Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

Related tags

Authenticationpythondjangocasssodjango-casdjangocas
Overview

django-cas-ng

https://travis-ci.org/django-cas-ng/django-cas-ng.svg?branch=master https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square

django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logout (SLO).

It supports Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+!

This project inherits from django-cas (which has not been updated since April 2013) at 2014. The ng stands for "next generation". Our fork will include bugfixes and new features contributed by the community.

Document

Checkout document at https://djangocas.dev/docs/latest/

Quick links:

Features

  • Supports CAS versions 1.0, 2.0 and 3.0
  • Support Single Logout (needs CAS server support)
  • Supports Token auth schemes
  • Can fetch Proxy Granting Ticket
  • Supports Django 2.0, 2.1, 2.2 and 3.0
  • Supports using a User custom model
  • Supports Python 3.5+
  • Supports typing hints in public API.

To support django 1.x and Python 2.x, please use 3.6.0.

Contributing

New contributors are always welcome! Check out Contribution to get involved.

Change Log

This project adheres to Semantic Versioning. Checkout all the Changelog.

Comments
  • Mysql utf8 database issue since 4.2.0

    Mysql utf8 database issue since 4.2.0

    Platform & Version Platform: Linux django-cas-ng: >= 4.2.0 Django: 3.2 Python: 3.8 CAS Server Software and version: 3

    Describe the bug The migration needed for django-cas-ng >= 4.2.0 fails on a utf8 mysql/mariadb database with error :

    1071, 'Specified key was too long; max key length is 3072 bytes'

    It works with a "smaller" collation, such as latin_sweedish_ci, but it is supposed to work on utf8 databases too, isn't it ?

    To Reproduce Steps to reproduce the behavior:

    1. use a utf8 mysql database
    2. update django-cas-ng >=4.2.0
    3. migrate
    4. see "1071, 'Specified key was too long; max key length is 3072 bytes'"

    Expected behavior migration succeeds on a utf8 database

    Screenshots

    Additional context mariadb server is debian stable

    Thanks

    bug help wanted wontfix 
    opened by pix106 19
  • SSL: CERTIFICATE_VERIFY_FAILED

    SSL: CERTIFICATE_VERIFY_FAILED

    I get a SSL: CERTIFICATE_VERIFY_FAILED error with the latest version when the CAS server uses a self-signed certificate. I didn't get this error with the previous version 3.5.5.

    I downgraded to 3.5.5 and it works for me, but I thought you might want to know...

    opened by michel-kraemer 12
  • Forbidden in 3.4

    Forbidden in 3.4

    I have a super simple django-cas-ng test project with nothing installed but Django 1.7 and django-cas-ng, with these settings:

    CAS_SERVER_URL = 'https://cas.oursite.edu/cas/login'
CAS_ADMIN_PREFIX = '/admin'
CAS_LOGOUT_COMPLETELY = True

    plus the login/logout URLs shown in the docs.

    With versions 3.1, 3.2 and 3.3, it works just fine. But when I upgrade to 3.4 or 3.4.1 I get:

    http://127.0.0.1:8000/accounts/login?next=%2F&ticket=ST-2138-43ZolaFcMAeLcZjAK-cas.oursite.edu

        Forbidden
    Login failed.

    (403 on the GET request as shown in runserver). Is there an additional setting or configuration I need to use when upgrading?

    opened by shacker 12
  • Add 3.5.10 -> 3.6.0 migration guide

    Add 3.5.10 -> 3.6.0 migration guide

    3.6.0 is a breaking change, and really should have been a major release. Let's add a short migration guide to the release notes. It should include both the change of imports (#189) and the need for the cas_ng_login name (#179).

    enhancement wontfix 
    opened by piotrb5e3 9
  • modified: django_cas_ng/views.py

    modified: django_cas_ng/views.py

    Hello, Thank you for this nice library. Here our tiny contribution. This worked as expected with our CAS 3.4 service.

