Add cas login/logout

requirements.txt

@@ -18,3 +18,4 @@ requests_oauthlib==0.8.0
 django-simple-captcha==0.5.6
 gunicorn==19.8.1
 django-webpack-loader==0.6.0
+git+git://github.com/haiwen/python-cas.git@ffc49235fd7cc32c4fdda5acfa3707e1405881df#egg=python_cas

seahub/auth/views.py

@@ -179,10 +179,11 @@ def login(request, template_name='registration/login.html',
     else:
         signup_url = ''
 
-    enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False)
-    enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False)
-    enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False)
-    enable_oauth = getattr(settings, 'ENABLE_OAUTH', False)
+    enable_sso = getattr(settings, 'ENABLE_SHIB_LOGIN', False) or \
+                 getattr(settings, 'ENABLE_KRB5_LOGIN', False) or \
+                 getattr(settings, 'ENABLE_ADFS_LOGIN', False) or \
+                 getattr(settings, 'ENABLE_OAUTH', False) or \
+                 getattr(settings, 'ENABLE_CAS', False)
 
     login_bg_image_path = get_login_bg_image_path()
 
@@ -193,10 +194,7 @@ def login(request, template_name='registration/login.html',
         'site_name': get_site_name(),
         'remember_days': config.LOGIN_REMEMBER_DAYS,
         'signup_url': signup_url,
-        'enable_shib_login': enable_shib_login,
-        'enable_krb5_login': enable_krb5_login,
-        'enable_adfs_login': enable_adfs_login,
-        'enable_oauth': enable_oauth,
+        'enable_sso': enable_sso,
         'login_bg_image_path': login_bg_image_path,
     })
 
@@ -245,6 +243,10 @@ def logout(request, next_page=None,
             shib_logout_url += shib_logout_return
         return HttpResponseRedirect(shib_logout_url)
 
+    # Local logout for cas user.
+    if getattr(settings, 'ENABLE_CAS', False):
+        return HttpResponseRedirect(reverse('cas_ng_logout'))
+
     if redirect_field_name in request.GET:
         next_page = request.GET[redirect_field_name]
         # Security check -- don't allow redirection to a different host.

seahub/base/accounts.py

@@ -334,6 +334,9 @@ class User(object):
             UserTermsAndConditions.objects.filter(username=username).delete()
         self.delete_user_options(username)
 
+    def get_username(self):
+        return self.username
+
     def delete_user_options(self, username):
         """Remove user's all options.
         """

seahub/settings.py

@@ -260,7 +260,6 @@ CONSTANCE_DATABASE_CACHE_BACKEND = 'default'
 AUTHENTICATION_BACKENDS = (
     'seahub.base.accounts.AuthBackend',
     'seahub.oauth.backends.OauthRemoteUserBackend',
-
 )
 
 ENABLE_OAUTH = False

seahub/templates/registration/login.html

@@ -62,20 +62,8 @@ html, body, #wrapper { height:100%; }
         <button type="submit" class="submit">{% trans "Log In" %}</button>
     </form>
 
-    {% if enable_oauth %}
-    <a href="{% url 'oauth_login' %}" class="normal">{% trans "Single Sign-On" %}</a>
-    {% endif %}
-
-    {% if enable_adfs_login %}
-    <a id="adfs-login" href="#" class="normal">ADFS</a>
-    {% endif %}
-
-    {% if enable_shib_login %}
-    <a id="shib-login" href="#" class="normal">{% trans "Shibboleth" %}</a>
-    {% endif %}
-
-    {% if enable_krb5_login %}
-    <a id="krb5-login" href="#" class="normal">{% trans "Kerberos" %}</a>
+    {% if enable_sso %}
+    <a id="sso" href="#" class="normal">{% trans "Single Sign-On" %}</a>
     {% endif %}
 
     <div class="login-panel-bottom-container">
@@ -149,31 +137,14 @@ $(function() {
     });
 });
 
-{% if enable_shib_login %}
+{% if enable_sso %}
 $(function() {
-    $('#shib-login').on('click', function() {
-        window.location = "{% url 'shib_login' %}{% if next %}?next={{ next|escape }}{% endif %}" + encodeURIComponent(document.location.hash);
+    $('#sso').on('click', function() {
+        window.location = "{% url 'sso' %}{% if next %}?next={{ next|escape }}{% endif %}" + encodeURIComponent(document.location.hash);
         return false;
     });
 });
 {% endif %}
 
