Initial commit

LICENSE

@@ -0,0 +1,28 @@
+Copyright (c) 2009, Chris Williams
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+    * Neither the name of the author nor the names of other
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.rst

@@ -0,0 +1,42 @@
+===================
+django-cas-provider
+===================
+
+---------------------------------
+Chris Williams <chris@nitron.org>
+---------------------------------
+
+OVERVIEW
+=========
+
+django-cas-provider is a provider for the `Central Authentication 
+Service <http://jasig.org/cas>`_. It supports CAS version 1.0. It allows 
+remote services to authenticate users for the purposes of 
+`Single Sign-On (SSO) <http://en.wikipedia.org/wiki/Single_Sign_On>`_. For 
+example, a user logs into a CAS server (provided by django-cas-provider) and 
+can then access other services (such as email, calendar, etc) without 
+re-entering her password for each service. For more details, see the 
+`CAS wiki <http://www.ja-sig.org/wiki/display/CAS/Home>`_.
+
+INSTALLATION
+=============
+
+To install, run the following command from this directory:
+
+    	``python setup.py install``
+
+Or, put cas_provider somewhere on your Python path.
+
+USAGE
+======
+
+#. Add ``'cas_provider'`` to your ``INSTALLED_APPS`` tuple in *settings.py*.
+#. In *settings.py*, set ``LOGIN_URL`` to ``'/cas/login/'`` and ``LOGOUT_URL`` to ``'/cas/logout/'``
+#. In *urls.py*, put the following line: ``(r'^cas/', include('cas_provider.urls')),``
+#. Create login/logout templates (or modify the samples)
+
+LIMITATIONS
+===========
+
+#. ``'renew'`` and ``'gateway'`` are not yet implemented (See CAS 1.0 spec).
+#. 

cas_consumer/__init__.py

@@ -0,0 +1,18 @@
+from django.conf import settings
+
+__all__ = []
+
+_DEFAULTS = {
+    'CAS_SERVICE': 'http://127.0.0.1/cas/login/',
+    'CAS_BASE': 'http://127.0.0.2/cas/',
+    'CAS_NEXT_DEFAULT': '/',
+    'CAS_COMPLETELY_LOGOUT': True,
+}
+
+for key, value in _DEFAULTS.iteritems():
+    try:
+        getattr(settings, key)
+    except AttributeError:
+        setattr(settings, key, value)
+    except ImportError:
+        pass

cas_consumer/backends.py

@@ -0,0 +1,58 @@
+from urllib import urlencode, urlopen
+from urlparse import urljoin
+
+from django.conf import settings
+
+from django.contrib.auth.models import User
+
+__all__ = ['CASBackend']
+
+service = settings.CAS_SERVICE
+cas_base = settings.CAS_BASE
+cas_login = cas_base + 'login/'
+cas_validate = cas_base + 'validate/'
+cas_logout = cas_base + 'logout/'
+cas_next_default = settings.CAS_NEXT_DEFAULT
+cas_profile = settings.CAS_PROFILE
+cas_register = settings.CAS_REGISTER
+
+def _verify_cas1(ticket, service):
+    """Verifies CAS 1.0 authentication ticket.
+
+    Returns username on success and None on failure.
+    """
+    params = {'ticket': ticket, 'service': service}
+    url = cas_validate + '?' + urlencode(params)
+    page = urlopen(url)
+    try:
+        verified = page.readline().strip()
+        if verified == 'yes':
+            return page.readline().strip()
+        else:
+            return None
+    finally:
+        page.close()
+
+class CASBackend(object):
+    """CAS authentication backend"""
+
+    def authenticate(self, ticket, service):
+        """Verifies CAS ticket and gets or creates User object"""
+
+        username = _verify_cas1(ticket, service)
+        if not username:
+            return None
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            # user will have an "unusable" password
+            user = User.objects.create_user(username, '')
+            user.save()
+        return user
+
+    def get_user(self, user_id):
+        """Retrieve the user's entry in the User model if it exists"""
+        try:
+            return User.objects.get(pk=user_id)
+        except User.DoesNotExist:
+            return None

cas_consumer/forms.py

@@ -0,0 +1,3 @@
+from django import forms
+
+# place form definition here

cas_consumer/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.

cas_consumer/urls.py

@@ -0,0 +1,8 @@
+from django.conf.urls.defaults import *
+
+from views import *
+
+urlpatterns = patterns('',
+    (r'^login/', login),
+    (r'^logout/', logout),
+)

cas_consumer/views.py

@@ -0,0 +1,40 @@
+from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect
+from django.shortcuts import get_object_or_404, render_to_response, get_list_or_404
+from django.contrib.auth.decorators import login_required
+from django.core.urlresolvers import reverse
+from django.core.exceptions import SuspiciousOperation
+from django.template import RequestContext
+from django.contrib.auth.models import User
+from django.contrib.auth import authenticate
+from django.contrib.auth import login as auth_login, logout as auth_logout
+from django.conf import settings
+
+__all__ = ['login', 'profile', 'register', 'logout',]
+
+service = settings.CAS_SERVICE
+cas_base = settings.CAS_BASE
+cas_login = cas_base + 'login/'
+cas_validate = cas_base + 'validate/'
+cas_logout = cas_base + 'logout/'
+cas_next_default = settings.CAS_NEXT_DEFAULT
+
+def login(request):
+    ticket = request.GET.get('ticket', None)
+    next = request.GET.get('next_page', cas_next_default)
+    if ticket is None:
+        return HttpResponseRedirect('%s?service=%s' % (cas_login, service))
+    user = authenticate(service=service, ticket=ticket)
+    if user is not None:
+        auth_login(request, user)
+        name = user.first_name or user.username
+        message ="Login succeeded. Welcome, %s." % name
+        user.message_set.create(message=message)
+        return HttpResponseRedirect(cas_next_default)
+    else:
+        return HttpResponseForbidden("Error authenticating with CAS")
+
+def logout(request, next_page=None):
+    auth_logout(request)
+    if settings.CAS_COMPLETELY_LOGOUT:
+        return HttpResponseRedirect('%s?url=%s' % (cas_logout, 'http://127.0.0.1'))
+    return HttpResponseRedirect('/')

setup.py

@@ -0,0 +1,14 @@
+
+from setuptools import setup, find_packages
+
+setup(
+    name='django-cas-consumer',
+    version='0.1dev',
+    description='A "consumer" for the Central Authentication Service (http://jasig.org/cas)',
+    author='Chris Williams',
+    author_email='chris@nitron.org',
+    url='http://nitron.org/',
+    packages=find_packages(),
+    zip_safe=False,
+    install_requires=['setuptools'],
+)