Use a POST for "warn me" and only generate the ticket after the "warn me" page

2016-06-03 14:11:07 +02:00 · 2016-06-03 14:11:07 +02:00 · 20f11eca77
commit 20f11eca77
parent 851f32bfd4
3 changed files with 32 additions and 9 deletions
--- a/cas_server/forms.py
+++ b/cas_server/forms.py
@ -17,6 +17,13 @@ from django.utils.translation import ugettext_lazy as _
 import cas_server.utils as utils
 import cas_server.models as models

+class WarnForm(forms.Form):
+    service = forms.CharField(widget=forms.HiddenInput(), required=False)
+    renew = forms.BooleanField(widget=forms.HiddenInput(), required=False)
+    gateway = forms.CharField(widget=forms.HiddenInput(), required=False)
+    method = forms.CharField(widget=forms.HiddenInput(), required=False)
+    warned = forms.BooleanField(widget=forms.HiddenInput(), required=False)
+    lt = forms.CharField(widget=forms.HiddenInput(), required=False)

 class UserCredential(forms.Form):
    """Form used on the login page to retrive user credentials"""
--- a/cas_server/templates/cas_server/warn.html
+++ b/cas_server/templates/cas_server/warn.html
@ -4,6 +4,10 @@
 {% load i18n %}

 {% block content %}
-{% bootstrap_button _('Connect to the service') size='lg' button_class="btn-primary btn-block" href=service_ticket_url %}
+      <form class="form-signin" method="post">
+{% csrf_token %}
+{% bootstrap_form form %}
+{% bootstrap_button _('Login') size='lg' button_type="submit" button_class="btn-primary btn-block"%}
+      </form>
+{{request.session.authenticated}}
 {% endblock %}
-
--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -197,10 +197,15 @@ class LoginView(View, LogoutMixin):
    def init_post(self, request):
        self.request = request
        self.service = request.POST.get('service')
-        self.renew = True if request.POST.get('renew') else False
+        if request.POST.get('renew') and request.POST['renew'] != "False" :
+            self.renew = True
+        else:
+            self.renew = False
        self.gateway = request.POST.get('gateway')
        self.method = request.POST.get('method')
        self.ajax = 'HTTP_X_AJAX' in request.META
+        if request.POST.get('warned') and request.POST['warned'] != "False":
+            self.warned = True

    def check_lt(self):
        # save LT for later check
@ -279,7 +284,10 @@ class LoginView(View, LogoutMixin):
    def init_get(self, request):
        self.request = request
        self.service = request.GET.get('service')
-        self.renew = True if request.GET.get('renew') else False
+        if request.GET.get('renew') and request.GET['renew'] != "False":
+            self.renew = True
+        else:
+            self.renew = False
        self.gateway = request.GET.get('gateway')
        self.method = request.GET.get('method')
        self.ajax = 'HTTP_X_AJAX' in request.META
@ -329,14 +337,18 @@ class LoginView(View, LogoutMixin):
                    data = {"status": "error", "detail": "confirmation needed"}
                    return JsonResponse(self.request, data)
                else:
+                    warn_form = forms.WarnForm(initial={
+                        'service': self.service,
+                        'renew': self.renew,
+                        'gateway': self.gateway,
+                        'method': self.method,
+                        'warned': True,
+                        'lt': self.request.session['lt'][-1]
+                    })
                    return render(
                        self.request,
                        settings.CAS_WARN_TEMPLATE,
-                        {'service_ticket_url': self.user.get_service_url(
-                            self.service,
-                            service_pattern,
-                            renew=self.renew
-                        )}
+                        {'form': warn_form}
                    )
            else:
                # redirect, using method ?