    -Fix bug in _logout_url for correct redirection after logout

    -Alter the login fail, response with a customizable view

    opened by RaphRi 9
  • CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    Platform & Version Platform: Windows or Linux or Mac... django-cas-ng: 4.1.1 Django: 2.2.11 Python: 3.7.4 CAS Server Software and version: 4

    Describe the bug Hello,

    I use the following options :

    • CAS_FORCE_SSL_SERVICE_URL = True
    • CAS_IGNORE_REFERER=True
    • LOGOUT_REDIRECT_URL = '/'+BASE_URL_PATH+'........./'

    On the Logout page, I am not redirected in HTTPS.

    In the source code of django-cas-ng, the GET and POST methods of the LogoutView class do not call the get_service_url method which checks if CAS_FORCE_SSL_SERVICE_URL = True and initializes protocol = 'https'.

    Thank.

    bug wontfix 
    opened by jojo-80 8
  • Google style SSO login

    Google style SSO login

    Well, first thing I couldn't come up with better title for issue so apologies. Now, to the situation I have django-mama-cas as my cas server, and I am using django-cas-ng on three other applications. I have followed instruction for django-cas-ng as specified on your github page. A simple scenario, my apps are A, B, C when I successfully login into A then switch to tab and request login page for B I should be logged into B automatically(If I am not wrong this is what SSO is meant to do). How using django-cas-ng and django-mama-cas I can achieve this?

    opened by rajeshyogeshwar 8
  • Django 1.10 upgrade forced by upgrade

    Django 1.10 upgrade forced by upgrade

    I was on version 3.4.2 with Django v1.9.x, and ran:

    pip install --upgrade django-cas-ng==3.5.2

    and found my Django version was forced up to 1.10. I was able to downgrade it manually, but that probably should not have happened automatically, right?

    opened by shacker 7
  • AnonymousUser after login

    AnonymousUser after login

    In my template:

        {% if not user.is_authenticated %}
        Login button links to CAS server
     {% endif %}

    Under v 3.4.2 this works perfectly.

    After upgrading to 3.5.2, the login button still displays after successful login. If I render {{user}} in the template, the user is AnonymousUser after login (same if I print(request.user) in the view). If this user now clicks the Login button a second time, CAS recognizes them as pre-authenticated and logs them in immediately.

    It seems like the actual django login() call is no longer being invoked.

    Downgrading for now.

    opened by shacker 7
  • Migrations is missing

    Migrations is missing

    Hi, this lib breaks my test suit, it reports:

    django.db.utils.ProgrammingError: relation "auth_user" does not exist"

    If i run python manage.py makemigrations django_cas_ng && python manage.py migrate it works again.

    pip freeze:

    boto==2.38.0
click==6.0
Django==1.8.7
django-cas-ng==3.5.3
django-debug-toolbar==1.3.0
django-filter==0.11.0
django-mama-cas==1.2.0
django-mptt==0.7.4
django-nose==1.4.2
django-reversion==1.9.3
django-rosetta==0.7.6
django-storages-redux==1.3
django-suit==0.2.15
django-wysiwyg-redactor==0.4.9
djangorestframework==3.3.1
djangorestframework-gis==0.9.6
ecdsa==0.13
Fabric==1.10.0
geopy==1.11.0
gitdb==0.6.4
GitPython==1.0.1
Jinja2==2.8
MarkupSafe==0.23
microsofttranslator==0.5
nose==1.3.7
paramiko==1.16.0
pipdeptree==0.4.3
polib==1.0.7
psycopg2==2.6.1
pycrypto==2.6.1
python-cas==1.1.0
python-dotenv==0.1.3
requests==2.8.1
six==1.10.0
smmap==0.9.0
sqlparse==0.1.18
Unipath==1.0
wheel==0.24.0
    opened by mikaelengstrom 7
  • New Release

    New Release

    Hey Everyone, So I noticed that in commit: ddd0ee2 the model changed the name of session to session_key. I think this will break anyones install that had the tables built previous to this commit. I think that we should ship migrations with the upcoming release and provide documentation on how to run them. I think I have a little bit of time to try and put this together if people think it is worth the effort.

