-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCASClient.py
90 lines (71 loc) · 2.93 KB
/
CASClient.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# ----------------------------------------------------------------------
# CASClient.py
# Authors: Alex Halderman, Scott Karlin, Brian Kernighan, Bob Dondero
# ----------------------------------------------------------------------
from re import sub
from urllib.parse import quote
from urllib.request import urlopen
from flask import abort, redirect, request, session
class CASClient:
# Initialize a new CASClient object so it uses the given CAS
# server, or fed.princeton.edu if no server is given.
def __init__(self, url="https://fed.princeton.edu/cas/"):
self.cas_url = url
# Return the URL of the current request after stripping out the
# "ticket" parameter added by the CAS server.
def stripTicket(self):
url = request.url
if url is None:
return "something is badly wrong"
url = sub(r"ticket=[^&]*&?", "", url)
url = sub(r"\?&?$|&$", "", url)
return url
# Return True if user is logged in
def is_logged_in(self):
return "username" in session
# Validate a login ticket by contacting the CAS server. If
# valid, return the user's username; otherwise, return None.
def validate(self, ticket):
val_url = (
self.cas_url
+ "validate"
+ "?service="
+ quote(self.stripTicket())
+ "&ticket="
+ quote(ticket)
)
r = urlopen(val_url).readlines() # returns 2 lines
if len(r) != 2:
return None
firstLine = r[0].decode("utf-8")
secondLine = r[1].decode("utf-8")
if not firstLine.startswith("yes"):
return None
return secondLine
# Authenticate the remote user, and return the user's username.
# Do not return unless the user is successfully authenticated.
def authenticate(self):
# If the user's username is in the session, then the user was
# authenticated previously. So return the user's username.
if "username" in session:
return session.get("username").lower().strip()
# If the request contains a login ticket, then try to
# validate it.
ticket = request.args.get("ticket")
if ticket is not None:
username = self.validate(ticket)
if username is not None:
# The user is authenticated, so store the user's
# username in the session.
session["username"] = username
return username.lower().strip()
# The request does not contain a valid login ticket, so
# redirect the browser to the login page to get one.
login_url = self.cas_url + "login" + "?service=" + quote(self.stripTicket())
abort(redirect(login_url))
# Logout the user.
def logout(self):
# Delete the user's username from the session.
if "username" in session:
session.pop("username")
abort(redirect("/landing"))