Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Valentin Samir
django-cas-server
Commits
603b4a80
Commit
603b4a80
authored
Jun 03, 2015
by
Valentin Samir
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Protect the auth view with a shared secret
parent
cb84936b
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
7 additions
and
1 deletion
+7
-1
cas_server/default_settings.py
cas_server/default_settings.py
+2
-0
cas_server/views.py
cas_server/views.py
+5
-1
No files found.
cas_server/default_settings.py
View file @
603b4a80
...
...
@@ -27,6 +27,8 @@ setting_default('CAS_TICKET_TIMEOUT', 24*3600)
setting_default
(
'CAS_PROXY_CA_CERTIFICATE_PATH'
,
True
)
setting_default
(
'CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT'
,
False
)
setting_default
(
'CAS_AUTH_SHARED_SECRET'
,
''
)
setting_default
(
'CAS_SERVICE_TICKET_PREFIX'
,
'ST'
)
setting_default
(
'CAS_PROXY_TICKET_PREFIX'
,
'PT'
)
setting_default
(
'CAS_PROXY_GRANTING_TICKET_PREFIX'
,
'PGT'
)
...
...
cas_server/views.py
View file @
603b4a80
...
...
@@ -294,9 +294,13 @@ class Auth(View):
username
=
request
.
POST
.
get
(
'username'
)
password
=
request
.
POST
.
get
(
'password'
)
service
=
request
.
POST
.
get
(
'service'
)
secret
=
request
.
POST
.
get
(
'secret'
)
if
not
settings
.
CAS_AUTH_SHARED_SECRET
:
return
HttpResponse
(
"no
\n
please set CAS_AUTH_SHARED_SECRET"
,
content_type
=
"text/plain"
)
if
secret
!=
settings
.
CAS_AUTH_SHARED_SECRET
:
return
HttpResponse
(
"no
\n
"
,
content_type
=
"text/plain"
)
if
not
username
or
not
password
or
not
service
:
print
"not username or service or password"
return
HttpResponse
(
"no
\n
"
,
content_type
=
"text/plain"
)
form
=
forms
.
UserCredential
(
request
.
POST
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment