Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

Related tags

Authenticationpythondjangocasssodjango-casdjangocas
Overview

django-cas-ng

https://travis-ci.org/django-cas-ng/django-cas-ng.svg?branch=master https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square

django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logout (SLO).

It supports Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+!

This project inherits from django-cas (which has not been updated since April 2013) at 2014. The ng stands for "next generation". Our fork will include bugfixes and new features contributed by the community.

Document

Checkout document at https://djangocas.dev/docs/latest/

Quick links:

Features

  • Supports CAS versions 1.0, 2.0 and 3.0
  • Support Single Logout (needs CAS server support)
  • Supports Token auth schemes
  • Can fetch Proxy Granting Ticket
  • Supports Django 2.0, 2.1, 2.2 and 3.0
  • Supports using a User custom model
  • Supports Python 3.5+
  • Supports typing hints in public API.

To support django 1.x and Python 2.x, please use 3.6.0.

Contributing

New contributors are always welcome! Check out Contribution to get involved.

Change Log

This project adheres to Semantic Versioning. Checkout all the Changelog.

Comments
  • Mysql utf8 database issue since 4.2.0

    Mysql utf8 database issue since 4.2.0

    Platform & Version Platform: Linux django-cas-ng: >= 4.2.0 Django: 3.2 Python: 3.8 CAS Server Software and version: 3

    Describe the bug The migration needed for django-cas-ng >= 4.2.0 fails on a utf8 mysql/mariadb database with error :

    1071, 'Specified key was too long; max key length is 3072 bytes'

    It works with a "smaller" collation, such as latin_sweedish_ci, but it is supposed to work on utf8 databases too, isn't it ?

    To Reproduce Steps to reproduce the behavior:

    1. use a utf8 mysql database
    2. update django-cas-ng >=4.2.0
    3. migrate
    4. see "1071, 'Specified key was too long; max key length is 3072 bytes'"

    Expected behavior migration succeeds on a utf8 database

    Screenshots

    Additional context mariadb server is debian stable

    Thanks

    bug help wanted wontfix 
    opened by pix106 19
  • SSL: CERTIFICATE_VERIFY_FAILED

    SSL: CERTIFICATE_VERIFY_FAILED

    I get a SSL: CERTIFICATE_VERIFY_FAILED error with the latest version when the CAS server uses a self-signed certificate. I didn't get this error with the previous version 3.5.5.

    I downgraded to 3.5.5 and it works for me, but I thought you might want to know...

    opened by michel-kraemer 12
  • Forbidden in 3.4

    Forbidden in 3.4

    I have a super simple django-cas-ng test project with nothing installed but Django 1.7 and django-cas-ng, with these settings:

    CAS_SERVER_URL = 'https://cas.oursite.edu/cas/login'
CAS_ADMIN_PREFIX = '/admin'
CAS_LOGOUT_COMPLETELY = True

    plus the login/logout URLs shown in the docs.

    With versions 3.1, 3.2 and 3.3, it works just fine. But when I upgrade to 3.4 or 3.4.1 I get:

    http://127.0.0.1:8000/accounts/login?next=%2F&ticket=ST-2138-43ZolaFcMAeLcZjAK-cas.oursite.edu

        Forbidden
    Login failed.

    (403 on the GET request as shown in runserver). Is there an additional setting or configuration I need to use when upgrading?

    opened by shacker 12
  • Add 3.5.10 -> 3.6.0 migration guide

    Add 3.5.10 -> 3.6.0 migration guide

    3.6.0 is a breaking change, and really should have been a major release. Let's add a short migration guide to the release notes. It should include both the change of imports (#189) and the need for the cas_ng_login name (#179).

    enhancement wontfix 
    opened by piotrb5e3 9
  • modified: django_cas_ng/views.py

    modified: django_cas_ng/views.py

    Hello, Thank you for this nice library. Here our tiny contribution. This worked as expected with our CAS 3.4 service.

    -Fix bug in _logout_url for correct redirection after logout

    -Alter the login fail, response with a customizable view

    opened by RaphRi 9
  • CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    Platform & Version Platform: Windows or Linux or Mac... django-cas-ng: 4.1.1 Django: 2.2.11 Python: 3.7.4 CAS Server Software and version: 4

    Describe the bug Hello,

    I use the following options :

    • CAS_FORCE_SSL_SERVICE_URL = True
    • CAS_IGNORE_REFERER=True
    • LOGOUT_REDIRECT_URL = '/'+BASE_URL_PATH+'........./'

    On the Logout page, I am not redirected in HTTPS.

