idp_cas: does not revalidate the session key (#10688) #195
|
@ -22,7 +22,7 @@ from django.utils.translation import gettext_lazy as _
|
|||
|
||||
from authentic2.models import LogoutUrlAbstract
|
||||
from authentic2.models import Service as BaseService
|
||||
from authentic2.utils.misc import check_session_key
|
||||
from authentic2.utils.misc import get_user_from_session_key
|
||||
|
||||
from . import constants, managers, utils
|
||||
|
||||
|
@ -141,11 +141,12 @@ class Ticket(models.Model):
|
|||
|
||||
def session_exists(self):
|
||||
'''Verify if the session linked to this ticket is still active'''
|
||||
if self.session_key:
|
||||
return check_session_key(self.session_key)
|
||||
else:
|
||||
if not self.session_key:
|
||||
return True
|
||||
|
||||
user = get_user_from_session_key(self.session_key)
|
||||
return user == self.user
|
||||
|
||||
def expired(self):
|
||||
'''Check if the given ticket has expired'''
|
||||
if self.expire:
|
||||
|
|
|
@ -31,7 +31,6 @@ from authentic2.utils import hooks
|
|||
from authentic2.utils.misc import (
|
||||
attribute_values_to_identifier,
|
||||
find_authentication_event,
|
||||
get_user_from_session_key,
|
||||
login_require,
|
||||
make_url,
|
||||
normalize_attribute_values,
|
||||
|
@ -262,6 +261,8 @@ class ValidateBaseView(CasMixin, View):
|
|||
if not st.valid() or renew and not st.renew:
|
||||
return self.validation_failure(request, service, INVALID_TICKET_SPEC_ERROR)
|
||||
attributes = self.get_attributes(request, st)
|
||||
if attributes is None:
|
||||
return self.validation_failure(request, service, INVALID_TICKET_ERROR)
|
||||
if st.service.identifier_attribute not in attributes:
|
||||
self.logger.error(
|
||||
'unable to compute an identifier for user %r and service %s',
|
||||
|
@ -280,13 +281,10 @@ class ValidateBaseView(CasMixin, View):
|
|||
'''Retrieve attribute for users of the session linked to the ticket'''
|
||||
if not hasattr(st, 'attributes'):
|
||||
wanted_attributes = st.service.get_wanted_attributes()
|
||||
user = get_user_from_session_key(st.session_key)
|
||||
assert user.pk # not an annymous user
|
||||
assert st.user_id == user.pk # session user matches ticket user
|
||||
st.attributes = get_attributes(
|
||||
{
|
||||
'request': request,
|
||||
'user': user,
|
||||
'user': st.user,
|
||||
'service': st.service,
|
||||
'__wanted_attributes': wanted_attributes,
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue