Merge pull request #401 from edx/feature/ichuang/cas-authentication

Provide CAS authentication integration
2013-09-06 07:36:28 -07:00
parent 1b4f9c662c 0847bc5e2b
commit b92d88fcbc
5 changed files with 58 additions and 2 deletions
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -17,7 +17,10 @@ from django.core.urlresolvers import reverse
 from django.core.validators import validate_email
 from django.core.exceptions import ValidationError

-from student.models import TestCenterUser, TestCenterRegistration
+if settings.MITX_FEATURES.get('AUTH_USE_CAS'):
+    from django_cas.views import login as django_cas_login
+
+from student.models import UserProfile, TestCenterUser, TestCenterRegistration

 from django.http import HttpResponse, HttpResponseRedirect, HttpRequest, HttpResponseForbidden
 from django.utils.http import urlquote
@@ -381,6 +384,32 @@ def ssl_login(request):
    )


+# -----------------------------------------------------------------------------
+# CAS (Central Authentication Service)
+# -----------------------------------------------------------------------------
+def cas_login(request, next_page=None, required=False):
+    """
+        Uses django_cas for authentication.
+        CAS is a common authentcation method pioneered by Yale.
+        See http://en.wikipedia.org/wiki/Central_Authentication_Service
+
+        Does normal CAS login then generates user_profile if nonexistent,
+        and if login was successful.  We assume that user details are
+        maintained by the central service, and thus an empty user profile
+        is appropriate.
+    """
+
+    ret = django_cas_login(request, next_page, required)
+
+    if request.user.is_authenticated():
+        user = request.user
+        if not UserProfile.objects.filter(user=user):
+            user_profile = UserProfile(name=user.username, user=user)
+            user_profile.save()
+
+    return ret
+
+
 # -----------------------------------------------------------------------------
 # Shibboleth (Stanford and others.  Uses *Apache* environment variables)
 # -----------------------------------------------------------------------------
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -409,6 +409,8 @@ def change_enrollment(request):

@ensure_csrf_cookie
 def accounts_login(request, error=""):
+    if settings.MITX_FEATURES.get('AUTH_USE_CAS'):
+        return redirect(reverse('cas-login'))
    return render_to_response('login.html', {'error': error})

 # Need different levels of logging
@@ -505,7 +507,11 @@ def logout_user(request):
    # We do not log here, because we have a handler registered
    # to perform logging on successful logouts.
    logout(request)
-    response = redirect('/')
+    if settings.MITX_FEATURES.get('AUTH_USE_CAS'):
+        target = reverse('cas-logout')
+    else:
+        target = '/'
+    response = redirect(target)
    response.delete_cookie(settings.EDXMKTG_COOKIE_NAME,
                           path='/',
                           domain=settings.SESSION_COOKIE_DOMAIN)