Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

django-mama-cas and python-social-auth #109

Open
jeromecc opened this issue Apr 18, 2021 · 2 comments
Open

django-mama-cas and python-social-auth #109

jeromecc opened this issue Apr 18, 2021 · 2 comments

Comments

@jeromecc
Copy link

Hi!

First of all, thank you for your amazing work. I installed django-mama-cas on my Django 2.2 project and it works perfectly well!

I am already using social-auth-app-django (which is a wrapper around python-social-auth) to allow users to login to Django through Twitter with the OAuth protocol.

Could you suggest some starting points so that I can add code wich would allow users to login by clicking on a social auth button instead of filling out the current username / password fields?
@manelclos
Copy link
Collaborator

Hi @jeromecc,

You can easily change the login template: https://django-mama-cas.readthedocs.io/en/latest/settings.html#django.conf.settings.MAMA_CAS_LOGIN_TEMPLATE

Another way is to make sure that when you reach the Mama CAS login page, the user in already authenticated:

Hope this helps. More specific questions welcomed.

@manelclos manelclos mentioned this issue Apr 19, 2021
Open
@jeromecc
Copy link
Author

jeromecc commented Apr 25, 2021
edited

Hi!

Thanks for your answer. I came up with a solution.

I indeed changed the login template to add a button that links to the social-auth-app-django Twitter oauth endpoint. I added a ?/next= query parameter to redirect to cas login endpoint after Twitter oauth.

<a href="{% url 'social:begin' 'twitter' %}?next={% url 'cas_login'|urlencode %}">

The problem is that the oauth protocol doesn't allow to pass other query parameters than "next" (I've seen circumvention hacks using other parameters to retrieve data from the oauth server's answer but they are not respecting the protocol, could mix up other things and are not guaranteed to work) but CAS still needs the 'service' parameter.

I use Django's sessions to store service (and also gateway and renew even though i'm not sure those are relevant here). When Twitter's oauth redirects the user's browser back to my CAS login endpoint, the modified mama_cas/views.py retrieve the service string stored in the session. Then it is cleared after the login process is completed (successful or not) so that the next attempt is not messed up.

Here are the changes I introduced to view.py:

master...DocTocToc:social-auth

There might be a more elegant and/or cleaner way to do this, but it works and I don't think it introduces any security hole to the CAS server.

I hope I got this right and that it can help others.

Thanks again for your answer and your contributions to django-mama-cas.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manelclos @jeromecc