cas_server.views module¶

views for the app

class cas_server.views.LogoutMixin[source]¶

Bases: object

destroy CAS session utils

logout(all_session=False)[source]¶

effectively destroy a CAS session

Parameters:	all_session (boolean) – If `True` destroy all the user sessions, otherwise destroy the current user session.
Returns:	The number of destroyed sessions
Return type:	int

class cas_server.views.CsrfExemptView(**kwargs)[source]¶

Bases: django.views.generic.base.View

base class for csrf exempt class views

dispatch(request, *args, **kwargs)[source]¶

dispatch different http request to the methods of the same name

Parameters:	request (django.http.HttpRequest) – The current request object

class cas_server.views.LogoutView(**kwargs)[source]¶

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

destroy CAS session (logout) view

request = None¶: current django.http.HttpRequest object

service = None¶: service GET parameter

url = None¶: url GET paramet

ajax = None¶: True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

init_get(request)[source]¶

Initialize the LogoutView attributes on GET request

Parameters:	request (django.http.HttpRequest) – The current request object

get(request, *args, **kwargs)[source]¶

method called on GET request on this view

Parameters:	request (django.http.HttpRequest) – The current request object

class cas_server.views.FederateAuth(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

view to authenticated user against a backend CAS then CAS_FEDERATE is True

csrf is disabled for allowing SLO requests reception.

service_url = None¶: current URL used as service URL by the CAS client

get_cas_client(request, provider, renew=False)[source]¶

return a CAS client object matching provider

Parameters:	request (django.http.HttpRequest) – The current request object provider (cas_server.models.FederatedIendityProvider) – the user identity provider
Returns:	The user CAS client object
Return type:	`federate.CASFederateValidateUser`

post(request, provider=None)[source]¶

method called on POST request

Parameters:	request (django.http.HttpRequest) – The current request object provider (unicode) – Optional parameter. The user provider suffix.

get(request, provider=None)[source]¶

method called on GET request

Parameters:	request (django.http.HttpRequestself.) – The current request object provider (unicode) – Optional parameter. The user provider suffix.

class cas_server.views.LoginView(**kwargs)[source]¶

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

credential requestor / acceptor

user = None¶: The current models.User object

form = None¶: The form to display to the user

request = None¶: current django.http.HttpRequest object

service = None¶: service GET/POST parameter

renew = None¶: True if renew GET/POST parameter is present and not “False”

warn = None¶: the warn GET/POST parameter

gateway = None¶: the gateway GET/POST parameter

method = None¶: the method GET/POST parameter

ajax = None¶: True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

renewed = False¶: True if the user has just authenticated

warned = False¶: True if renew GET/POST parameter is present and not “False”

username = None¶: The FederateAuth transmited username (only used if settings.CAS_FEDERATE is True)

ticket = None¶: The FederateAuth transmited ticket (only used if settings.CAS_FEDERATE is True)

INVALID_LOGIN_TICKET = 1¶

USER_LOGIN_OK = 2¶

USER_LOGIN_FAILURE = 3¶

USER_ALREADY_LOGGED = 4¶

USER_AUTHENTICATED = 5¶

USER_NOT_AUTHENTICATED = 6¶

init_post(request)[source]¶

Initialize POST received parameters

Parameters:	request (django.http.HttpRequest) – The current request object

gen_lt()[source]¶: Generate a new LoginTicket and add it to the list of valid LT for the user

check_lt()[source]¶

Check is the POSTed LoginTicket is valid, if yes invalide it

Returns:	`True` if the LoginTicket is valid, `False` otherwise
Return type:	bool

post(request, *args, **kwargs)[source]¶

method called on POST request on this view

Parameters:	request (django.http.HttpRequest) – The current request object

process_post()[source]¶

Analyse the POST request:

check that the LoginTicket is valid

check that the user sumited credentials are valid

Returns:	`INVALID_LOGIN_TICKET` if the POSTed LoginTicket is not valid `USER_ALREADY_LOGGED` if the user is already logged and do no request reauthentication. `USER_LOGIN_FAILURE` if the user is not logged or request for reauthentication and his credentials are not valid `USER_LOGIN_OK` if the user is not logged or request for reauthentication and his credentials are valid
Return type:	int

init_get(request)[source]¶

Initialize GET received parameters

Parameters:	request (django.http.HttpRequest) – The current request object

get(request, *args, **kwargs)[source]¶

method called on GET request on this view

Parameters:	request (django.http.HttpRequest) – The current request object

process_get()[source]¶

Analyse the GET request

Returns:	`USER_NOT_AUTHENTICATED` if the user is not authenticated or is requesting for authentication renewal `USER_AUTHENTICATED` if the user is authenticated and is not requesting for authentication renewal
Return type:	int

init_form(values=None)[source]¶

Initialization of the good form depending of POST and GET parameters

Parameters:	values (django.http.QueryDict) – A POST or GET QueryDict

service_login()[source]¶

Perform login against a service

Returns:

The rendering of the settings.CAS_WARN_TEMPLATE if the user asked to be warned before ticket emission and has not yep been warned.
The redirection to the service URL with a ticket GET parameter
The redirection to the service URL without a ticket if ticket generation failed and the gateway attribute is set
The rendering of the settings.CAS_LOGGED_TEMPLATE template with some error messages if the ticket generation failed (e.g: user not allowed).

