0003-cas-check-if-user-is-authorized-through-the-client.patch
| src/authentic2_idp_cas/views.py | ||
|---|---|---|
| 11 | 11 | |
| 12 | 12 |
from authentic2.utils import (get_user_from_session_key, make_url, |
| 13 | 13 |
login_require, find_authentication_event, redirect, normalize_attribute_values, |
| 14 |
attribute_values_to_identifier) |
|
| 14 |
attribute_values_to_identifier, redirect_to_unauthorized)
|
|
| 15 | 15 |
from authentic2.attributes_ng.engine import get_attributes |
| 16 | 16 |
from authentic2.constants import NONCE_FIELD_NAME |
| 17 | 17 |
from authentic2.views import logout as logout_view |
| ... | ... | |
| 68 | 68 |
st.save() |
| 69 | 69 |
if st.service.logout_url: |
| 70 | 70 |
request.session.setdefault(SESSION_CAS_LOGOUTS, []).append(( |
| 71 |
st.service.name,
|
|
| 71 |
st.service.name, |
|
| 72 | 72 |
st.service.get_logout_url(request), |
| 73 | 73 |
st.service.logout_use_iframe, |
| 74 | 74 |
st.service.logout_use_iframe_timeout)) |
| ... | ... | |
| 164 | 164 |
return self.authenticate(request, st) |
| 165 | 165 |
self.validate_ticket(request, st) |
| 166 | 166 |
if st.valid(): |
| 167 |
# check if user is authorized through this service |
|
| 168 |
if not st.service.authorize(request): |
|
| 169 |
return redirect_to_unauthorized(request, st.service) |
|
| 167 | 170 |
return redirect(request, service, params={'ticket': st.ticket_id})
|
| 168 |
# Should not happen
|
|
| 171 |
# Should not happen |
|
| 169 | 172 |
assert False |
| 170 | 173 | |
| 171 | 174 | |
| ... | ... | |
| 340 | 343 | |
| 341 | 344 |
class ProxyView(View): |
| 342 | 345 |
http_method_names = ['get'] |
| 343 |
|
|
| 346 | ||
| 344 | 347 |
def get(self, request): |
| 345 | 348 |
pgt = request.GET.get(PGT_PARAM) |
| 346 | 349 |
target_service_url = request.GET.get(TARGET_SERVICE_PARAM) |
| 347 |
- |
|