    If we do not want to provide migrations, I think the name should be changed back to session to avoid having to edit the database by hand.

    opened by bgroff 7
  • CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    Platform & Version Platform: Linux django-cas-ng: 4.3.0 Django: 4.1 Python: 3.10 CAS Server Software and version: 3.0

    Describe the bug My CAS returns several fields (like departmentNumber or eduPersonAffiliation) that I'd like to access within my view. I set the CAS_APPLY_ATTRIBUTES_TO_USER setting to True in settings.py, but accessing the request.user in my views does not provide me with these fields. Is it normal ?

    To Reproduce Within any view functions:

    def my_view(request):
    print(dir(request.user))

    No differences wether CAS_APPLY_ATTRIBUTES_TO_USER is set to True or False.

    Expected behavior

    That a dict of the attributes returned by my CAS would be accessible

    bug 
    opened by paulgoulain 0
  • django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    Platform & Version Platform: Mac m2 django-cas-ng: 4.3 Django: 4.1 Python: 3.10 CAS Server Software and version:

    Describe the bug

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    causes by:
    1 django_cas_ng migrate 2 Applying django_cas_ng.0002_auto_20201023_1400...Traceback (most recent call last): 3 ticket = models.CharField(max_length=1024)

    my plan: ticket = models.TextField(max_length=1024)

    bug 
    opened by xiaozhi-cn 3
Releases(v4.3.0)

  • v4.3.0(Jan 9, 2022)

    • PR #308: Improve redirect url when CAS_ROOT_PROXIED_AS is empty @mbaechtold
    • PR #307: Fix #306 the logout service url when using CAS_ROOT_PROXIED_AS @doomse
    • Add compatibility with Django 4.0. @mbaechtold
    • PR #305: Fix #304: warning on system check from Django 3.2 @corralien
    • PR #303: Remove unused travis [email protected]
    • PR #302: Add django 3.2 and py3.9/3.10 testing @nikolas
    • PR #298: Add CAS_SESSION_FACTORY setting to allow customizing requests Session @intgr
    • PR #296: Fix #281: session.session_key is None for signed_cookies sessions on first request @davidmgvaz
    • PR #295: Fix #294 DataError at /accounts/login/ value too long
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.3.0.tar.gz(17.88 KB)
    django_cas_ng-4.3.0-py2.py3-none-any.whl(26.27 KB)

  • v4.2.1(Jun 11, 2021)

  • v4.2.0(Jun 3, 2021)

    • PR #285: Fix #284: Change default of CAS_USERNAME_ATTRIBUTE to cas:user @b4ldr
    • PR #282: Bugfix: Let checking of the "next" URL parameter be configurable @sebastianmanger
    • PR #278: Add Django 3.1 to tox @nikolas
    • PR #277: Fix tox isort command @nikolas
    • PR #276: Don't use 'del' statement, to fix deepsource error @nikolas
    • PR #275: Fix deepsource error @nikolas
    • PR #274: Truncate session key if it's longer than possible @nikolas
    • PR #273: Remove Signal(providing_args=) argument, deprecated in Django 3.1 @intgr
    • PR #268: returned translations after merging a broken branch @jolob5l
    • PR #267: Add annotations for utils.py @jolob5l
    • PR #266: typing support @jolob5l
    • PR #265: Add russian and ukranian translations @jolob5l
    • PR #263: Fix typo in ProxyGrantingTicket.session_key max_length @nikolas
    • PR #262: Add the CAS_ADMIN_REDIRECT option to disable admin redirect @nikolas
    • PR #261: Increase session_key size to account for signed cookies - closes #260 @nikolas
    • PR #259: Change thrown exception to specific type @spielmannj
    • PR #258: Fix: v1 cas client create error @ibuler
    • PR #257: Fix: urljoin @LeoSirius
    Source code(tar.gz)
    Source code(zip)

  • v4.1.1(Feb 27, 2020)

  • v4.1.0(Feb 25, 2020)

  • v4.0.1(Jan 22, 2020)

  • v4.0.0(Jan 16, 2020)