Return type: django.http.HttpResponse

authenticated()[source]¶

Processing authenticated users

Returns:	The returned value of `service_login()` if `service` is defined The rendering of `settings.CAS_LOGGED_TEMPLATE` otherwise
Return type:	django.http.HttpResponse

not_authenticated()[source]¶

Processing non authenticated users

Returns:	The rendering of `settings.CAS_LOGIN_TEMPLATE` with various messages depending of GET/POST parameters The redirection to `FederateAuth` if `settings.CAS_FEDERATE` is `True` and the “remember my identity provider” cookie is found
Return type:	django.http.HttpResponse

common()[source]¶

Common part execute uppon GET and POST request

Returns:	The returned value of `authenticated()` if the user is authenticated and not requesting for authentication or if the authentication has just been renewed The returned value of `not_authenticated()` otherwise
Return type:	django.http.HttpResponse

class cas_server.views.Auth(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

A simple view to validate username/password/service tuple

csrf is disable as it is intended to be used by programs. Security is assured by a shared secret between the programs dans django-cas-server.

static post(request)[source]¶

method called on POST request on this view

Parameters:	request (django.http.HttpRequest) – The current request object
Returns:	`HttpResponse(u"yes\n")` if the POSTed tuple (username, password, service) if valid (i.e. (username, password) is valid dans username is allowed on service). `HttpResponse(u"no\n…")` otherwise, with possibly an error message on the second line.
Return type:	django.http.HttpResponse

class cas_server.views.Validate(**kwargs)[source]¶

Bases: django.views.generic.base.View

service ticket validation

static get(request)[source]¶

method called on GET request on this view

Parameters:	request (django.http.HttpRequest) – The current request object
Returns:	`HttpResponse("yes\nusername")` if submited (service, ticket) is valid else `HttpResponse("no\n")`
Return type:	django.http.HttpResponse

exception cas_server.views.ValidationBaseError(code, msg='')[source]¶

Bases: Exception

Base class for both saml and cas validation error

code = None¶: The error code

msg = None¶: The error message

render(request)[source]¶

render the error template for the exception

Parameters:	request (django.http.HttpRequest) – The current request object:
Returns:	the rendered `cas_server/serviceValidateError.xml` template
Return type:	django.http.HttpResponse

exception cas_server.views.ValidateError(code, msg='')[source]¶

Bases: cas_server.views.ValidationBaseError

handle service validation error

template = 'cas_server/serviceValidateError.xml'¶: template to be render for the error

context()[source]¶

content to use to render template

Returns:	A dictionary to contextualize `template`
Return type:	dict

class cas_server.views.ValidateService(**kwargs)[source]¶

Bases: django.views.generic.base.View

service ticket validation [CAS 2.0] and [CAS 3.0]

request = None¶: Current django.http.HttpRequest object

service = None¶: The service GET parameter

ticket = None¶: the ticket GET parameter

pgt_url = None¶: the pgtUrl GET parameter

renew = None¶: the renew GET parameter

allow_proxy_ticket = False¶: specify if ProxyTicket are allowed by the view. Hence we user the same view for /serviceValidate and /proxyValidate juste changing the parameter.

get(request)[source]¶

method called on GET request on this view

Parameters:	request (django.http.HttpRequest) – The current request object:
Returns:	The rendering of `cas_server/serviceValidate.xml` if no errors is raised, the rendering or `cas_server/serviceValidateError.xml` otherwise.
Return type:	django.http.HttpResponse

process_ticket()[source]¶

fetch the ticket against the database and check its validity

Raises:	ValidateError – if the ticket is not found or not valid, potentially for that service
Returns:	A couple (ticket, proxies list)
Return type:	`tuple`

process_pgturl(params)[source]¶

Handle PGT request

Parameters:	params (dict) – A template context dict
Raises:	ValidateError – if pgtUrl is invalid or if TLS validation of the pgtUrl fails
Returns:	The rendering of `cas_server/serviceValidate.xml`, using `params`
Return type:	django.http.HttpResponse

class cas_server.views.Proxy(**kwargs)[source]¶

Bases: django.views.generic.base.View

proxy ticket service

request = None¶: Current django.http.HttpRequest object

pgt = None¶: A ProxyGrantingTicket from the pgt GET parameter

target_service = None¶: the targetService GET parameter

get(request)[source]¶

method called on GET request on this view

Parameters:	request (django.http.HttpRequest) – The current request object:
Returns:	The returned value of `process_proxy()` if no error is raised, else the rendering of `cas_server/serviceValidateError.xml`.
Return type:	django.http.HttpResponse

process_proxy()[source]¶

handle PT request

Raises:	ValidateError – if the PGT is not found, or the target service not allowed or the user not allowed on the tardet service.
Returns:	The rendering of `cas_server/proxy.xml`
Return type:	django.http.HttpResponse

exception cas_server.views.SamlValidateError(code, msg='')[source]¶

Bases: cas_server.views.ValidationBaseError

handle saml validation error

template = 'cas_server/samlValidateError.xml'¶: template to be render for the error

context()[source]¶

Returns:	A dictionary to contextualize `template`
Return type:	dict

class cas_server.views.SamlValidate(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

SAML ticket validation

request = None¶

target = None¶

ticket = None¶

root = None¶

post(request)[source]¶

method called on POST request on this view

Parameters:	request (django.http.HttpRequest) – The current request object
Returns:	the rendering of `cas_server/samlValidate.xml` if no error is raised, else the rendering of `cas_server/samlValidateError.xml`.
Return type:	django.http.HttpResponse

process_ticket()[source]¶

validate ticket from SAML XML body

Raises:	SamlValidateError: if the ticket is not found or not valid, or if we fail to parse the posted XML.
Returns:	a ticket object
Return type:	`models.Ticket`