cas_server.views module¶

views for the app

class cas_server.views.LogoutMixin[source]¶

Bases: object

destroy CAS session utils

logout(all_session=False)[source]¶

effectively destroy a CAS session

Parameters: all_session (boolean) – If True destroy all the user sessions, otherwise destroy the current user session.
Returns: The number of destroyed sessions
Return type: int

class cas_server.views.CsrfExemptView(**kwargs)[source]¶

Bases: django.views.generic.base.View

base class for csrf exempt class views

dispatch(request, *args, **kwargs)[source]¶

dispatch different http request to the methods of the same name

Parameters: request (django.http.HttpRequest) – The current request object

class cas_server.views.LogoutView(**kwargs)[source]¶

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

destroy CAS session (logout) view

request = None¶: current django.http.HttpRequest object

service = None¶: service GET parameter

url = None¶: url GET paramet

ajax = None¶: True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

init_get(request)[source]¶

Initialize the LogoutView attributes on GET request

Parameters: request (django.http.HttpRequest) – The current request object

get(request, *args, **kwargs)[source]¶

method called on GET request on this view

Parameters: request (django.http.HttpRequest) – The current request object

class cas_server.views.FederateAuth(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

view to authenticated user against a backend CAS then CAS_FEDERATE is True

csrf is disabled for allowing SLO requests reception.

service_url = None¶: current URL used as service URL by the CAS client

get_cas_client(request, provider, renew=False)[source]¶

return a CAS client object matching provider

Parameters

request (django.http.HttpRequest) – The current request object
provider (cas_server.models.FederatedIendityProvider) – the user identity provider

Returns

The user CAS client object

Return type

federate.CASFederateValidateUser

post(request, provider=None, *args, **kwargs)[source]¶

method called on POST request

Parameters

request (django.http.HttpRequest) – The current request object
provider (unicode) – Optional parameter. The user provider suffix.

get(request, provider=None)[source]¶

method called on GET request

Parameters

request (django.http.HttpRequestself.) – The current request object
provider (unicode) – Optional parameter. The user provider suffix.

class cas_server.views.LoginView(**kwargs)[source]¶

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

credential requestor / acceptor

user = None¶: The current models.User object

form = None¶: The form to display to the user

request = None¶: current django.http.HttpRequest object

service = None¶: service GET/POST parameter

renew = None¶: True if renew GET/POST parameter is present and not “False”

warn = None¶: the warn GET/POST parameter

gateway = None¶: the gateway GET/POST parameter

method = None¶: the method GET/POST parameter

ajax = None¶: True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

renewed = False¶: True if the user has just authenticated

warned = False¶: True if renew GET/POST parameter is present and not “False”

username = None¶: The FederateAuth transmited username (only used if settings.CAS_FEDERATE is True)

ticket = None¶: The FederateAuth transmited ticket (only used if settings.CAS_FEDERATE is True)

INVALID_LOGIN_TICKET = 1¶

USER_LOGIN_OK = 2¶

USER_LOGIN_FAILURE = 3¶

USER_ALREADY_LOGGED = 4¶

USER_AUTHENTICATED = 5¶

USER_NOT_AUTHENTICATED = 6¶

init_post(request)[source]¶

Initialize POST received parameters

Parameters: request (django.http.HttpRequest) – The current request object

gen_lt()[source]¶: Generate a new LoginTicket and add it to the list of valid LT for the user

check_lt()[source]¶

Check is the POSTed LoginTicket is valid, if yes invalide it

Returns: True if the LoginTicket is valid, False otherwise
Return type: bool

post(request, *args, **kwargs)[source]¶

method called on POST request on this view

Parameters: request (django.http.HttpRequest) – The current request object

process_post()[source]¶

Analyse the POST request:

check that the LoginTicket is valid

check that the user sumited credentials are valid

Returns

INVALID_LOGIN_TICKET if the POSTed LoginTicket is not valid
USER_ALREADY_LOGGED if the user is already logged and do no request reauthentication.
USER_LOGIN_FAILURE if the user is not logged or request for reauthentication and his credentials are not valid
USER_LOGIN_OK if the user is not logged or request for reauthentication and his credentials are valid

Return type

int

init_get(request)[source]¶

Initialize GET received parameters

Parameters: request (django.http.HttpRequest) – The current request object

get(request, *args, **kwargs)[source]¶

method called on GET request on this view

Parameters: request (django.http.HttpRequest) – The current request object

process_get()[source]¶

Analyse the GET request

Returns

USER_NOT_AUTHENTICATED if the user is not authenticated or is requesting for authentication renewal
USER_AUTHENTICATED if the user is authenticated and is not requesting for authentication renewal

Return type

int

init_form(values=None)[source]¶

Initialization of the good form depending of POST and GET parameters

Parameters: values (django.http.QueryDict) – A POST or GET QueryDict

service_login()[source]¶

Perform login against a service

Returns

The rendering of the settings.CAS_WARN_TEMPLATE if the user asked to be warned before ticket emission and has not yep been warned.
The redirection to the service URL with a ticket GET parameter
The redirection to the service URL without a ticket if ticket generation failed and the gateway attribute is set
The rendering of the settings.CAS_LOGGED_TEMPLATE template with some error messages if the ticket generation failed (e.g: user not allowed).