    In the source code of django-cas-ng, the GET and POST methods of the LogoutView class do not call the get_service_url method which checks if CAS_FORCE_SSL_SERVICE_URL = True and initializes protocol = 'https'.

    Thank.

    bug wontfix 
    opened by jojo-80 8
  • Google style SSO login

    Google style SSO login

    Well, first thing I couldn't come up with better title for issue so apologies. Now, to the situation I have django-mama-cas as my cas server, and I am using django-cas-ng on three other applications. I have followed instruction for django-cas-ng as specified on your github page. A simple scenario, my apps are A, B, C when I successfully login into A then switch to tab and request login page for B I should be logged into B automatically(If I am not wrong this is what SSO is meant to do). How using django-cas-ng and django-mama-cas I can achieve this?

    opened by rajeshyogeshwar 8
  • Django 1.10 upgrade forced by upgrade

    Django 1.10 upgrade forced by upgrade

    I was on version 3.4.2 with Django v1.9.x, and ran:

    pip install --upgrade django-cas-ng==3.5.2

    and found my Django version was forced up to 1.10. I was able to downgrade it manually, but that probably should not have happened automatically, right?

    opened by shacker 7
  • AnonymousUser after login

    AnonymousUser after login

    In my template:

        {% if not user.is_authenticated %}
        Login button links to CAS server
     {% endif %}

    Under v 3.4.2 this works perfectly.

    After upgrading to 3.5.2, the login button still displays after successful login. If I render {{user}} in the template, the user is AnonymousUser after login (same if I print(request.user) in the view). If this user now clicks the Login button a second time, CAS recognizes them as pre-authenticated and logs them in immediately.

    It seems like the actual django login() call is no longer being invoked.

    Downgrading for now.

    opened by shacker 7
  • Migrations is missing

    Migrations is missing

    Hi, this lib breaks my test suit, it reports:

    django.db.utils.ProgrammingError: relation "auth_user" does not exist"

    If i run python manage.py makemigrations django_cas_ng && python manage.py migrate it works again.

    pip freeze:

    boto==2.38.0
click==6.0
Django==1.8.7
django-cas-ng==3.5.3
django-debug-toolbar==1.3.0
django-filter==0.11.0
django-mama-cas==1.2.0
django-mptt==0.7.4
django-nose==1.4.2
django-reversion==1.9.3
django-rosetta==0.7.6
django-storages-redux==1.3
django-suit==0.2.15
django-wysiwyg-redactor==0.4.9
djangorestframework==3.3.1
djangorestframework-gis==0.9.6
ecdsa==0.13
Fabric==1.10.0
geopy==1.11.0
gitdb==0.6.4
GitPython==1.0.1
Jinja2==2.8
MarkupSafe==0.23
microsofttranslator==0.5
nose==1.3.7
paramiko==1.16.0
pipdeptree==0.4.3
polib==1.0.7
psycopg2==2.6.1
pycrypto==2.6.1
python-cas==1.1.0
python-dotenv==0.1.3
requests==2.8.1
six==1.10.0
smmap==0.9.0
sqlparse==0.1.18
Unipath==1.0
wheel==0.24.0
    opened by mikaelengstrom 7
  • New Release

    New Release

    Hey Everyone, So I noticed that in commit: ddd0ee2 the model changed the name of session to session_key. I think this will break anyones install that had the tables built previous to this commit. I think that we should ship migrations with the upcoming release and provide documentation on how to run them. I think I have a little bit of time to try and put this together if people think it is worth the effort.

    If we do not want to provide migrations, I think the name should be changed back to session to avoid having to edit the database by hand.

    opened by bgroff 7
  • CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    Platform & Version Platform: Linux django-cas-ng: 4.3.0 Django: 4.1 Python: 3.10 CAS Server Software and version: 3.0

    Describe the bug My CAS returns several fields (like departmentNumber or eduPersonAffiliation) that I'd like to access within my view. I set the CAS_APPLY_ATTRIBUTES_TO_USER setting to True in settings.py, but accessing the request.user in my views does not provide me with these fields. Is it normal ?

