From aae3a0186e81a67a660d1e8985cd9df503e2229c Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sun, 31 Jul 2016 20:30:27 +0200 Subject: [PATCH] Factorize froms.py --- cas_server/forms.py | 72 +++++++++++++------------------ cas_server/tests/test_federate.py | 14 ++---- cas_server/views.py | 7 ++- 3 files changed, 39 insertions(+), 54 deletions(-) diff --git a/cas_server/forms.py b/cas_server/forms.py index 2e554bb..b0d8ad4 100644 --- a/cas_server/forms.py +++ b/cas_server/forms.py @@ -19,7 +19,11 @@ import cas_server.models as models class BootsrapForm(forms.Form): - """Form base class to use boostrap then rendering the form fields""" + """ + Bases: :class:`django.forms.Form` + + Form base class to use boostrap then rendering the form fields + """ def __init__(self, *args, **kwargs): super(BootsrapForm, self).__init__(*args, **kwargs) for (name, field) in self.fields.items(): @@ -39,29 +43,36 @@ class BootsrapForm(forms.Form): field.widget.attrs.update(attrs) -class WarnForm(BootsrapForm): +class BaseLogin(BootsrapForm): """ - Bases: :class:`django.forms.Form` + Bases: :class:`BootsrapForm` - Form used on warn page before emiting a ticket + Base form with all field possibly hidden on the login pages """ - #: The service url for which the user want a ticket service = forms.CharField(widget=forms.HiddenInput(), required=False) + #: A valid LoginTicket to prevent POST replay + lt = forms.CharField(widget=forms.HiddenInput(), required=False) #: Is the service asking the authentication renewal ? renew = forms.BooleanField(widget=forms.HiddenInput(), required=False) #: Url to redirect to if the authentication fail (user not authenticated or bad service) gateway = forms.CharField(widget=forms.HiddenInput(), required=False) method = forms.CharField(widget=forms.HiddenInput(), required=False) + + +class WarnForm(BaseLogin): + """ + Bases: :class:`BaseLogin` + + Form used on warn page before emiting a ticket + """ #: ``True`` if the user has been warned of the ticket emission warned = forms.BooleanField(widget=forms.HiddenInput(), required=False) - #: A valid LoginTicket to prevent POST replay - lt = forms.CharField(widget=forms.HiddenInput(), required=False) -class FederateSelect(BootsrapForm): +class FederateSelect(BaseLogin): """ - Bases: :class:`django.forms.Form` + Bases: :class:`BaseLogin` Form used on the login page when ``settings.CAS_FEDERATE`` is ``True`` allowing the user to choose an identity provider. @@ -76,9 +87,6 @@ class FederateSelect(BootsrapForm): to_field_name="suffix", label=_('Identity provider'), ) - #: The service url for which the user want a ticket - service = forms.CharField(label=_('service'), widget=forms.HiddenInput(), required=False) - method = forms.CharField(widget=forms.HiddenInput(), required=False) #: A checkbox to remember the user choices of :attr:`provider` remember = forms.BooleanField(label=_('Remember the identity provider'), required=False) #: A checkbox to ask to be warn before emiting a ticket for another service @@ -86,35 +94,23 @@ class FederateSelect(BootsrapForm): label=_('Warn me before logging me into other sites.'), required=False ) - #: Is the service asking the authentication renewal ? - renew = forms.BooleanField(widget=forms.HiddenInput(), required=False) -class UserCredential(BootsrapForm): +class UserCredential(BaseLogin): """ - Bases: :class:`django.forms.Form` + Bases: :class:`BaseLogin` Form used on the login page to retrive user credentials """ #: The user username username = forms.CharField(label=_('username')) - #: The service url for which the user want a ticket - service = forms.CharField(label=_('service'), widget=forms.HiddenInput(), required=False) #: The user password password = forms.CharField(label=_('password'), widget=forms.PasswordInput) - #: A valid LoginTicket to prevent POST replay - lt = forms.CharField(widget=forms.HiddenInput(), required=False) - method = forms.CharField(widget=forms.HiddenInput(), required=False) #: A checkbox to ask to be warn before emiting a ticket for another service warn = forms.BooleanField( label=_('Warn me before logging me into other sites.'), required=False ) - #: Is the service asking the authentication renewal ? - renew = forms.BooleanField(widget=forms.HiddenInput(), required=False) - - def __init__(self, *args, **kwargs): - super(UserCredential, self).