Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

Overview

django-cas-ng

https://travis-ci.org/django-cas-ng/django-cas-ng.svg?branch=master https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square

django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logout (SLO).

It supports Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+!

This project inherits from django-cas (which has not been updated since April 2013) at 2014. The ng stands for "next generation". Our fork will include bugfixes and new features contributed by the community.

Document

Checkout document at https://djangocas.dev/docs/latest/

Quick links:

Features

  • Supports CAS versions 1.0, 2.0 and 3.0
  • Support Single Logout (needs CAS server support)
  • Supports Token auth schemes
  • Can fetch Proxy Granting Ticket
  • Supports Django 2.0, 2.1, 2.2 and 3.0
  • Supports using a User custom model
  • Supports Python 3.5+
  • Supports typing hints in public API.

To support django 1.x and Python 2.x, please use 3.6.0.

Contributing

New contributors are always welcome! Check out Contribution to get involved.

Change Log

This project adheres to Semantic Versioning. Checkout all the Changelog.

Comments
  • Mysql utf8 database issue since 4.2.0

    Mysql utf8 database issue since 4.2.0

    Platform & Version Platform: Linux django-cas-ng: >= 4.2.0 Django: 3.2 Python: 3.8 CAS Server Software and version: 3

    Describe the bug The migration needed for django-cas-ng >= 4.2.0 fails on a utf8 mysql/mariadb database with error :

    1071, 'Specified key was too long; max key length is 3072 bytes'

    It works with a "smaller" collation, such as latin_sweedish_ci, but it is supposed to work on utf8 databases too, isn't it ?

    To Reproduce Steps to reproduce the behavior:

    1. use a utf8 mysql database
    2. update django-cas-ng >=4.2.0
    3. migrate
    4. see "1071, 'Specified key was too long; max key length is 3072 bytes'"

    Expected behavior migration succeeds on a utf8 database

    Screenshots

    Additional context mariadb server is debian stable

    Thanks

    bug help wanted wontfix 
    opened by pix106 19
  • SSL: CERTIFICATE_VERIFY_FAILED

    SSL: CERTIFICATE_VERIFY_FAILED

    I get a SSL: CERTIFICATE_VERIFY_FAILED error with the latest version when the CAS server uses a self-signed certificate. I didn't get this error with the previous version 3.5.5.

    I downgraded to 3.5.5 and it works for me, but I thought you might want to know...

    opened by michel-kraemer 12
  • Forbidden in 3.4

    Forbidden in 3.4

    I have a super simple django-cas-ng test project with nothing installed but Django 1.7 and django-cas-ng, with these settings:

    CAS_SERVER_URL = 'https://cas.oursite.edu/cas/login'
    CAS_ADMIN_PREFIX = '/admin'
    CAS_LOGOUT_COMPLETELY = True
    

    plus the login/logout URLs shown in the docs.

    With versions 3.1, 3.2 and 3.3, it works just fine. But when I upgrade to 3.4 or 3.4.1 I get:

    http://127.0.0.1:8000/accounts/login?next=%2F&ticket=ST-2138-43ZolaFcMAeLcZjAK-cas.oursite.edu

        Forbidden
        Login failed.
    

    (403 on the GET request as shown in runserver). Is there an additional setting or configuration I need to use when upgrading?

    opened by shacker 12
  • Add 3.5.10 -> 3.6.0 migration guide

    Add 3.5.10 -> 3.6.0 migration guide

    3.6.0 is a breaking change, and really should have been a major release. Let's add a short migration guide to the release notes. It should include both the change of imports (#189) and the need for the cas_ng_login name (#179).

    enhancement wontfix 
    opened by piotrb5e3 9
  • 	modified:   django_cas_ng/views.py

    modified: django_cas_ng/views.py

    Hello, Thank you for this nice library. Here our tiny contribution. This worked as expected with our CAS 3.4 service.

