diff --git a/requirements.txt b/requirements.txt
index 697fa83aa4..626e569c6e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,3 +18,4 @@ requests_oauthlib==0.8.0
django-simple-captcha==0.5.6
gunicorn==19.8.1
django-webpack-loader==0.6.0
+git+git://github.com/haiwen/python-cas.git@ffc49235fd7cc32c4fdda5acfa3707e1405881df#egg=python_cas
diff --git a/seahub/auth/views.py b/seahub/auth/views.py
index 2364366736..26ed920ea8 100644
--- a/seahub/auth/views.py
+++ b/seahub/auth/views.py
@@ -179,10 +179,11 @@ def login(request, template_name='registration/login.html',
else:
signup_url = ''
- enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False)
- enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False)
- enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False)
- enable_oauth = getattr(settings, 'ENABLE_OAUTH', False)
+ enable_sso = getattr(settings, 'ENABLE_SHIB_LOGIN', False) or \
+ getattr(settings, 'ENABLE_KRB5_LOGIN', False) or \
+ getattr(settings, 'ENABLE_ADFS_LOGIN', False) or \
+ getattr(settings, 'ENABLE_OAUTH', False) or \
+ getattr(settings, 'ENABLE_CAS', False)
login_bg_image_path = get_login_bg_image_path()
@@ -193,10 +194,7 @@ def login(request, template_name='registration/login.html',
'site_name': get_site_name(),
'remember_days': config.LOGIN_REMEMBER_DAYS,
'signup_url': signup_url,
- 'enable_shib_login': enable_shib_login,
- 'enable_krb5_login': enable_krb5_login,
- 'enable_adfs_login': enable_adfs_login,
- 'enable_oauth': enable_oauth,
+ 'enable_sso': enable_sso,
'login_bg_image_path': login_bg_image_path,
})
@@ -245,6 +243,10 @@ def logout(request, next_page=None,
shib_logout_url += shib_logout_return
return HttpResponseRedirect(shib_logout_url)
+ # Local logout for cas user.
+ if getattr(settings, 'ENABLE_CAS', False):
+ return HttpResponseRedirect(reverse('cas_ng_logout'))
+
if redirect_field_name in request.GET:
next_page = request.GET[redirect_field_name]
# Security check -- don't allow redirection to a different host.
diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py
index d9f56b08a9..1acf66da5e 100644
--- a/seahub/base/accounts.py
+++ b/seahub/base/accounts.py
@@ -334,6 +334,9 @@ class User(object):
UserTermsAndConditions.objects.filter(username=username).delete()
self.delete_user_options(username)
+ def get_username(self):
+ return self.username
+
def delete_user_options(self, username):
"""Remove user's all options.
"""
diff --git a/seahub/settings.py b/seahub/settings.py
index 8d35475f3c..04c4f14fb7 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -260,7 +260,6 @@ CONSTANCE_DATABASE_CACHE_BACKEND = 'default'
AUTHENTICATION_BACKENDS = (
'seahub.base.accounts.AuthBackend',
'seahub.oauth.backends.OauthRemoteUserBackend',
-
)
ENABLE_OAUTH = False
diff --git a/seahub/templates/registration/login.html b/seahub/templates/registration/login.html
index 826430e0f2..f76be5c628 100644
--- a/seahub/templates/registration/login.html
+++ b/seahub/templates/registration/login.html
@@ -62,20 +62,8 @@ html, body, #wrapper { height:100%; }
- {% if enable_oauth %}
- {% trans "Single Sign-On" %}
- {% endif %}
-
- {% if enable_adfs_login %}
- ADFS
- {% endif %}
-
- {% if enable_shib_login %}
- {% trans "Shibboleth" %}
- {% endif %}
-
- {% if enable_krb5_login %}
- {% trans "Kerberos" %}
+ {% if enable_sso %}
+ {% trans "Single Sign-On" %}
{% endif %}
@@ -149,31 +137,14 @@ $(function() {
});
});
-{% if enable_shib_login %}
+{% if enable_sso %}
$(function() {
- $('#shib-login').on('click', function() {
- window.location = "{% url 'shib_login' %}{% if next %}?next={{ next|escape }}{% endif %}" + encodeURIComponent(document.location.hash);
+ $('#sso').on('click', function() {
+ window.location = "{% url 'sso' %}{% if next %}?next={{ next|escape }}{% endif %}" + encodeURIComponent(document.location.hash);
return false;
});
});
{% endif %}
-{% if enable_krb5_login %}
-$(function() {
- $('#krb5-login').on('click', function() {
