0003-cas-check-if-user-is-authorized-through-the-client.patch
src/authentic2_idp_cas/views.py | ||
---|---|---|
11 | 11 | |
12 | 12 |
from authentic2.utils import (get_user_from_session_key, make_url, |
13 | 13 |
login_require, find_authentication_event, redirect, normalize_attribute_values, |
14 |
attribute_values_to_identifier) |
|
14 |
attribute_values_to_identifier, redirect_to_unauthorized)
|
|
15 | 15 |
from authentic2.attributes_ng.engine import get_attributes |
16 | 16 |
from authentic2.constants import NONCE_FIELD_NAME |
17 | 17 |
from authentic2.views import logout as logout_view |
... | ... | |
68 | 68 |
st.save() |
69 | 69 |
if st.service.logout_url: |
70 | 70 |
request.session.setdefault(SESSION_CAS_LOGOUTS, []).append(( |
71 |
st.service.name,
|
|
71 |
st.service.name, |
|
72 | 72 |
st.service.get_logout_url(request), |
73 | 73 |
st.service.logout_use_iframe, |
74 | 74 |
st.service.logout_use_iframe_timeout)) |
... | ... | |
164 | 164 |
return self.authenticate(request, st) |
165 | 165 |
self.validate_ticket(request, st) |
166 | 166 |
if st.valid(): |
167 |
# check if user is authorized through this service |
|
168 |
if not st.service.authorize(request): |
|
169 |
return redirect_to_unauthorized(request, st.service) |
|
167 | 170 |
return redirect(request, service, params={'ticket': st.ticket_id}) |
168 |
# Should not happen
|
|
171 |
# Should not happen |
|
169 | 172 |
assert False |
170 | 173 | |
171 | 174 | |
... | ... | |
340 | 343 | |
341 | 344 |
class ProxyView(View): |
342 | 345 |
http_method_names = ['get'] |
343 |
|
|
346 | ||
344 | 347 |
def get(self, request): |
345 | 348 |
pgt = request.GET.get(PGT_PARAM) |
346 | 349 |
target_service_url = request.GET.get(TARGET_SERVICE_PARAM) |
347 |
- |