    -Fix bug in _logout_url for correct redirection after logout

    -Alter the login fail, response with a customizable view

    opened by RaphRi 9
  • CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    Platform & Version Platform: Windows or Linux or Mac... django-cas-ng: 4.1.1 Django: 2.2.11 Python: 3.7.4 CAS Server Software and version: 4

    Describe the bug Hello,

    I use the following options :

    • CAS_FORCE_SSL_SERVICE_URL = True
    • CAS_IGNORE_REFERER=True
    • LOGOUT_REDIRECT_URL = '/'+BASE_URL_PATH+'........./'

    On the Logout page, I am not redirected in HTTPS.

    In the source code of django-cas-ng, the GET and POST methods of the LogoutView class do not call the get_service_url method which checks if CAS_FORCE_SSL_SERVICE_URL = True and initializes protocol = 'https'.

    Thank.

    bug wontfix 
    opened by jojo-80 8
  • Google style SSO login

    Google style SSO login

    Well, first thing I couldn't come up with better title for issue so apologies. Now, to the situation I have django-mama-cas as my cas server, and I am using django-cas-ng on three other applications. I have followed instruction for django-cas-ng as specified on your github page. A simple scenario, my apps are A, B, C when I successfully login into A then switch to tab and request login page for B I should be logged into B automatically(If I am not wrong this is what SSO is meant to do). How using django-cas-ng and django-mama-cas I can achieve this?

    opened by rajeshyogeshwar 8
  • Django 1.10 upgrade forced by upgrade

    Django 1.10 upgrade forced by upgrade

    I was on version 3.4.2 with Django v1.9.x, and ran:

    pip install --upgrade django-cas-ng==3.5.2

    and found my Django version was forced up to 1.10. I was able to downgrade it manually, but that probably should not have happened automatically, right?

    opened by shacker 7
  • AnonymousUser after login

    AnonymousUser after login

    In my template:

        {% if not user.is_authenticated %}
            Login button links to CAS server
         {% endif %}
    

    Under v 3.4.2 this works perfectly.

    After upgrading to 3.5.2, the login button still displays after successful login. If I render {{user}} in the template, the user is AnonymousUser after login (same if I print(request.user) in the view). If this user now clicks the Login button a second time, CAS recognizes them as pre-authenticated and logs them in immediately.

    It seems like the actual django login() call is no longer being invoked.

    Downgrading for now.

    opened by shacker 7
  • Migrations is missing

    Migrations is missing

    Hi, this lib breaks my test suit, it reports:

    django.db.utils.ProgrammingError: relation "auth_user" does not exist"
    

    If i run python manage.py makemigrations django_cas_ng && python manage.py migrate it works again.

    pip freeze:

    boto==2.38.0
    click==6.0
    Django==1.8.7
    django-cas-ng==3.5.3
    django-debug-toolbar==1.3.0
    django-filter==0.11.0
    django-mama-cas==1.2.0
    django-mptt==0.7.4
    django-nose==1.4.2
    django-reversion==1.9.3
    django-rosetta==0.7.6
    django-storages-redux==1.3
    django-suit==0.2.15
    django-wysiwyg-redactor==0.4.9
    djangorestframework==3.3.1
    djangorestframework-gis==0.9.6
    ecdsa==0.13
    Fabric==1.10.0
    geopy==1.11.0
    gitdb==0.6.4
    GitPython==1.0.1
    Jinja2==2.8
    MarkupSafe==0.23
    microsofttranslator==0.5
    nose==1.3.7
    paramiko==1.16.0
    pipdeptree==0.4.3
    polib==1.0.7
    psycopg2==2.6.1
    pycrypto==2.6.1
    python-cas==1.1.0
    python-dotenv==0.1.3
    requests==2.8.1
    six==1.10.0
    smmap==0.9.0
    sqlparse==0.1.18
    Unipath==1.0
    wheel==0.24.0
    
    opened by mikaelengstrom 7
  • New Release

    New Release

    Hey Everyone, So I noticed that in commit: ddd0ee2 the model changed the name of session to session_key. I think this will break anyones install that had the tables built previous to this commit. I think that we should ship migrations with the upcoming release and provide documentation on how to run them. I think I have a little bit of time to try and put this together if people think it is worth the effort.

