % params) 263 resp = app(req) 264 assert resp.body == b'no\n\n' 265 266 def test_validate_valid(self): 267 # 2.4 validation success is indicated by a given format 268 app = CASServer() 269 sticket = create_service_ticket( 270 'someuser', 'http://service.com/', sso=False) 271 app.db.add(sticket) 272 params = 'ticket=%s&service=%s' % ( 273 sticket.ticket, sticket.service) 274 req = Request.blank('https://localhost/validate?%s' % params) 275 resp = app(req) 276 assert resp.body == b'yes\nsomeuser\n' 277 278 def test_validate_renew_invalid(self): 279 # 2.4.1 with `renew` we accept only non-sso issued tickets 280 app = CASServer() 281 sticket = create_service_ticket( 282 'someuser', 'http://service.com/', sso=True) 283 app.db.add(sticket) 284 params = 'ticket=%s&service=%s&renew=true' % ( 285 sticket.ticket, sticket.service) 286 req = Request.blank('https://localhost/validate?%s' % params) 287 resp = app(req) 288 assert resp.body == b'no\n\n' 289 290 def test_validate_renew_valid(self): 291 # 2.4.1 with `renew` we accept only non-sso issued tickets 292 app = CASServer() 293 sticket = create_service_ticket( 294 'someuser', 'http://service.com/', sso=False) 295 app.db.add(sticket) 296 params = 'ticket=%s&service=%s&renew=true' % ( 297 sticket.ticket, sticket.service) 298 req = Request.blank('https://localhost/validate?%s' % params) 299 resp = app(req) 300 assert resp.body == b'yes\nsomeuser\n' 256 301 257 302 … … 480 525 TicketGrantingCookie.value == value) 481 526 assert len(list(q)) == 0 527 528 def test_check_service_ticket(self): 529 db = DB('sqlite:///') 530 st = ServiceTicket( 531 'ST-123456', 'someuser', 'http://myservice.com', True) 532 db.add(st) 533 assert check_service_ticket(db, None, 'foo') is None 534 assert check_service_ticket(db, 'foo', None) is None 535 assert check_service_ticket(db, 'ST-123456', 'foo') is None 536 assert check_service_ticket(db, 'foo', 'http://myservice.com') is None 537 result = check_service_ticket(db, 'ST-123456', 'http://myservice.com') 538 assert isinstance(result, ServiceTicket) 539 assert result.user == 'someuser' 540 assert check_service_ticket( 541 db, 'ST-123456', 'http://myservice.com', True) is None 542 assert check_service_ticket( 543 db, 'ST-123456', 'http://myservice.com', False) is not None
Note: See TracChangeset for help on using the changeset viewer.