    To Reproduce Within any view functions:

    def my_view(request):
    print(dir(request.user))

    No differences wether CAS_APPLY_ATTRIBUTES_TO_USER is set to True or False.

    Expected behavior

    That a dict of the attributes returned by my CAS would be accessible

    bug 
    opened by paulgoulain 0
  • django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    Platform & Version Platform: Mac m2 django-cas-ng: 4.3 Django: 4.1 Python: 3.10 CAS Server Software and version:

    Describe the bug

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    causes by:
    1 django_cas_ng migrate 2 Applying django_cas_ng.0002_auto_20201023_1400...Traceback (most recent call last): 3 ticket = models.CharField(max_length=1024)

    my plan: ticket = models.TextField(max_length=1024)

    bug 
    opened by xiaozhi-cn 3
Releases(v4.3.0)

  • v4.3.0(Jan 9, 2022)

    • PR #308: Improve redirect url when CAS_ROOT_PROXIED_AS is empty @mbaechtold
    • PR #307: Fix #306 the logout service url when using CAS_ROOT_PROXIED_AS @doomse
    • Add compatibility with Django 4.0. @mbaechtold
    • PR #305: Fix #304: warning on system check from Django 3.2 @corralien
    • PR #303: Remove unused travis [email protected]
    • PR #302: Add django 3.2 and py3.9/3.10 testing @nikolas
    • PR #298: Add CAS_SESSION_FACTORY setting to allow customizing requests Session @intgr
    • PR #296: Fix #281: session.session_key is None for signed_cookies sessions on first request @davidmgvaz
    • PR #295: Fix #294 DataError at /accounts/login/ value too long
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.3.0.tar.gz(17.88 KB)
    django_cas_ng-4.3.0-py2.py3-none-any.whl(26.27 KB)

  • v4.2.1(Jun 11, 2021)

  • v4.2.0(Jun 3, 2021)

    • PR #285: Fix #284: Change default of CAS_USERNAME_ATTRIBUTE to cas:user @b4ldr
    • PR #282: Bugfix: Let checking of the "next" URL parameter be configurable @sebastianmanger
    • PR #278: Add Django 3.1 to tox @nikolas
    • PR #277: Fix tox isort command @nikolas
    • PR #276: Don't use 'del' statement, to fix deepsource error @nikolas
    • PR #275: Fix deepsource error @nikolas
    • PR #274: Truncate session key if it's longer than possible @nikolas
    • PR #273: Remove Signal(providing_args=) argument, deprecated in Django 3.1 @intgr
    • PR #268: returned translations after merging a broken branch @jolob5l
    • PR #267: Add annotations for utils.py @jolob5l
    • PR #266: typing support @jolob5l
    • PR #265: Add russian and ukranian translations @jolob5l
    • PR #263: Fix typo in ProxyGrantingTicket.session_key max_length @nikolas
    • PR #262: Add the CAS_ADMIN_REDIRECT option to disable admin redirect @nikolas
    • PR #261: Increase session_key size to account for signed cookies - closes #260 @nikolas
    • PR #259: Change thrown exception to specific type @spielmannj
    • PR #258: Fix: v1 cas client create error @ibuler
    • PR #257: Fix: urljoin @LeoSirius
    Source code(tar.gz)
    Source code(zip)

  • v4.1.1(Feb 27, 2020)

  • v4.1.0(Feb 25, 2020)

  • v4.0.1(Jan 22, 2020)

  • v4.0.0(Jan 16, 2020)