    If we do not want to provide migrations, I think the name should be changed back to session to avoid having to edit the database by hand.

    opened by bgroff 7
  • CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    Platform & Version Platform: Linux django-cas-ng: 4.3.0 Django: 4.1 Python: 3.10 CAS Server Software and version: 3.0

    Describe the bug My CAS returns several fields (like departmentNumber or eduPersonAffiliation) that I'd like to access within my view. I set the CAS_APPLY_ATTRIBUTES_TO_USER setting to True in settings.py, but accessing the request.user in my views does not provide me with these fields. Is it normal ?

    To Reproduce Within any view functions:

    def my_view(request):
        print(dir(request.user))
    

    No differences wether CAS_APPLY_ATTRIBUTES_TO_USER is set to True or False.

    Expected behavior

    That a dict of the attributes returned by my CAS would be accessible

    bug 
    opened by paulgoulain 0
  • django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    Platform & Version Platform: Mac m2 django-cas-ng: 4.3 Django: 4.1 Python: 3.10 CAS Server Software and version:

    Describe the bug

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    causes by:
    1 django_cas_ng migrate 2 Applying django_cas_ng.0002_auto_20201023_1400...Traceback (most recent call last): 3 ticket = models.CharField(max_length=1024)

    my plan: ticket = models.TextField(max_length=1024)

    bug 
    opened by xiaozhi-cn 3
Releases(v4.3.0)
  • v4.3.0(Jan 9, 2022)

    • PR #308: Improve redirect url when CAS_ROOT_PROXIED_AS is empty @mbaechtold
    • PR #307: Fix #306 the logout service url when using CAS_ROOT_PROXIED_AS @doomse
    • Add compatibility with Django 4.0. @mbaechtold
    • PR #305: Fix #304: warning on system check from Django 3.2 @corralien
    • PR #303: Remove unused travis [email protected]
    • PR #302: Add django 3.2 and py3.9/3.10 testing @nikolas
    • PR #298: Add CAS_SESSION_FACTORY setting to allow customizing requests Session @intgr
    • PR #296: Fix #281: session.session_key is None for signed_cookies sessions on first request @davidmgvaz
    • PR #295: Fix #294 DataError at /accounts/login/ value too long
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.3.0.tar.gz(17.88 KB)
    django_cas_ng-4.3.0-py2.py3-none-any.whl(26.27 KB)
  • v4.2.1(Jun 11, 2021)

  • v4.2.0(Jun 3, 2021)

    • PR #285: Fix #284: Change default of CAS_USERNAME_ATTRIBUTE to cas:user @b4ldr
    • PR #282: Bugfix: Let checking of the "next" URL parameter be configurable @sebastianmanger
    • PR #278: Add Django 3.1 to tox @nikolas
    • PR #277: Fix tox isort command @nikolas
    • PR #276: Don't use 'del' statement, to fix deepsource error @nikolas
    • PR #275: Fix deepsource error @nikolas
    • PR #274: Truncate session key if it's longer than possible @nikolas
    • PR #273: Remove Signal(providing_args=) argument, deprecated in Django 3.1 @intgr
    • PR #268: returned translations after merging a broken branch @jolob5l
    • PR #267: Add annotations for utils.py @jolob5l
    • PR #266: typing support @jolob5l
    • PR #265: Add russian and ukranian translations @jolob5l
    • PR #263: Fix typo in ProxyGrantingTicket.session_key max_length @nikolas
    • PR #262: Add the CAS_ADMIN_REDIRECT option to disable admin redirect @nikolas
    • PR #261: Increase session_key size to account for signed cookies - closes #260 @nikolas
    • PR #259: Change thrown exception to specific type @spielmannj
    • PR #258: Fix: v1 cas client create error @ibuler
    • PR #257: Fix: urljoin @LeoSirius
    Source code(tar.gz)
    Source code(zip)
  • v4.1.1(Feb 27, 2020)

  • v4.1.0(Feb 25, 2020)

  • v4.0.1(Jan 22, 2020)

  • v4.0.0(Jan 16, 2020)

    • Break change: Drop python 2.x support
    • Break change: Drop django 1.x support
    • PR-206: New behavior for CAS_USERNAME_ATTRIBUTE setting which will now fallback to setting the specified attribute for username when set with a value other than the default (uid) when using a CAS_VERSION that did not previously support this behavior (anything other than CAS_VERSION = 'CAS_2_SAML_1_0).
    • PR-195: Fix bug where session_key is empty after logging in.
    • PR-196: Add support for CAS response callbacks by setting CAS_RESPONSE_CALLBACKS (fix #109)
    • PR-131: Fix get_proxy_ticket method usage
    • PR-134: Allow relative CAS_SERVER_URL starts with '/' without protocol and hostname.
    • Fix #138 Patched README.rst example code.
    • PR-127: Update requirements.txt: django-cas to 1.2.0
    • PR-234: Run flake8 on the entire project
    • PR-233: Update Travis configuration and test matrix
    • PR-232: Remove test branches for Django.VERSION < 2
    • PR-231: Replace deprecated ugettext_lazy with gettext_lazy
    • PR-230: Document project as Python 3.5+ only
    • PR-229: Remove unnecessary workaround for unsupported Pythons
    • PR-222: Upgrade to support Django 3.0
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.0.0.tar.gz(27.49 KB)
  • v3.6.0(Nov 23, 2018)

    • Removed support for Django < 1.11.
    • PR-188: Introduce isort for automatic import ordering
    • PR-187: Remove unused workarounds for EOL Django < 1.10
    • PR-186: Simplify dependency handling in tox.ini
    • PR-184: Remove unnecessary distutils fallback from setup.py
    • PR-183: Use skip_install=true for lint or static tox targets
    • PR-182: Distribute package as a universal wheel
    • PR-181: Remove unused submodule python-cas
    • PR-180: Trim trailing white space throughout the project
    • PR-179: Class-based Login, Logout and Callback views, plus successful_login overridable method
    • PR-177: Fix #172 attributes that do not change being removed
    • PR-176: Fix #106: Adding CAS_VE RIFY_SSL_CERTIFICATE setting
    • PR-173: Include 'django_cas_ng.middleware.CASMiddleware' middleware in example settings of README
    • PR-171: Fix #170 in README: Fix broken links, add syntax highlighting and slight changes to the bad_attributes_reject example
    • Fix #164: Remove dead links in README
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.6.0.tar.gz(25.17 KB)
    django_cas_ng-3.6.0-py2.py3-none-any.whl(32.58 KB)
  • v3.5.10(Oct 9, 2018)

    • PR-149: Add CAS_PROXIED_AS config: Allow functioanlity behind a proxy server like mod_auth_cas for apache.
    • PR-150: Django 2.0 compatibility (user.is_authenticated).
    • PR-154: Catalan and Spanish translation
    • PR-156: Add support for CAS attributes renaming
    • PR-165: Fix CAS_ROOT_PROXIED_AS double slash
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.10.tar.gz(24.54 KB)
  • v3.5.9(Jan 2, 2018)

    • Add the optional setting CAS_CREATE_USER_WITH_ID. (PR #129)
    • Fix get_proxy_ticket method usage. (PR #131)
    • Add django 2.0 compability. (PR #143 #146)
    • Added bad_attributes_reject to check SAML key/value attributes. (PR #145)
    Source code(tar.gz)
    Source code(zip)
  • v3.5.8(Jun 30, 2017)

    • Upgrade django-cas to 1.2.0
    • Fix: Coerce boolean strings in attributes to actual boolean values
    • Update middleware for consistency with new-style django middleware
    • Add CAS_APPLY_ATTRIBUTES_TO_USER new settings option to apply attributes to User model.
    • Add support for applying attributes returned from ticket to User model
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.8.tar.gz(16.52 KB)
  • v3.5.7(Apr 2, 2017)

  • v3.5.6(Nov 6, 2016)

  • v3.5.5(Sep 28, 2016)

