-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.py
100 lines (73 loc) · 3.08 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/env python
# -----------------------------------------------------------------------
# auth.py
# Author: Bob Dondero
# -----------------------------------------------------------------------
from urllib.request import urlopen
from urllib.parse import quote
from re import sub
from flask import request, redirect
from flask import session, abort
# -----------------------------------------------------------------------
# Authors: Modified by Jeremy Dapaah
# -----------------------------------------------------------------------
_CAS_URL = 'https://cast.cs.princeton.edu/cas/'
# -----------------------------------------------------------------------
# Return url after stripping out the "ticket" parameter that was
# added by the CAS server.
def strip_ticket(url):
if url is None:
return "something is badly wrong"
url = sub(r'ticket=[^&]*&?', '', url)
url = sub(r'\?&?$|&$', '', url)
return url
# -----------------------------------------------------------------------
# Validate a login ticket by contacting the CAS server. If
# valid, return the user's username; otherwise, return None.
def validate(ticket):
val_url = (_CAS_URL + "validate"
+ '?service=' + quote(strip_ticket(request.url))
+ '&ticket=' + quote(ticket))
with urlopen(val_url) as flo:
lines = flo.readlines() # Should return 2 lines.
if len(lines) != 2:
return None
first_line = lines[0].decode('utf-8')
second_line = lines[1].decode('utf-8').strip()
if not first_line.startswith('yes'):
return None
return second_line
# -----------------------------------------------------------------------
# Authenticate the remote user, and return the user's username.
# Do not return unless the user is successfully authenticated.
def authenticate():
# If the username is in the session, then the user was
# authenticated previously. So return the username.
if 'username' in session:
return session.get('username')
# If the request does not contain a login ticket, then redirect
# the browser to the login page to get one.
ticket = request.args.get('ticket')
if ticket is None:
login_url = (_CAS_URL + 'login?service=' + quote(request.url))
abort(redirect(login_url))
# If the login ticket is invalid, then redirect the browser
# to the login page to get a new one.
username = validate(ticket)
if username is None:
login_url = (_CAS_URL + 'login?service='
+ quote(strip_ticket(request.url)))
abort(redirect(login_url))
# The user is authenticated, so store the username in
# the session.
session['username'] = username
return username
# -----------------------------------------------------------------------
def logout():
authenticate()
# Delete the user's username from the session.
session.pop('username')
# Logout, and redirect the browser to the index page.
logout_url = (_CAS_URL + 'logout?service='
+ quote(sub('logout', 'index', request.url)))
abort(redirect(logout_url))