From 20f11eca771f031674358e3bc08740baab647787 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Fri, 3 Jun 2016 14:11:07 +0200 Subject: [PATCH] Use a POST for "warn me" and only generate the ticket after the "warn me" page --- cas_server/forms.py | 7 ++++++ cas_server/templates/cas_server/warn.html | 8 +++++-- cas_server/views.py | 26 +++++++++++++++++------ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/cas_server/forms.py b/cas_server/forms.py index 58871b0..213cea9 100644 --- a/cas_server/forms.py +++ b/cas_server/forms.py @@ -17,6 +17,13 @@ from django.utils.translation import ugettext_lazy as _ import cas_server.utils as utils import cas_server.models as models +class WarnForm(forms.Form): + service = forms.CharField(widget=forms.HiddenInput(), required=False) + renew = forms.BooleanField(widget=forms.HiddenInput(), required=False) + gateway = forms.CharField(widget=forms.HiddenInput(), required=False) + method = forms.CharField(widget=forms.HiddenInput(), required=False) + warned = forms.BooleanField(widget=forms.HiddenInput(), required=False) + lt = forms.CharField(widget=forms.HiddenInput(), required=False) class UserCredential(forms.Form): """Form used on the login page to retrive user credentials""" diff --git a/cas_server/templates/cas_server/warn.html b/cas_server/templates/cas_server/warn.html index 9463992..88b566d 100644 --- a/cas_server/templates/cas_server/warn.html +++ b/cas_server/templates/cas_server/warn.html @@ -4,6 +4,10 @@ {% load i18n %} {% block content %} -{% bootstrap_button _('Connect to the service') size='lg' button_class="btn-primary btn-block" href=service_ticket_url %} +
+{% csrf_token %} +{% bootstrap_form form %} +{% bootstrap_button _('Login') size='lg' button_type="submit" button_class="btn-primary btn-block"%} +
+{{request.session.authenticated}} {% endblock %} - diff --git a/cas_server/views.py b/cas_server/views.py index 6c6c4b2..8ac40b9 100644 --- a/cas_server/views.py +++ b/cas_server/views.py @@ -197,10 +197,15 @@ class LoginView(View, LogoutMixin): def init_post(self, request): self.request = request self.service = request.POST.get('service') - self.renew = True if request.POST.get('renew') else False + if request.POST.get('renew') and request.POST['renew'] != "False" : + self.renew = True + else: + self.renew = False self.gateway = request.POST.get('gateway') self.method = request.POST.get('method') self.ajax = 'HTTP_X_AJAX' in request.META + if request.POST.get('warned') and request.POST['warned'] != "False": + self.warned = True def check_lt(self): # save LT for later check @@ -279,7 +284,10 @@ class LoginView(View, LogoutMixin): def init_get(self, request): self.request = request self.service = request.GET.get('service') - self.renew = True if request.GET.get('renew') else False + if request.GET.get('renew') and request.GET['renew'] != "False": + self.renew = True + else: + self.renew = False self.gateway = request.GET.get('gateway') self.method = request.GET.get('method') self.ajax = 'HTTP_X_AJAX' in request.META @@ -329,14 +337,18 @@ class LoginView(View, LogoutMixin): data = {"status": "error", "detail": "confirmation needed"} return JsonResponse(self.request, data) else: + warn_form = forms.WarnForm(initial={ + 'service': self.service, + 'renew': self.renew, + 'gateway': self.gateway, + 'method': self.method, + 'warned': True, + 'lt': self.request.session['lt'][-1] + }) return render( self.request, settings.CAS_WARN_TEMPLATE, - {'service_ticket_url': self.user.get_service_url( - self.service, - service_pattern, - renew=self.renew - )} + {'form': warn_form} ) else: # redirect, using method ?