cas_server.views module

views for the app

class cas_server.views.LogoutMixin[source]

Bases: object

destroy CAS session utils

logout(all_session=False)[source]

effectively destroy a CAS session

Parameters:all_session (boolean) – If True destroy all the user sessions, otherwise destroy the current user session.
Returns:The number of destroyed sessions
Return type:int
class cas_server.views.CsrfExemptView(**kwargs)[source]

Bases: django.views.generic.base.View

base class for csrf exempt class views

dispatch(*args, **kwargs)[source]

dispatch different http request to the methods of the same name

Parameters:request (django.http.HttpRequest) – The current request object
class cas_server.views.LogoutView(**kwargs)[source]

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

destroy CAS session (logout) view

request = None

current django.http.HttpRequest object

service = None

service GET parameter

url = None

url GET paramet

ajax = None

True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

init_get(request)[source]

Initialize the LogoutView attributes on GET request

Parameters:request (django.http.HttpRequest) – The current request object
get(request, *args, **kwargs)[source]

methode called on GET request on this view

Parameters:request (django.http.HttpRequest) – The current request object
class cas_server.views.FederateAuth(**kwargs)[source]

Bases: cas_server.views.CsrfExemptView

view to authenticated user agains a backend CAS then CAS_FEDERATE is True

csrf is disabled for allowing SLO requests reception.

service_url = None

current URL used as service URL by the CAS client

get_cas_client(request, provider, renew=False)[source]

return a CAS client object matching provider

Parameters:
Returns:

The user CAS client object

Return type:

federate.CASFederateValidateUser

post(request, provider=None)[source]

method called on POST request

Parameters:
get(request, provider=None)[source]

method called on GET request

Parameters:
  • request (django.http.HttpRequestself.) – The current request object
  • provider (unicode) – Optional parameter. The user provider suffix.
class cas_server.views.LoginView(**kwargs)[source]

Bases: django.views.generic.base.View, cas_server.views.LogoutMixin

credential requestor / acceptor

user = None

The current models.User object

form = None

The form to display to the user

request = None

current django.http.HttpRequest object

service = None

service GET/POST parameter

renew = None

True if renew GET/POST parameter is present and not “False”

warn = None

the warn GET/POST parameter

gateway = None

the gateway GET/POST parameter

method = None

the method GET/POST parameter

ajax = None

True if the HTTP_X_AJAX http header is sent and settings.CAS_ENABLE_AJAX_AUTH is True, False otherwise.

renewed = False

True if the user has just authenticated

warned = False

True if renew GET/POST parameter is present and not “False”

username = None

The FederateAuth transmited username (only used if settings.CAS_FEDERATE is True)

ticket = None

The FederateAuth transmited ticket (only used if settings.CAS_FEDERATE is True)

INVALID_LOGIN_TICKET = 1
USER_LOGIN_OK = 2
USER_LOGIN_FAILURE = 3
USER_ALREADY_LOGGED = 4
USER_AUTHENTICATED = 5
USER_NOT_AUTHENTICATED = 6
init_post(request)[source]

Initialize POST received parameters

Parameters:request (django.http.HttpRequest) – The current request object
gen_lt()[source]

Generate a new LoginTicket and add it to the list of valid LT for the user

check_lt()[source]

Check is the POSTed LoginTicket is valid, if yes invalide it

Returns:True if the LoginTicket is valid, False otherwise
Return type:bool
post(request, *args, **kwargs)[source]

methode called on POST request on this view

Parameters:request (django.http.HttpRequest) – The current request object
process_post()[source]

Analyse the POST request:

  • check that the LoginTicket is valid
  • check that the user sumited credentials are valid
Returns:
  • INVALID_LOGIN_TICKET if the POSTed LoginTicket is not valid
  • USER_ALREADY_LOGGED if the user is already logged and do no request reauthentication.
  • USER_LOGIN_FAILURE if the user is not logged or request for reauthentication and his credentials are not valid
  • USER_LOGIN_OK if the user is not logged or request for reauthentication and his credentials are valid
Return type:int
init_get(request)[source]

Initialize GET received parameters

Parameters:request (django.http.HttpRequest) – The current request object
get(request, *args, **kwargs)[source]

methode called on GET request on this view

Parameters:request (django.http.HttpRequest) – The current request object
process_get()[source]

Analyse the GET request

Returns:
Return type:int
init_form(values=None)[source]

Initialization of the good form depending of POST and GET parameters

Parameters:values (django.http.QueryDict) – A POST or GET QueryDict
service_login()[source]

Perform login agains a service

Returns:
  • The rendering of the settings.CAS_WARN_TEMPLATE if the user asked to be warned before ticket emission and has not yep been warned.
  • The redirection to the service URL with a ticket GET parameter
  • The redirection to the service URL without a ticket if ticket generation failed and the gateway attribute is set
  • The rendering of the settings.CAS_LOGGED_TEMPLATE template with some error messages if the ticket generation failed (e.g: user not allowed).
Return type:django.http.HttpResponse
authenticated()[source]

Processing authenticated users

Returns:
  • The returned value of service_login() if service is defined
  • The rendering of settings.CAS_LOGGED_TEMPLATE otherwise
Return type:django.http.HttpResponse
not_authenticated()[source]

