Use session to transmist username/ticket from fedeare view to login view

Hence, these parameter are not recorder in the user history, and thus
the user username do not apear anymore in the history. This respect more the
user privacy.
This commit is contained in:
Valentin Samir 2016-06-22 12:46:18 +02:00
parent 8ddf06b82a
commit d1c5ff4019
2 changed files with 17 additions and 6 deletions

View file

@ -29,7 +29,6 @@ class CASFederateValidateUser(object):
service_url=service_url,
version=version,
server_url=server_url,
extra_login_params={"provider": provider},
renew=False,
)

View file

@ -215,8 +215,9 @@ class FederateAuth(View):
else:
ticket = request.GET['ticket']
if auth.verify_ticket(ticket):
params = utils.copy_params(request.GET)
params['username'] = "%s@%s" % (auth.username, auth.provider)
params = utils.copy_params(request.GET, ignore={"ticket"})
request.session["federate_username"] = "%s@%s" % (auth.username, auth.provider)
request.session["federate_ticket"] = ticket
url = utils.reverse_params("cas_server:login", params)
return HttpResponseRedirect(url)
else:
@ -242,6 +243,10 @@ class LoginView(View, LogoutMixin):
renewed = False
warned = False
if settings.CAS_FEDERATE:
username = None
ticket = None
INVALID_LOGIN_TICKET = 1
USER_LOGIN_OK = 2
USER_LOGIN_FAILURE = 3
@ -307,7 +312,10 @@ class LoginView(View, LogoutMixin):
)
self.user.save()
elif ret == self.USER_LOGIN_FAILURE: # bad user login
if settings.CAS_FEDERATE:
self.ticket = None
self.usernalme = None
self.init_form()
self.logout()
elif ret == self.USER_ALREADY_LOGGED:
pass
@ -353,8 +361,12 @@ class LoginView(View, LogoutMixin):
self.ajax = 'HTTP_X_AJAX' in request.META
self.warn = request.GET.get('warn')
if settings.CAS_FEDERATE:
self.username = request.GET.get('username')
self.ticket = request.GET.get('ticket')
self.username = request.session.get("federate_username")
self.ticket = request.session.get("federate_ticket")
if self.username:
del request.session["federate_username"]
if self.ticket:
del request.session["federate_ticket"]
def get(self, request, *args, **kwargs):
"""methode called on GET request on this view"""