TigerTools/CASClient.py at main · TigerAppsOrg/TigerTools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/env python

#-----------------------------------------------------------------------
# CASClient.py
# Authors: Alex Halderman, Scott Karlin, Brian Kernighan, Bob Dondero
#-----------------------------------------------------------------------

from urllib.request import urlopen
from urllib.parse import quote
from re import sub, match
from flask import request, session, redirect, abort
from sys import stderr

#-----------------------------------------------------------------------

class CASClient:

    #-------------------------------------------------------------------

    # Initialize a new CASClient object so it uses the given CAS
    # server, or fed.princeton.edu if no server is given.

    def __init__(self, url='https://fed.princeton.edu/cas/'):
        self.cas_url = url

    #-------------------------------------------------------------------

    # Return the URL of the current request after stripping out the
    # "ticket" parameter added by the CAS server.

    def stripTicket(self):
        url = request.url
        if url is None:
            return "something is badly wrong"
        url = sub(r'ticket=[^&]*&?', '', url)
        url = sub(r'\?&?$|&$', '', url)
        return url

    #-------------------------------------------------------------------

    # Validate a login ticket by contacting the CAS server. If
    # valid, return the user's username; otherwise, return None.

    def validate(self, ticket):
        val_url = self.cas_url + "validate" + \
            '?service=' + quote(self.stripTicket()) + \
            '&ticket=' + quote(ticket)
        r = urlopen(val_url).readlines()   # returns 2 lines
        if len(r) != 2:
            return None
        firstLine = r[0].decode('utf-8')
        secondLine = r[1].decode('utf-8')
        if not firstLine.startswith('yes'):
            return None
        return secondLine

    #-------------------------------------------------------------------

    def redirectLanding(self):

        # If the user's username is in the session, then the user was
        # authenticated previously.  So return the user's username.
        if 'username' in session:
            return 0

        # If the request contains a login ticket, then try to
        # validate it.
        ticket = request.args.get('ticket')
        if ticket is not None:
            username = self.validate(ticket)
            if username is not None:
                # The user is authenticated, so store the user's
                # username in the session.
                session['username'] = username
                return 0

        # The request does not contain a valid login ticket
        return 1

    #-------------------------------------------------------------------

    # Authenticate the remote user, and return the user's username.
    # Do not return unless the user is successfully authenticated.

    def authenticate(self):

        # If the user's username is in the session, then the user was
        # authenticated previously.  So return the user's username.
        if 'username' in session:
            return session.get('username')

        # If the request contains a login ticket, then try to
        # validate it.
        ticket = request.args.get('ticket')
        if ticket is not None:
            username = self.validate(ticket)
            if username is not None:
                # The user is authenticated, so store the user's
                # username in the session.
                session['username'] = username
                return username

        # The request does not contain a valid login ticket, so
        # redirect the browser to the login page to get one.
        login_url = self.cas_url + 'login' \
            + '?service=' + quote(self.stripTicket())

        abort(redirect(login_url))

    #-------------------------------------------------------------------

    # Logout the user.

    def logout(self):

        # Delete the user's username from the session.
        session.pop('username')

        # Redirect the browser to the application's home page.
        logout_url = self.cas_url +  'logout?service=' + \
            quote(sub('logout', 'index', request.url))
        abort(redirect(logout_url))

#-----------------------------------------------------------------------

def main():
    print("CASClient does not run standalone")

if __name__ == '__main__':
    main()