模仿 USTC CAS 的程序,用于开发校内网站应用的本地调试。

Related tags

Testingustc-cas-mock
Overview

ustc-cas-mock

模仿 USTC CAS 的程序,用于开发校内网站应用阶段调试。

请勿在生产环境部署!

只测试了最常用的三个 CAS route:

/login
/serviceValidate(验证 CAS ticket)
/logout

没有测试过 proxy ticket。(因为我用不到,我也不知道怎么改)

Why?

USTCCAS 比较特别的一点是,用户可以用不同的用户名登录:GID 可以,学号也可以,并且学号可以是自入学以来所有的学号。在开发时,很多同学都不会注意这件事情,这会导致一个人可以用多个不同的「身份」登录系统(并且在科大呆的时间越长,身份的数量就越多),往往是非预期的。

第二点特别的是,CAS 系统限制仅允许 ustc.edu.cn 域名的 service 使用,于是在本地开发的时候就特别难受,虽然可以用……「某些方式」绕过去,但是如果你真的拿到了一个学校域名,上线前又要大改配置,不太好受。

这个仓库代码使用了一个魔改版的 django-mama-cas,因为默认的 callback 没法方便插入特定的逻辑。

关于返回的属性

本仓库的逻辑是返回 CAS 能够返回的所有的信息,但是实际上,USTCCAS 在未申请权限的情况下只会返回最基本的信息:GID 和登录用的用户名,这一点需要特别注意。

此外,在 attributes 的处理上,USTCCAS 和 CAS 3.0 标准不完全一致:

USTCCAS 类似于下面这样:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>登录用户名</cas:user>
<attributes>
<cas:gid>1234567</cas:gid>
</attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>

而 CAS 3.0 类似于:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
    <cas:authenticationSuccess>
        <cas:user>登录用户名</cas:user>
        <cas:attributes>
            <cas:gid>1234567</cas:gid>
        </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

USTCCAS 的 attributes 是 attributes 而不是 cas:attributes

此外:

  • 有一些属性我也没有完全搞清楚,比如说 xbm 我就不知道是啥,反正这个值好像正常情况下应该返回 1。
  • 关于人员在校状态码和人员分类码的信息,如果不适合公开,请联系我,我会立刻处理。

使用

首先配置虚拟环境,安装依赖,然后:

$ python manage.py migrate
$ python manage.py createsuperuser

然后可以使用创建的 superuser 登录 /admin 进行配置。需要注意,在添加用户后,还需要编辑用户,添加学号信息(学号值和顺序)。

当然,如果懒得配置,也可以在 cas 目录里直接:

$ curl -L https://github.com/taoky/ustc-cas-mock/releases/download/v0.1/test.sql | sqlite3 db.sqlite3

superuser 的 username/password 为 test/test。请注意在修改密码前确保服务仅本地可访问。

You might also like...
Comments
Releases(v0.1)
Owner
taoky
I compute, therefore I am.
taoky
GitHub Repository
buX Course Enrollment Automation

buX automation BRACU - buX course enrollment automation Features: Automatically enroll into multiple courses at a time. Find courses just entering cou

Mohammad Shakib 1 Oct 06, 2022
Show coverage stats online via coveralls.io

Coveralls for Python Test Status: Version Info: Compatibility: Misc: coveralls.io is a service for publishing your coverage stats online. This package

Kevin James 499 Dec 28, 2022
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

💼 The Social-Engineer Toolkit (SET) 💼 Copyright 2020 The Social-Engineer Toolkit (SET) Written by: David Kennedy (ReL1K) @HackingDave Company: Trust

trustedsec 8.4k Dec 31, 2022
Headless chrome/chromium automation library (unofficial port of puppeteer)

Pyppeteer Pyppeteer has moved to pyppeteer/pyppeteer Unofficial Python port of puppeteer JavaScript (headless) chrome/chromium browser automation libr

miyakogi 3.5k Dec 30, 2022
Python Moonlight (Machine Learning) Practice

PyML Python Moonlight (Machine Learning) Practice Contents Design Documentation Prerequisites Checklist Dev Setup Testing Run Prerequisites Python 3 P

Dockerian Seattle 2 Dec 25, 2022
Automated Penetration Testing Framework

Automated Penetration Testing Framework

OWASP 2.1k Jan 01, 2023
pytest plugin providing a function to check if pytest is running.

pytest-is-running pytest plugin providing a function to check if pytest is running. Installation Install with: python -m pip install pytest-is-running

Adam Johnson 21 Nov 01, 2022
An Instagram bot that can mass text users, receive and read a text, and store it somewhere with user details.

Instagram Bot 🤖 July 14, 2021 Overview 👍 A multifunctionality automated instagram bot that can mass text users, receive and read a message and store

Abhilash Datta 14 Dec 06, 2022
A cross-platform GUI automation Python module for human beings. Used to programmatically control the mouse & keyboard.

PyAutoGUI PyAutoGUI is a cross-platform GUI automation Python module for human beings. Used to programmatically control the mouse & keyboard. pip inst

Al Sweigart 7.5k Dec 31, 2022
Fills out the container extension form automatically. (Specific to IIT Ropar)

automated_container_extension Fills out the container extension form automatically. (Specific to IIT Ropar) Download the chrome driver from the websit

Abhishek Singh Sambyal 1 Dec 24, 2021
ApiPy was created for api testing with Python pytest framework which has also requests, assertpy and pytest-html-reporter libraries.

ApiPy was created for api testing with Python pytest framework which has also requests, assertpy and pytest-html-reporter libraries. With this f

Mustafa 1 Jul 11, 2022
Minimal example of how to use pytest with automated 'devops' style automated test runs

Pytest python example with automated testing This is a minimal viable example of pytest with an automated run of tests for every push/merge into the m

Karma Computing 2 Jan 02, 2022
Avocado is a set of tools and libraries to help with automated testing.

Welcome to Avocado Avocado is a set of tools and libraries to help with automated testing. One can call it a test framework with benefits. Native test

Ana Guerrero Lopez 1 Nov 19, 2021
A library for generating fake data and populating database tables.

Knockoff Factory A library for generating mock data and creating database fixtures that can be used for unit testing. Table of content Installation Ch

Nike Inc. 30 Sep 23, 2022
A pytest plugin, that enables you to test your code that relies on a running PostgreSQL Database

This is a pytest plugin, that enables you to test your code that relies on a running PostgreSQL Database. It allows you to specify fixtures for PostgreSQL process and client.

Clearcode 252 Dec 21, 2022
pytest plugin for a better developer experience when working with the PyTorch test suite

pytest-pytorch What is it? pytest-pytorch is a lightweight pytest-plugin that enhances the developer experience when working with the PyTorch test sui

Quansight 39 Nov 18, 2022
Test utility for validating OpenAPI documentation

DRF OpenAPI Tester This is a test utility to validate DRF Test Responses against OpenAPI 2 and 3 schema. It has built-in support for: OpenAPI 2/3 yaml

snok 103 Dec 21, 2022
Voip Open Linear Testing Suite

VOLTS Voip Open Linear Tester Suite Functional tests for VoIP systems based on voip_patrol and docker 10'000 ft. view System is designed to run simple

Igor Olhovskiy 17 Dec 30, 2022
Test django schema and data migrations, including migrations' order and best practices.

django-test-migrations Features Allows to test django schema and data migrations Allows to test both forward and rollback migrations Allows to test th

wemake.services 382 Dec 27, 2022
nose is nicer testing for python

On some platforms, brp-compress zips man pages without distutils knowing about it. This results in an error when building an rpm for nose. The rpm bui

1.4k Dec 12, 2022