    • Break change: Drop python 2.x support
    • Break change: Drop django 1.x support
    • PR-206: New behavior for CAS_USERNAME_ATTRIBUTE setting which will now fallback to setting the specified attribute for username when set with a value other than the default (uid) when using a CAS_VERSION that did not previously support this behavior (anything other than CAS_VERSION = 'CAS_2_SAML_1_0).
    • PR-195: Fix bug where session_key is empty after logging in.
    • PR-196: Add support for CAS response callbacks by setting CAS_RESPONSE_CALLBACKS (fix #109)
    • PR-131: Fix get_proxy_ticket method usage
    • PR-134: Allow relative CAS_SERVER_URL starts with '/' without protocol and hostname.
    • Fix #138 Patched README.rst example code.
    • PR-127: Update requirements.txt: django-cas to 1.2.0
    • PR-234: Run flake8 on the entire project
    • PR-233: Update Travis configuration and test matrix
    • PR-232: Remove test branches for Django.VERSION < 2
    • PR-231: Replace deprecated ugettext_lazy with gettext_lazy
    • PR-230: Document project as Python 3.5+ only
    • PR-229: Remove unnecessary workaround for unsupported Pythons
    • PR-222: Upgrade to support Django 3.0
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.0.0.tar.gz(27.49 KB)

  • v3.6.0(Nov 23, 2018)

    • Removed support for Django < 1.11.
    • PR-188: Introduce isort for automatic import ordering
    • PR-187: Remove unused workarounds for EOL Django < 1.10
    • PR-186: Simplify dependency handling in tox.ini
    • PR-184: Remove unnecessary distutils fallback from setup.py
    • PR-183: Use skip_install=true for lint or static tox targets
    • PR-182: Distribute package as a universal wheel
    • PR-181: Remove unused submodule python-cas
    • PR-180: Trim trailing white space throughout the project
    • PR-179: Class-based Login, Logout and Callback views, plus successful_login overridable method
    • PR-177: Fix #172 attributes that do not change being removed
    • PR-176: Fix #106: Adding CAS_VE RIFY_SSL_CERTIFICATE setting
    • PR-173: Include 'django_cas_ng.middleware.CASMiddleware' middleware in example settings of README
    • PR-171: Fix #170 in README: Fix broken links, add syntax highlighting and slight changes to the bad_attributes_reject example
    • Fix #164: Remove dead links in README
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.6.0.tar.gz(25.17 KB)
    django_cas_ng-3.6.0-py2.py3-none-any.whl(32.58 KB)

  • v3.5.10(Oct 9, 2018)

    • PR-149: Add CAS_PROXIED_AS config: Allow functioanlity behind a proxy server like mod_auth_cas for apache.
    • PR-150: Django 2.0 compatibility (user.is_authenticated).
    • PR-154: Catalan and Spanish translation
    • PR-156: Add support for CAS attributes renaming
    • PR-165: Fix CAS_ROOT_PROXIED_AS double slash
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.10.tar.gz(24.54 KB)

  • v3.5.9(Jan 2, 2018)

    • Add the optional setting CAS_CREATE_USER_WITH_ID. (PR #129)
    • Fix get_proxy_ticket method usage. (PR #131)
    • Add django 2.0 compability. (PR #143 #146)
    • Added bad_attributes_reject to check SAML key/value attributes. (PR #145)
    Source code(tar.gz)
    Source code(zip)

  • v3.5.8(Jun 30, 2017)

    • Upgrade django-cas to 1.2.0
    • Fix: Coerce boolean strings in attributes to actual boolean values
    • Update middleware for consistency with new-style django middleware
    • Add CAS_APPLY_ATTRIBUTES_TO_USER new settings option to apply attributes to User model.
    • Add support for applying attributes returned from ticket to User model
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.8.tar.gz(16.52 KB)

  • v3.5.7(Apr 2, 2017)

  • v3.5.6(Nov 6, 2016)

  • v3.5.5(Sep 28, 2016)

    • Login after the session is created, fix the need for double login (such as #83, might fix it but seems slightly different)
    • Fix #96 Login after the session is created, fix the need for double login
    • Fix #95 by delete django requirement from setup.py
    • Fix #91 - raise PermissionDenied rather than return HttpResponseForbidden
    • Add check_additional_permissions to the backend. This allows one to subclass the backend and add arbitrary user permissions checks when authenticating.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.5.tar.gz(14.73 KB)

  • v3.5.4(Apr 27, 2016)

    • Support for string view arguments to url() is deprecated and will be removed in Django 1.10.
    • Add migrations.
    • Add initial migrations file.
    • Add CAS_FORCE_CHANGE_USERNAME_CASE option to convert username case to lower or upper. This prevent duplicate account creation in some case.
    • Bugfix for loop redirect when CAS_ADMIN_PREFIX is set as root.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.4.tar.gz(14.52 KB)