Return type

django.http.HttpResponse

authenticated()[source]¶

Processing authenticated users

Returns

The returned value of service_login() if service is defined
The rendering of settings.CAS_LOGGED_TEMPLATE otherwise

Return type

django.http.HttpResponse

not_authenticated()[source]¶

Processing non authenticated users

Returns

The rendering of settings.CAS_LOGIN_TEMPLATE with various messages depending of GET/POST parameters
The redirection to FederateAuth if settings.CAS_FEDERATE is True and the “remember my identity provider” cookie is found

Return type

django.http.HttpResponse

common()[source]¶

Common part execute uppon GET and POST request

Returns

The returned value of authenticated() if the user is authenticated and not requesting for authentication or if the authentication has just been renewed
The returned value of not_authenticated() otherwise

Return type

django.http.HttpResponse

class cas_server.views.Auth(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

A simple view to validate username/password/service tuple

csrf is disable as it is intended to be used by programs. Security is assured by a shared secret between the programs dans django-cas-server.

static post(request)[source]¶

method called on POST request on this view

Parameters: request (django.http.HttpRequest) – The current request object
Returns: HttpResponse(u"yes\n") if the POSTed tuple (username, password, service) if valid (i.e. (username, password) is valid dans username is allowed on service). HttpResponse(u"no\n…") otherwise, with possibly an error message on the second line.
Return type: django.http.HttpResponse

class cas_server.views.Validate(**kwargs)[source]¶

Bases: django.views.generic.base.View

service ticket validation

static get(request)[source]¶

method called on GET request on this view

Parameters

request (django.http.HttpRequest) – The current request object

Returns

HttpResponse("yes\nusername") if submited (service, ticket) is valid
else HttpResponse("no\n")

Return type

django.http.HttpResponse

exception cas_server.views.ValidationBaseError(code, msg='')[source]¶

Bases: Exception

Base class for both saml and cas validation error

code = None¶: The error code

msg = None¶: The error message

render(request)[source]¶

render the error template for the exception

Parameters: request (django.http.HttpRequest) – The current request object:
Returns: the rendered cas_server/serviceValidateError.xml template
Return type: django.http.HttpResponse

exception cas_server.views.ValidateError(code, msg='')[source]¶

Bases: cas_server.views.ValidationBaseError

handle service validation error

template = 'cas_server/serviceValidateError.xml'¶: template to be render for the error

context()[source]¶

content to use to render template

Returns: A dictionary to contextualize template
Return type: dict

class cas_server.views.ValidateService(**kwargs)[source]¶

Bases: django.views.generic.base.View

service ticket validation [CAS 2.0] and [CAS 3.0]

request = None¶: Current django.http.HttpRequest object

service = None¶: The service GET parameter

ticket = None¶: the ticket GET parameter

pgt_url = None¶: the pgtUrl GET parameter

renew = None¶: the renew GET parameter

allow_proxy_ticket = False¶: specify if ProxyTicket are allowed by the view. Hence we user the same view for /serviceValidate and /proxyValidate juste changing the parameter.

get(request)[source]¶

method called on GET request on this view

Parameters: request (django.http.HttpRequest) – The current request object:
Returns: The rendering of cas_server/serviceValidate.xml if no errors is raised, the rendering or cas_server/serviceValidateError.xml otherwise.
Return type: django.http.HttpResponse

process_ticket()[source]¶

fetch the ticket against the database and check its validity

Raises: ValidateError – if the ticket is not found or not valid, potentially for that service
Returns: A couple (ticket, proxies list)
Return type: tuple

process_pgturl(params)[source]¶

Handle PGT request

Parameters: params (dict) – A template context dict
Raises: ValidateError – if pgtUrl is invalid or if TLS validation of the pgtUrl fails
Returns: The rendering of cas_server/serviceValidate.xml, using params
Return type: django.http.HttpResponse

class cas_server.views.Proxy(**kwargs)[source]¶

Bases: django.views.generic.base.View

proxy ticket service

request = None¶: Current django.http.HttpRequest object

pgt = None¶: A ProxyGrantingTicket from the pgt GET parameter

target_service = None¶: the targetService GET parameter

get(request)[source]¶

method called on GET request on this view

Parameters: request (django.http.HttpRequest) – The current request object:
Returns: The returned value of process_proxy() if no error is raised, else the rendering of cas_server/serviceValidateError.xml.
Return type: django.http.HttpResponse

process_proxy()[source]¶

handle PT request

Raises: ValidateError – if the PGT is not found, or the target service not allowed or the user not allowed on the tardet service.
Returns: The rendering of cas_server/proxy.xml
Return type: django.http.HttpResponse

exception cas_server.views.SamlValidateError(code, msg='')[source]¶

Bases: cas_server.views.ValidationBaseError

handle saml validation error

template = 'cas_server/samlValidateError.xml'¶: template to be render for the error

context()[source]¶

Returns: A dictionary to contextualize template
Return type: dict

class cas_server.views.SamlValidate(**kwargs)[source]¶

Bases: cas_server.views.CsrfExemptView

SAML ticket validation

request = None¶

target = None¶

ticket = None¶

root = None¶

post(request, *args, **kwargs)[source]¶

method called on POST request on this view

Parameters: request (django.http.HttpRequest) – The current request object
Returns: the rendering of cas_server/samlValidate.xml if no error is raised, else the rendering of cas_server/samlValidateError.xml.
Return type: django.http.HttpResponse

process_ticket()[source]¶

validate ticket from SAML XML body

Raises: SamlValidateError: if the ticket is not found or not valid, or if we fail to parse the posted XML.
Returns: a ticket object
Return type: models.Ticket