CAT-SOOP is a flexible, programmable learning management system based on the Python programming language. https://catsoop.mit.edu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

129 lines
4.4 KiB

  1. # This file is part of CAT-SOOP
  2. # Copyright (c) 2011-2020 by The CAT-SOOP Developers <catsoop-dev@mit.edu>
  3. #
  4. # This program is free software: you can redistribute it and/or modify it under
  5. # the terms of the GNU Affero General Public License as published by the Free
  6. # Software Foundation, either version 3 of the License, or (at your option) any
  7. # later version.
  8. #
  9. # This program is distributed in the hope that it will be useful, but WITHOUT
  10. # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. # FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
  12. # details.
  13. #
  14. # You should have received a copy of the GNU Affero General Public License
  15. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  16. """
  17. Authenticate using CAS (https://en.wikipedia.org/wiki/Central_Authentication_Service)
  18. """
  19. import urllib.parse
  20. import urllib.request
  21. from catsoop import debug_log
  22. LOGGER = debug_log.LOGGER
  23. # -----------------------------------------------------------------------------
  24. def get_logged_in_user(context):
  25. """
  26. Authenticate using CAS
  27. """
  28. session = context["cs_session_data"]
  29. logintype = context["csm_auth"].get_auth_type_by_name(context, "login")
  30. _get_base_url = logintype["_get_base_url"]
  31. cas_url = context["cs_cas_server"]
  32. redir_url = "%s/_auth/cas/callback" % context["cs_url_root"]
  33. # if the session tells us someone is logged in, return their
  34. # information
  35. action = context["cs_form"].get("loginaction", None)
  36. LOGGER.info("[auth.cas] login action=%s" % action)
  37. if action == "logout":
  38. ticket = context["cs_session_data"].get("cas_ticket", "")
  39. logout_url = (
  40. cas_url
  41. + "/logout"
  42. + "?service="
  43. + urllib.parse.quote(redir_url)
  44. + "&ticket="
  45. + urllib.parse.quote(ticket)
  46. )
  47. try:
  48. ret = urllib.request.urlopen(logout_url).read()
  49. LOGGER.info("[auth.cas] CAS server logout returnd ret=%s" % ret)
  50. except Exception as err:
  51. LOGGER.error(
  52. "[auth.cas] CAS server rejected logout request, err=%s" % str(err)
  53. )
  54. context["cs_session_data"] = {}
  55. return {"cs_reload": True}
  56. elif "username" in session:
  57. uname = session["username"]
  58. return {
  59. "username": uname,
  60. "name": session.get("name", uname),
  61. "email": session.get("email", uname),
  62. }
  63. elif action is None:
  64. if context.get("cs_view_without_auth", True):
  65. old_postload = context.get("cs_post_load", None)
  66. def new_postload(context):
  67. if old_postload is not None:
  68. old_postload(context)
  69. if "cs_login_box" in context:
  70. lbox = context["cs_login_box"](context)
  71. else:
  72. lbox = LOGIN_BOX % (
  73. _get_base_url(context),
  74. context["cs_cas_server"],
  75. )
  76. context["cs_content"] = lbox + context["cs_content"]
  77. context["cs_post_load"] = new_postload
  78. return {}
  79. else:
  80. context["cs_handler"] = "passthrough"
  81. context["cs_content_header"] = "Please Log In"
  82. context["cs_content"] = LOGIN_PAGE % (_get_base_url(context), cas_url)
  83. return {"cs_render_now": True}
  84. elif action == "login":
  85. login_url = cas_url + "/login" + "?service=" + urllib.parse.quote(redir_url)
  86. LOGGER.info("no auth, reditecting to %s" % login_url)
  87. session["_cas_course"] = context["cs_course"]
  88. session["_cas_path"] = context["cs_path_info"]
  89. return {"cs_redirect": login_url}
  90. else:
  91. raise Exception("Unknown action: %r" % action)
  92. LOGIN_PAGE = """
  93. <div id="catsoop_login_box">
  94. Access to this page requires logging in via CAS. Please <a
  95. href="%s?loginaction=login">Log In</a> to continue.<br/>Note that this link
  96. will take you to an external site (<tt>%s</tt>) to authenticate, and then you
  97. will be redirected back to this page.
  98. </div>
  99. """
  100. LOGIN_BOX = """
  101. <div class="response" id="catsoop_login_box">
  102. <b><center>You are not logged in.</center></b><br/>
  103. If you are a current student, please <a href="%s?loginaction=login">Log
  104. In</a> for full access to the web site.<br/>Note that this link will take you to
  105. an external site (<tt>%s</tt>) to authenticate, and then you will be redirected
  106. back to this page.
  107. </div>
  108. """