  • v3.5.3(Nov 20, 2015)

  • v3.5.2(Nov 19, 2015)

  • v3.5.1(Nov 11, 2015)

  • v3.5.0(Nov 8, 2015)

    • Add support for Proxy Granting Ticket.
    • Add Single Logout support.
    • Add Python3 support.
    • Add Django 1.8 support.
    • Add support for custom user model.
    • Add CAS_USERNAME_ATTRIBUTE which allows picking an alternative variable to store the username in the cas attributes.
    • Add CAS_DISPLAY_LOGIN_MESSAGE setting to control whether show welcome message, default is true.
    • Fix redirecting with the "?next" parameter.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.0.tar.gz(13.11 KB)

  • v3.4.2(Jan 11, 2015)

  • v3.4.1(Nov 27, 2014)

  • v3.4.0(Nov 12, 2014)

  • v3.3.0(Nov 5, 2014)

  • v3.2.0(Oct 25, 2014)

  • v3.1.0(May 27, 2014)

  • v3.0.0(May 23, 2014)

Owner
django-cas-ng
Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Sign Out! 2014-2020
django-cas-ng
GitHub Repository https://djangocas.dev/
Django Authetication with Twitch.

Django Twitch Auth Dependencies Install requests if not installed pip install requests Installation Install using pip pip install django_twitch_auth A

Leandro Lopes Bueno 1 Jan 02, 2022
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

1k Dec 28, 2022
Use this to create (admin) personal access token in gitlab database. Mainly used for automation.

gitlab-personal-access-token Ensure PAT is present in gitlab database. This tool is mainly used when you need to automate gitlab installation and conf

CINAQ Internet Technologies 1 Jan 30, 2022
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 07, 2022
RSA Cryptography Authentication Proof-of-Concept

RSA Cryptography Authentication Proof-of-Concept This project was a request by Structured Programming lectures in Computer Science college. It runs wi

Dennys Marcos 1 Jan 22, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
Quick and simple security for Flask applications

Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. Flask-Security It quickly adds security featur

Matt Wright 1.6k Dec 19, 2022
OpenConnect auth creditials collector.

OCSERV AUTH CREDS COLLECTOR V1.0 Зачем Изначально было написано чтобы мониторить какие данные вводятся в интерфейс ханипота в виде OpenConnect server.

0 Sep 23, 2022
REST implementation of Django authentication system.

djoser REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such

Sunscrapers 2.2k Jan 01, 2023
Toolkit for Pyramid, a Pylons Project, to add Authentication and Authorization using Velruse (OAuth) and/or a local database, CSRF, ReCaptcha, Sessions, Flash messages and I18N

Apex Authentication, Form Library, I18N/L10N, Flash Message Template (not associated with Pyramid, a Pylons project) Uses alchemy Authentication Authe

95 Nov 28, 2022
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
This script helps you log in to your LMS account and enter the currently running session

This script helps you log in to your LMS account and enter the currently running session, all in a second

Ali Ebrahimi 5 Sep 01, 2022
An open source Flask extension that provides JWT support (with batteries included)!

Flask-JWT-Extended Features Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting views, but also many help

Landon Gilbert-Bland 1.4k Jan 04, 2023
An extension of django rest framework, providing a configurable password reset strategy

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
A Python inplementation for OAuth2

OAuth2-Python Discord Inplementation for OAuth2 login systems. This is a simple Python 'app' made to inplement in your programs that require (shitty)

Prifixy 0 Jan 06, 2022
This project is an open-source project which I made due to sharing my experience around the Python programming language.

django-tutorial This project is an open-source project which I made due to sharing my experience around the Django framework. What is Django? Django i

MohammadMasoumi 6 May 12, 2022
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 49 Dec 23, 2022
Auth for use with FastAPI

FastAPI Auth Pluggable auth for use with FastAPI Supports OAuth2 Password Flow Uses JWT access and refresh tokens 100% mypy and test coverage Supports

David Montague 95 Jan 02, 2023
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
Django server for Travel Mate (Project: nomad)

Travel Mate Server (Project: Nomad) Django 2.0 server for Travel Mate Contribute For new feature request in the app, open a new feature request on the

Travel Mate 41 May 29, 2022