-
Notifications
You must be signed in to change notification settings - Fork 0
/
CASClient.py
98 lines (73 loc) · 3.08 KB
/
CASClient.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# ----------------------------------------------------------------------
# CASClient.py
# Authors: Alex Halderman, Scott Karlin, Brian Kernighan, Bob Dondero
# ----------------------------------------------------------------------
from urllib.request import urlopen
from urllib.parse import quote
from re import sub
from flask import request, session, redirect, abort
class CASClient:
# Initialize a new CASClient object so it uses the given CAS
# server, or fed.princeton.edu if no server is given.
def __init__(self, url='https://fed.princeton.edu/cas/'):
self.cas_url = url
# Return the URL of the current request after stripping out the
# "ticket" parameter added by the CAS server.
def stripTicket(self):
url = request.url
if url is None:
return 'something is badly wrong'
url = sub(r'ticket=[^&]*&?', '', url)
url = sub(r'\?&?$|&$', '', url)
return url
# Return True if user is logged in
def is_logged_in(self):
return 'username' in session
# Validate a login ticket by contacting the CAS server. If
# valid, return the user's username; otherwise, return None.
def validate(self, ticket):
val_url = self.cas_url + 'validate' + \
'?service=' + quote(self.stripTicket()) + \
'&ticket=' + quote(ticket)
r = urlopen(val_url).readlines() # returns 2 lines
if len(r) != 2:
return None
firstLine = r[0].decode('utf-8')
secondLine = r[1].decode('utf-8')
if not firstLine.startswith('yes'):
return None
return secondLine
# Authenticate the remote user, and return the user's username.
# Do not return unless the user is successfully authenticated.
def authenticate(self):
# If the user's username is in the session, then the user was
# authenticated previously. So return the user's username.
if 'username' in session:
return session.get('username')
# If the request contains a login ticket, then try to
# validate it.
ticket = request.args.get('ticket')
if ticket is not None:
username = self.validate(ticket)
if username is not None:
# The user is authenticated, so store the user's
# username in the session.
session['username'] = username
return username
# The request does not contain a valid login ticket, so
# redirect the browser to the login page to get one.
login_url = self.cas_url + 'login' \
+ '?service=' + quote(self.stripTicket())
abort(redirect(login_url))
# Logout the user.
def logout(self):
if 'username' in session:
# Delete the user's username from the session.
session.pop('username')
# Redirect the browser to the landing page.
abort(redirect('landing'))
# -----------------------------------------------------------------------
def main():
print('CASClient does not run standalone')
if __name__ == '__main__':
main()