- window.location = "{% url 'krb5_login' %}{% if next %}?next={{ next|escape }}{% endif %}";
- return false;
- });
-});
-{% endif %}
-
-{% if enable_adfs_login %}
-$(function() {
- $('#adfs-login').on('click', function() {
- window.location = "{% url 'saml2_login' %}{% if next %}?next={{ next|escape }}{% endif %}";
- return false;
- });
-});
-{% endif %}
{% endblock %}
diff --git a/seahub/urls.py b/seahub/urls.py
index e6e79a96c9..d0ecb050e7 100644
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -109,9 +109,9 @@ from seahub.api2.endpoints.admin.group_owned_libraries import AdminGroupOwnedLib
urlpatterns = [
url(r'^accounts/', include('seahub.base.registration_urls')),
- url(r'^sso/$', sso),
- url(r'^shib-login/', shib_login, name="shib_login"),
+ url(r'^sso/$', sso, name='sso'),
+ url(r'^shib-login/', shib_login, name="shib_login"),
url(r'^oauth/', include('seahub.oauth.urls')),
url(r'^$', libraries, name='libraries'),
@@ -583,3 +583,13 @@ if getattr(settings, 'ENABLE_ONLYOFFICE', False):
urlpatterns += [
url(r'^onlyoffice/editor-callback/$', onlyoffice_editor_callback, name='onlyoffice_editor_callback'),
]
+
+if getattr(settings, 'ENABLE_CAS', False):
+ from seahub_extra.django_cas_ng.views import login as cas_login
+ from seahub_extra.django_cas_ng.views import logout as cas_logout
+ from seahub_extra.django_cas_ng.views import callback as cas_callback
+ urlpatterns += [
+ url(r'^accounts/cas-login/$', cas_login, name='cas_ng_login'),
+ url(r'^accounts/cas-logout/$', cas_logout, name='cas_ng_logout'),
+ url(r'^accounts/cas-callback/$', cas_callback, name='cas_ng_proxy_callback'),
+ ]
diff --git a/seahub/views/sso.py b/seahub/views/sso.py
index e019597f83..6919a09eef 100644
--- a/seahub/views/sso.py
+++ b/seahub/views/sso.py
@@ -2,7 +2,7 @@
from django.conf import settings
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect
-from django.utils.http import is_safe_url
+from django.utils.http import is_safe_url, urlquote
from seahub.auth import REDIRECT_FIELD_NAME
@@ -21,8 +21,16 @@ def sso(request):
if getattr(settings, 'ENABLE_KRB5_LOGIN', False):
return HttpResponseRedirect(next_page)
+ # send next page back to other views
+ next_param = '?%s=' % REDIRECT_FIELD_NAME + urlquote(next_page)
if getattr(settings, 'ENABLE_ADFS_LOGIN', False):
- return HttpResponseRedirect(reverse('saml2_login'))
+ return HttpResponseRedirect(reverse('saml2_login') + next_param)
+
+ if getattr(settings, 'ENABLE_OAUTH', False):
+ return HttpResponseRedirect(reverse('oauth_login') + next_param)
+
+ if getattr(settings, 'ENABLE_CAS', False):
+ return HttpResponseRedirect(reverse('cas_ng_login') + next_param)
if getattr(settings, 'ENABLE_OAUTH', False):
return HttpResponseRedirect(reverse('oauth_login'))
diff --git a/thirdpart/registration/auth_urls.py b/thirdpart/registration/auth_urls.py
index 8978675780..1f2a535477 100644
--- a/thirdpart/registration/auth_urls.py
+++ b/thirdpart/registration/auth_urls.py
@@ -60,21 +60,16 @@ if getattr(settings, 'ENABLE_LOGIN_SIMPLE_CHECK', False):
auth_views.login_simple_check),
]
-if getattr(settings, 'ENABLE_SSO', False):
- urlpatterns += [
- url(r'^login/$', 'django_cas.views.login'),
- url(r'^logout/$', 'django_cas.views.logout'),
- ]
-else:
- urlpatterns += [
- url(r'^login/$',
- auth_views.login,
- {'template_name': 'registration/login.html',
- 'redirect_if_logged_in': 'libraries'},
- name='auth_login'),
- url(r'^logout/$',
- auth_views.logout,
- {'template_name': 'registration/logout.html',
- 'next_page': settings.LOGOUT_REDIRECT_URL},
- name='auth_logout'),
- ]
+
+urlpatterns += [
+ url(r'^login/$',
+ auth_views.login,
+ {'template_name': 'registration/login.html',
+ 'redirect_if_logged_in': 'libraries'},
+ name='auth_login'),
+ url(r'^logout/$',
+ auth_views.logout,
+ {'template_name': 'registration/logout.html',
+ 'next_page': settings.LOGOUT_REDIRECT_URL},
+ name='auth_logout'),
+]