    • Login after the session is created, fix the need for double login (such as #83, might fix it but seems slightly different)
    • Fix #96 Login after the session is created, fix the need for double login
    • Fix #95 by delete django requirement from setup.py
    • Fix #91 - raise PermissionDenied rather than return HttpResponseForbidden
    • Add check_additional_permissions to the backend. This allows one to subclass the backend and add arbitrary user permissions checks when authenticating.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.5.tar.gz(14.73 KB)
  • v3.5.4(Apr 27, 2016)

    • Support for string view arguments to url() is deprecated and will be removed in Django 1.10.
    • Add migrations.
    • Add initial migrations file.
    • Add CAS_FORCE_CHANGE_USERNAME_CASE option to convert username case to lower or upper. This prevent duplicate account creation in some case.
    • Bugfix for loop redirect when CAS_ADMIN_PREFIX is set as root.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.4.tar.gz(14.52 KB)
  • v3.5.3(Nov 20, 2015)

  • v3.5.2(Nov 19, 2015)

  • v3.5.1(Nov 11, 2015)

  • v3.5.0(Nov 8, 2015)

    • Add support for Proxy Granting Ticket.
    • Add Single Logout support.
    • Add Python3 support.
    • Add Django 1.8 support.
    • Add support for custom user model.
    • Add CAS_USERNAME_ATTRIBUTE which allows picking an alternative variable to store the username in the cas attributes.
    • Add CAS_DISPLAY_LOGIN_MESSAGE setting to control whether show welcome message, default is true.
    • Fix redirecting with the "?next" parameter.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.0.tar.gz(13.11 KB)
  • v3.4.2(Jan 11, 2015)

  • v3.4.1(Nov 27, 2014)

  • v3.4.0(Nov 12, 2014)

  • v3.2.0(Oct 25, 2014)

Owner
django-cas-ng
Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Sign Out! 2014-2020
django-cas-ng
A Login/Registration GUI Application with SQLite database for manipulating data.

Login-Register_Tk A Login/Registration GUI Application with SQLite database for manipulating data. What is this program? This program is a GUI applica

Arsalan 1 Feb 01, 2022
Simple Login - Login Extension for Flask - maintainer @cuducos

Login Extension for Flask The simplest way to add login to flask! How it works First, install it from PyPI: $ pip install flask_simplelogin Then, use

Flask Extensions 181 Jan 01, 2023
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
Automatic login utility of free Wi-Fi captive portals

wicafe Automatic login utility of free Wi-Fi captive portals Disclaimer: read and grant the Terms of Service of Wi-Fi services before using it! This u

Takumi Sueda 8 May 31, 2022
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 02, 2023
A simple model based API maker written in Python and based on Django and Django REST Framework

Fast DRF Fast DRF is a small library for making API faster with Django and Django REST Framework. It's easy and configurable. Full Documentation here

Mohammad Ashraful Islam 18 Oct 05, 2022
Graphical Password Authentication System.

Graphical Password Authentication System. This is used to increase the protection/security of a website. Our system is divided into further 4 layers of protection. Each layer is totally different and

Hassan Shahzad 12 Dec 16, 2022
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.

Django Two-Factor Authentication Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django'

Bouke Haarsma 1.3k Jan 04, 2023
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

3 Jan 08, 2022
Plotly Dash plugin to allow authentication through 3rd party OAuth providers.

dash-auth-external Integrate your dashboards with 3rd parties and external OAuth providers. Overview Do you want to build a Plotly Dash app which pull

James Holcombe 15 Dec 11, 2022
Accounts for Django made beautifully simple

Django Userena Userena is a Django application that supplies your Django project with full account management. It's a fully customizable application t

Bread & Pepper 1.3k Sep 18, 2022
Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication.

auth-phyton Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication. Setup Step #1 - Install dependencies $ pip

sandhika 0 Aug 03, 2022
Creation & manipulation of PyPI tokens

PyPIToken: Manipulate PyPI API tokens PyPIToken is an open-source Python 3.6+ library for generating and manipulating PyPI tokens. PyPI tokens are ver

Joachim Jablon 8 Nov 01, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 29, 2022
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 03, 2023