Skip to content
Permalink
b91415db10
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
98 lines (73 sloc) 3.08 KB
# ----------------------------------------------------------------------
# CASClient.py
# Authors: Alex Halderman, Scott Karlin, Brian Kernighan, Bob Dondero
# ----------------------------------------------------------------------
from urllib.request import urlopen
from urllib.parse import quote
from re import sub
from flask import request, session, redirect, abort
class CASClient:
# Initialize a new CASClient object so it uses the given CAS
# server, or fed.princeton.edu if no server is given.
def __init__(self, url='https://fed.princeton.edu/cas/'):
self.cas_url = url
# Return the URL of the current request after stripping out the
# "ticket" parameter added by the CAS server.
def stripTicket(self):
url = request.url
if url is None:
return 'something is badly wrong'
url = sub(r'ticket=[^&]*&?', '', url)
url = sub(r'\?&?$|&$', '', url)
return url
# Return True if user is logged in
def is_logged_in(self):
return 'username' in session
# Validate a login ticket by contacting the CAS server. If
# valid, return the user's username; otherwise, return None.
def validate(self, ticket):
val_url = self.cas_url + 'validate' + \
'?service=' + quote(self.stripTicket()) + \
'&ticket=' + quote(ticket)
r = urlopen(val_url).readlines() # returns 2 lines
if len(r) != 2:
return None
firstLine = r[0].decode('utf-8')
secondLine = r[1].decode('utf-8')
if not firstLine.startswith('yes'):
return None
return secondLine
# Authenticate the remote user, and return the user's username.
# Do not return unless the user is successfully authenticated.
def authenticate(self):
# If the user's username is in the session, then the user was
# authenticated previously. So return the user's username.
if 'username' in session:
return session.get('username')
# If the request contains a login ticket, then try to
# validate it.
ticket = request.args.get('ticket')
if ticket is not None:
username = self.validate(ticket)
if username is not None:
# The user is authenticated, so store the user's
# username in the session.
session['username'] = username
return username
# The request does not contain a valid login ticket, so
# redirect the browser to the login page to get one.
login_url = self.cas_url + 'login' \
+ '?service=' + quote(self.stripTicket())
abort(redirect(login_url))
# Logout the user.
def logout(self):
if 'username' in session:
# Delete the user's username from the session.
session.pop('username')
# Redirect the browser to the landing page.
abort(redirect('landing'))
# -----------------------------------------------------------------------
def main():
print('CASClient does not run standalone')
if __name__ == '__main__':
main()