__init__(*args, **kwargs) def clean(self): """ @@ -138,7 +134,7 @@ class UserCredential(BootsrapForm): class FederateUserCredential(UserCredential): """ - Bases: :class:`UserCredential` + Bases: :class:`BaseLogin`, :class:`UserCredential` Form used on a auto submited page for linking the views :class:`FederateAuth` and @@ -156,21 +152,13 @@ class FederateUserCredential(UserCredential): This stub authentication form, allow to implement the federated mode with very few modificatons to the :class:`LoginView` view. """ - #: the user username with the ``@`` component - username = forms.CharField(widget=forms.HiddenInput()) - #: The service url for which the user want a ticket - service = forms.CharField(widget=forms.HiddenInput(), required=False) - #: The ``ticket`` used to authenticate the user against a provider - password = forms.CharField(widget=forms.HiddenInput()) - #: alias of :attr:`password` - ticket = forms.CharField(widget=forms.HiddenInput()) - #: A valid LoginTicket to prevent POST replay - lt = forms.CharField(widget=forms.HiddenInput(), required=False) - method = forms.CharField(widget=forms.HiddenInput(), required=False) - #: Has the user asked to be warn before emiting a ticket for another service - warn = forms.BooleanField(widget=forms.HiddenInput(), required=False) - #: Is the service asking the authentication renewal ? - renew = forms.BooleanField(widget=forms.HiddenInput(), required=False) + + def __init__(self, *args, **kwargs): + super(FederateUserCredential, self).__init__(*args, **kwargs) + # All fields are hidden and auto filled by the /login view logic + for name, field in self.fields.items(): + field.widget = forms.HiddenInput() + self[name].display = False def clean(self): """ diff --git a/cas_server/tests/test_federate.py b/cas_server/tests/test_federate.py index 324f0bc..1418b15 100644 --- a/cas_server/tests/test_federate.py +++ b/cas_server/tests/test_federate.py @@ -88,16 +88,10 @@ class FederateAuthLoginLogoutTestCase( response = client.post('/federate', params) # we are redirected to the provider CAS client url self.assertEqual(response.status_code, 302) - if remember: - self.assertEqual(response["Location"], '%s/federate/%s?remember=on' % ( - 'http://testserver' if django.VERSION < (1, 9) else "", - provider.suffix - )) - else: - self.assertEqual(response["Location"], '%s/federate/%s' % ( - 'http://testserver' if django.VERSION < (1, 9) else "", - provider.suffix - )) + self.assertEqual(response["Location"], '%s/federate/%s' % ( + 'http://testserver' if django.VERSION < (1, 9) else "", + provider.suffix + )) # let's follow the redirect response = client.get('/federate/%s' % provider.suffix) # we are redirected to the provider CAS for authentication diff --git a/cas_server/views.py b/cas_server/views.py index f1c2f75..54fec53 100644 --- a/cas_server/views.py +++ b/cas_server/views.py @@ -264,8 +264,10 @@ class FederateAuth(View): if form.is_valid(): params = utils.copy_params( request.POST, - ignore={"provider", "csrfmiddlewaretoken", "ticket"} + ignore={"provider", "csrfmiddlewaretoken", "ticket", "lt", "remember"} ) + if params.get("renew") == "False": + del params["renew"] url = utils.reverse_params( "cas_server:federateAuth", kwargs=dict(provider=form.cleaned_data["provider"].suffix), @@ -425,7 +427,8 @@ class LoginView(View, LogoutMixin): self.warn = request.POST.get('warn') if settings.CAS_FEDERATE: self.username = request.POST.get('username') - self.ticket = request.POST.get('ticket') + # in federated mode, the valdated indentity provider CAS ticket is used as password + self.ticket = request.POST.get('password') def gen_lt(self): """Generate a new LoginTicket and add it to the list of valid LT for the user"""