Processing non authenticated users

Returns:
  • The rendering of settings.CAS_LOGIN_TEMPLATE with various messages depending of GET/POST parameters
  • The redirection to FederateAuth if settings.CAS_FEDERATE is True and the “remember my identity provider” cookie is found
Return type:django.http.HttpResponse
common()[source]

Common part execute uppon GET and POST request

Returns:
  • The returned value of authenticated() if the user is authenticated and not requesting for authentication or if the authentication has just been renewed
  • The returned value of not_authenticated() otherwise
Return type:django.http.HttpResponse
class cas_server.views.Auth(**kwargs)[source]

Bases: cas_server.views.CsrfExemptView

A simple view to validate username/password/service tuple

csrf is disable as it is intended to be used by programs. Security is assured by a shared secret between the programs dans django-cas-server.

static post(request)[source]

methode called on POST request on this view

Parameters:request (django.http.HttpRequest) – The current request object
Returns:HttpResponse(u"yes\n") if the POSTed tuple (username, password, service) if valid (i.e. (username, password) is valid dans username is allowed on service). HttpResponse(u"no\n…") otherwise, with possibly an error message on the second line.
Return type:django.http.HttpResponse
class cas_server.views.Validate(**kwargs)[source]

Bases: django.views.generic.base.View

service ticket validation

static get(request)[source]

methode called on GET request on this view

Parameters:request (django.http.HttpRequest) – The current request object
Returns:
  • HttpResponse("yes\nusername") if submited (service, ticket) is valid
  • else HttpResponse("no\n")
Return type:django.http.HttpResponse
exception cas_server.views.ValidationBaseError(code, msg='')[source]

Bases: exceptions.Exception

Base class for both saml and cas validation error

code = None

The error code

msg = None

The error message

render(request)[source]

render the error template for the exception

Parameters:request (django.http.HttpRequest) – The current request object:
Returns:the rendered cas_server/serviceValidateError.xml template
Return type:django.http.HttpResponse
exception cas_server.views.ValidateError(code, msg='')[source]

Bases: cas_server.views.ValidationBaseError

handle service validation error

template = 'cas_server/serviceValidateError.xml'

template to be render for the error

context()[source]

content to use to render template

Returns:A dictionary to contextualize template
Return type:dict
class cas_server.views.ValidateService(**kwargs)[source]

Bases: django.views.generic.base.View

service ticket validation [CAS 2.0] and [CAS 3.0]

request = None

Current django.http.HttpRequest object

service = None

The service GET parameter

ticket = None

the ticket GET parameter

pgt_url = None

the pgtUrl GET parameter

renew = None

the renew GET parameter

allow_proxy_ticket = False

specify if ProxyTicket are allowed by the view. Hence we user the same view for /serviceValidate and /proxyValidate juste changing the parameter.

get(request)[source]

methode called on GET request on this view

Parameters:request (django.http.HttpRequest) – The current request object:
Returns:The rendering of cas_server/serviceValidate.xml if no errors is raised, the rendering or cas_server/serviceValidateError.xml otherwise.
Return type:django.http.HttpResponse
process_ticket()[source]

fetch the ticket against the database and check its validity

Raises:ValidateError – if the ticket is not found or not valid, potentially for that service
Returns:A couple (ticket, proxies list)
Return type:tuple
process_pgturl(params)[source]

Handle PGT request

Parameters:params (dict) – A template context dict
Raises:ValidateError – if pgtUrl is invalid or if TLS validation of the pgtUrl fails
Returns:The rendering of cas_server/serviceValidate.xml, using params
Return type:django.http.HttpResponse
class cas_server.views.Proxy(**kwargs)[source]

Bases: django.views.generic.base.View

proxy ticket service

request = None

Current django.http.HttpRequest object

pgt = None

A ProxyGrantingTicket from the pgt GET parameter

target_service = None

the targetService GET parameter

get(request)[source]

methode called on GET request on this view

Parameters:request (django.http.HttpRequest) – The current request object:
Returns:The returned value of process_proxy() if no error is raised, else the rendering of cas_server/serviceValidateError.xml.
Return type:django.http.HttpResponse
process_proxy()[source]

handle PT request

Raises:ValidateError – if the PGT is not found, or the target service not allowed or the user not allowed on the tardet service.
Returns:The rendering of cas_server/proxy.xml
Return type:django.http.HttpResponse
exception cas_server.views.SamlValidateError(code, msg='')[source]

Bases: cas_server.views.ValidationBaseError

handle saml validation error

template = 'cas_server/samlValidateError.xml'

template to be render for the error

context()[source]
Returns:A dictionary to contextualize template
Return type:dict
class cas_server.views.SamlValidate(**kwargs)[source]

Bases: cas_server.views.CsrfExemptView

SAML ticket validation

request = None
target = None
ticket = None
root = None
post(request)[source]

methode called on POST request on this view

Parameters:request (django.http.HttpRequest) – The current request object
Returns:the rendering of cas_server/samlValidate.xml if no error is raised, else the rendering of cas_server/samlValidateError.xml.
Return type:django.http.HttpResponse
process_ticket()[source]

validate ticket from SAML XML body

Raises:SamlValidateError: if the ticket is not found or not valid, or if we fail to parse the posted XML.
Returns:a ticket object
Return type:models.Ticket