-{% if enable_krb5_login %}
-$(function() {
-    $('#krb5-login').on('click', function() {
-        window.location = "{% url 'krb5_login' %}{% if next %}?next={{ next|escape }}{% endif %}";
-        return false;
-    });
-});
-{% endif %}
-
-{% if enable_adfs_login %}
-$(function() {
-    $('#adfs-login').on('click', function() {
-        window.location = "{% url 'saml2_login' %}{% if next %}?next={{ next|escape }}{% endif %}";
-        return false;
-    });
-});
-{% endif %}
 </script>
 {% endblock %}

seahub/urls.py

@@ -109,9 +109,9 @@ from seahub.api2.endpoints.admin.group_owned_libraries import AdminGroupOwnedLib
 
 urlpatterns = [
     url(r'^accounts/', include('seahub.base.registration_urls')),
-    url(r'^sso/$', sso),
-    url(r'^shib-login/', shib_login, name="shib_login"),
 
+    url(r'^sso/$', sso, name='sso'),
+    url(r'^shib-login/', shib_login, name="shib_login"),
     url(r'^oauth/', include('seahub.oauth.urls')),
 
     url(r'^$', libraries, name='libraries'),
@@ -583,3 +583,13 @@ if getattr(settings, 'ENABLE_ONLYOFFICE', False):
     urlpatterns += [
         url(r'^onlyoffice/editor-callback/$', onlyoffice_editor_callback, name='onlyoffice_editor_callback'),
     ]
+
+if getattr(settings, 'ENABLE_CAS', False):
+    from seahub_extra.django_cas_ng.views import login as cas_login
+    from seahub_extra.django_cas_ng.views import logout as cas_logout
+    from seahub_extra.django_cas_ng.views import callback as cas_callback
+    urlpatterns += [
+        url(r'^accounts/cas-login/$', cas_login, name='cas_ng_login'),
+        url(r'^accounts/cas-logout/$', cas_logout, name='cas_ng_logout'),
+        url(r'^accounts/cas-callback/$', cas_callback, name='cas_ng_proxy_callback'),
+    ]

seahub/views/sso.py

@@ -2,7 +2,7 @@
 from django.conf import settings
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect
-from django.utils.http import is_safe_url
+from django.utils.http import is_safe_url, urlquote
 
 from seahub.auth import REDIRECT_FIELD_NAME
 
@@ -21,8 +21,16 @@ def sso(request):
     if getattr(settings, 'ENABLE_KRB5_LOGIN', False):
         return HttpResponseRedirect(next_page)
 
+    # send next page back to other views
+    next_param = '?%s=' % REDIRECT_FIELD_NAME + urlquote(next_page)
     if getattr(settings, 'ENABLE_ADFS_LOGIN', False):
-        return HttpResponseRedirect(reverse('saml2_login'))
+        return HttpResponseRedirect(reverse('saml2_login') + next_param)
+
+    if getattr(settings, 'ENABLE_OAUTH', False):
+        return HttpResponseRedirect(reverse('oauth_login') + next_param)
+
+    if getattr(settings, 'ENABLE_CAS', False):
+        return HttpResponseRedirect(reverse('cas_ng_login') + next_param)
 
     if getattr(settings, 'ENABLE_OAUTH', False):
         return HttpResponseRedirect(reverse('oauth_login'))

thirdpart/registration/auth_urls.py

@@ -60,21 +60,16 @@ if getattr(settings, 'ENABLE_LOGIN_SIMPLE_CHECK', False):
             auth_views.login_simple_check),
     ]
 
-if getattr(settings, 'ENABLE_SSO', False):
-    urlpatterns += [
-        url(r'^login/$', 'django_cas.views.login'),
-        url(r'^logout/$', 'django_cas.views.logout'),
-    ]
-else:
-    urlpatterns += [
-        url(r'^login/$',
-            auth_views.login,
-            {'template_name': 'registration/login.html',
-             'redirect_if_logged_in': 'libraries'},
-            name='auth_login'),
-        url(r'^logout/$',
-            auth_views.logout,
-            {'template_name': 'registration/logout.html',
-             'next_page': settings.LOGOUT_REDIRECT_URL},
-            name='auth_logout'),
-    ]
+
+urlpatterns += [
+    url(r'^login/$',
+        auth_views.login,
+        {'template_name': 'registration/login.html',
+         'redirect_if_logged_in': 'libraries'},
+        name='auth_login'),
+    url(r'^logout/$',
+        auth_views.logout,
+        {'template_name': 'registration/logout.html',
+         'next_page': settings.LOGOUT_REDIRECT_URL},
+        name='auth_logout'),
+]