    • Break change: Drop python 2.x support
    • Break change: Drop django 1.x support
    • PR-206: New behavior for CAS_USERNAME_ATTRIBUTE setting which will now fallback to setting the specified attribute for username when set with a value other than the default (uid) when using a CAS_VERSION that did not previously support this behavior (anything other than CAS_VERSION = 'CAS_2_SAML_1_0).
    • PR-195: Fix bug where session_key is empty after logging in.
    • PR-196: Add support for CAS response callbacks by setting CAS_RESPONSE_CALLBACKS (fix #109)
    • PR-131: Fix get_proxy_ticket method usage
    • PR-134: Allow relative CAS_SERVER_URL starts with '/' without protocol and hostname.
    • Fix #138 Patched README.rst example code.
    • PR-127: Update requirements.txt: django-cas to 1.2.0
    • PR-234: Run flake8 on the entire project
    • PR-233: Update Travis configuration and test matrix
    • PR-232: Remove test branches for Django.VERSION < 2
    • PR-231: Replace deprecated ugettext_lazy with gettext_lazy
    • PR-230: Document project as Python 3.5+ only
    • PR-229: Remove unnecessary workaround for unsupported Pythons
    • PR-222: Upgrade to support Django 3.0
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.0.0.tar.gz(27.49 KB)

  • v3.6.0(Nov 23, 2018)

    • Removed support for Django < 1.11.
    • PR-188: Introduce isort for automatic import ordering
    • PR-187: Remove unused workarounds for EOL Django < 1.10
    • PR-186: Simplify dependency handling in tox.ini
    • PR-184: Remove unnecessary distutils fallback from setup.py
    • PR-183: Use skip_install=true for lint or static tox targets
    • PR-182: Distribute package as a universal wheel
    • PR-181: Remove unused submodule python-cas
    • PR-180: Trim trailing white space throughout the project
    • PR-179: Class-based Login, Logout and Callback views, plus successful_login overridable method
    • PR-177: Fix #172 attributes that do not change being removed
    • PR-176: Fix #106: Adding CAS_VE RIFY_SSL_CERTIFICATE setting
    • PR-173: Include 'django_cas_ng.middleware.CASMiddleware' middleware in example settings of README
    • PR-171: Fix #170 in README: Fix broken links, add syntax highlighting and slight changes to the bad_attributes_reject example
    • Fix #164: Remove dead links in README
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.6.0.tar.gz(25.17 KB)
    django_cas_ng-3.6.0-py2.py3-none-any.whl(32.58 KB)

  • v3.5.10(Oct 9, 2018)

    • PR-149: Add CAS_PROXIED_AS config: Allow functioanlity behind a proxy server like mod_auth_cas for apache.
    • PR-150: Django 2.0 compatibility (user.is_authenticated).
    • PR-154: Catalan and Spanish translation
    • PR-156: Add support for CAS attributes renaming
    • PR-165: Fix CAS_ROOT_PROXIED_AS double slash
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.10.tar.gz(24.54 KB)

  • v3.5.9(Jan 2, 2018)

    • Add the optional setting CAS_CREATE_USER_WITH_ID. (PR #129)
    • Fix get_proxy_ticket method usage. (PR #131)
    • Add django 2.0 compability. (PR #143 #146)
    • Added bad_attributes_reject to check SAML key/value attributes. (PR #145)
    Source code(tar.gz)
    Source code(zip)

  • v3.5.8(Jun 30, 2017)

    • Upgrade django-cas to 1.2.0
    • Fix: Coerce boolean strings in attributes to actual boolean values
    • Update middleware for consistency with new-style django middleware
    • Add CAS_APPLY_ATTRIBUTES_TO_USER new settings option to apply attributes to User model.
    • Add support for applying attributes returned from ticket to User model
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.8.tar.gz(16.52 KB)

  • v3.5.7(Apr 2, 2017)

  • v3.5.6(Nov 6, 2016)

  • v3.5.5(Sep 28, 2016)

    • Login after the session is created, fix the need for double login (such as #83, might fix it but seems slightly different)
    • Fix #96 Login after the session is created, fix the need for double login
    • Fix #95 by delete django requirement from setup.py
    • Fix #91 - raise PermissionDenied rather than return HttpResponseForbidden
    • Add check_additional_permissions to the backend. This allows one to subclass the backend and add arbitrary user permissions checks when authenticating.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.5.tar.gz(14.73 KB)

