[open-ils-commits] r1220 - servres/trunk/conifer/integration (gfawcett)
svn at svn.open-ils.org
svn at svn.open-ils.org
Tue Feb 1 21:34:04 EST 2011
Author: gfawcett
Date: 2011-02-01 21:34:03 -0500 (Tue, 01 Feb 2011)
New Revision: 1220
Modified:
servres/trunk/conifer/integration/cas.py
Log:
monkey-patch django_cas to scrub usernames returned from CAS server.
Modified: servres/trunk/conifer/integration/cas.py
===================================================================
--- servres/trunk/conifer/integration/cas.py 2011-02-01 15:19:06 UTC (rev 1219)
+++ servres/trunk/conifer/integration/cas.py 2011-02-02 02:34:03 UTC (rev 1220)
@@ -12,11 +12,32 @@
# conifer/syrup/models.py.
-import django_cas.backends
+from django_cas import backends
+# First, we monkey-patch the django_cas verifier.
+#
+# Okay, monkey-patching is lame. But I have a problem with the way django_cas
+# fails to clean usernames. At Windsor, if you log in as '_FAWCETT_', where
+# '_' is a space, django_cas will create a new User object for
+# username='_FAWCETT_', even if a user 'fawcett' exists. Bad!
+#
+# Now, I'm not certain that all CAS-using campus would like to have their
+# usernames lower-cased, though I'm guessing it won't hurt. But I'm absolutely
+# sure that spaces should be stripped, always. I'll propose a patch to
+# django_cas; but in the meantime, let's reach into django_cas and fix it.
-class CASBackend(django_cas.backends.CASBackend):
+if hasattr(backends, '_verify'):
+ _orig_verify = backends._verify
+ def _newverify(*args, **kwargs):
+ username = _orig_verify(*args, **kwargs)
+ if username:
+ username = username.lower().strip()
+ return username
+ backends._verify = _newverify
+
+class CASBackend(backends.CASBackend):
+
def authenticate(self, ticket, service):
"""Authenticates CAS ticket and retrieves user data"""
More information about the open-ils-commits
mailing list