  • v3.5.4(Apr 27, 2016)

    • Support for string view arguments to url() is deprecated and will be removed in Django 1.10.
    • Add migrations.
    • Add initial migrations file.
    • Add CAS_FORCE_CHANGE_USERNAME_CASE option to convert username case to lower or upper. This prevent duplicate account creation in some case.
    • Bugfix for loop redirect when CAS_ADMIN_PREFIX is set as root.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.4.tar.gz(14.52 KB)

  • v3.5.3(Nov 20, 2015)

  • v3.5.2(Nov 19, 2015)

  • v3.5.1(Nov 11, 2015)

  • v3.5.0(Nov 8, 2015)

    • Add support for Proxy Granting Ticket.
    • Add Single Logout support.
    • Add Python3 support.
    • Add Django 1.8 support.
    • Add support for custom user model.
    • Add CAS_USERNAME_ATTRIBUTE which allows picking an alternative variable to store the username in the cas attributes.
    • Add CAS_DISPLAY_LOGIN_MESSAGE setting to control whether show welcome message, default is true.
    • Fix redirecting with the "?next" parameter.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.0.tar.gz(13.11 KB)

  • v3.4.2(Jan 11, 2015)

  • v3.4.1(Nov 27, 2014)

  • v3.4.0(Nov 12, 2014)

  • v3.3.0(Nov 5, 2014)

  • v3.2.0(Oct 25, 2014)

  • v3.1.0(May 27, 2014)

  • v3.0.0(May 23, 2014)

Owner
django-cas-ng
Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Sign Out! 2014-2020
django-cas-ng
GitHub Repository https://djangocas.dev/
An open source Flask extension that provides JWT support (with batteries included)!

Flask-JWT-Extended Features Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting views, but also many help

Landon Gilbert-Bland 1.4k Jan 04, 2023
Django-react-firebase-auth - A web app showcasing OAuth2.0 + OpenID Connect using Firebase, Django-Rest-Framework and React

Demo app to show Django Rest Framework working with Firebase for authentication

Teshank Raut 6 Oct 13, 2022
A fully tested, abstract interface to creating OAuth clients and servers.

Note: This library implements OAuth 1.0 and not OAuth 2.0. Overview python-oauth2 is a python oauth library fully compatible with python versions: 2.6

Joe Stump 3k Jan 02, 2023
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 01, 2023
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
Todo app with authentication system.

todo list web app with authentication system. User can register, login, logout. User can login and create, delete, update task Home Page here you will

Anurag verma 3 Aug 18, 2022
JSON Web Token implementation in Python

PyJWT A Python implementation of RFC 7519. Original implementation was written by @progrium. Sponsor If you want to quickly add secure token-based aut

José Padilla 4.5k Jan 09, 2023
OAuth2 goodies for the Djangonauts!

Django OAuth Toolkit OAuth2 goodies for the Djangonauts! If you are facing one or more of the following: Your Django app exposes a web API you want to

Jazzband 2.7k Dec 31, 2022
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
Authentication with fastapi and jwt cd realistic

Authentication with fastapi and jwt cd realistic Dependencies bcrypt==3.1.7 data

Fredh Macau 1 Jan 04, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 02, 2023
Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

Skit 3 Jan 08, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
Get inside your stronghold and make all your Django views default login_required

Stronghold Get inside your stronghold and make all your Django views default login_required Stronghold is a very small and easy to use django app that

Mike Grouchy 384 Nov 23, 2022
A secure authentication module to validate user credentials in a Streamlit application.

Streamlit-Authenticator A secure authentication module to validate user credentials in a Streamlit application. Installation Streamlit-Authenticator i

M Khorasani 336 Dec 31, 2022
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

django-cas-ng django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logou

django-cas-ng 347 Dec 18, 2022
Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc.

Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc. just like the Python DBAPI provides an uniform API for database programming in Python.

Garoa Hacker Clube 12 May 22, 2022
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

Welcome to Corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allow

Santander Security Research 116 Nov 09, 2022