Bugfixes, improvements, better README - all the stuff I forgot earlier

c2a6f704 · Art · 1d516df0 · c2a6f704 · c2a6f704 · c2a6f704
Commit c2a6f704 authored 7 years ago by Art
--- a/README.md
+++ b/README.md
@@ -14,7 +14,6 @@
 - Python dependencies: see `requirements.txt` or `setup.py`
 - Add the app into `INSTALLED_APPS`
 - Include the app's `urls.py` into the project `urls.py` `urlpatterns`, preferably without a prefix
- If you want to use `ssoauth` to log into `django.contrib.admin` or some other app with its own login page, in `urls.py` add into the top of `urlpatterns`: `re_path("^(admin/)?login/?$", AuthenticateRedirectView.as_view())`
 #### Development Setup
@@ -46,16 +45,13 @@ SP_FORCE_ENTITY_ID = "dev-id-{0}-{1}".format(socket.gethostname(), os.path.dirna
 LOGIN_URL = urls.reverse_lazy("sso-dev")  # it's "sso-login" for prod
 ```
-#### Overriding Log In in Other Apps
+#### Overriding Log In Pages of Other Apps
-There are some apps like `django.contrib.admin` or `wagtail` that will simply ignore `LOGIN_URL` and use their own log in page. If this behavior is undesirable and you would prefer using `ssoauth` instead:
+There are some apps like `django.contrib.admin` or `wagtail` that will simply ignore `LOGIN_URL` and use their own log in page. If this behavior is undesirable and you would prefer using `ssoauth` instead, add the following into your `urls.py` (_before_ including URLs of that other app):
-  - find out the login page of that app (let's assume it's `admin/login`)
-  - in `urls.py`, before including URLs for that app, include this view:
 ```python3
-    path("admin/login", ssoauth.views.LogInView(already_authenticated_403=True)),
+re_path(r"^(?:\w+/)?login/?$", ssoauth_views.LogInView.as_view(already_authenticated_403=True)),
 ```
-    Optional argument `already_authenticated_403=True` is used to avoid redirect loops caused by `django.contrib.admin`.
+  - Adjust the path if required
-    Instead of it you can also use `already_authenticated_redirect="url-name"`.
+  - Optional argument `already_authenticated_403=True` is used to avoid redirect loops (e.g. caused by `django.contrib.admin`). You can also use `already_authenticated_redirect="url-name"`.
 #### Regarding Logging Out

--- a/ssoauth/management/commands/group_mapping.py
+++ b/ssoauth/management/commands/group_mapping.py
@@ -54,7 +54,7 @@ class Command(BaseCommand):
        groups = Group.objects.all()
        mapped = groups.filter(sso_mapping__isnull=False)
        unmapped = groups.filter(sso_mapping__isnull=True)
-        logger.info("There {g} groups, {m} mapped and {u} unmapped:".format(g=len(groups), m=len(mapped), u=len(unmapped)))
+        logger.info("There are {g} groups ({m} mapped, {u} unmapped):".format(g=len(groups), m=len(mapped), u=len(unmapped)))
        for group in groups.order_by("-sso_mapping", "name"):
            name = group.name
            try:
@@ -95,7 +95,7 @@ class Command(BaseCommand):
    ## seems like the following code can create groups and permissions as we had it
-    ## in the old hshauth, based on the project settings
+    ## in the old There hshauth, based on the project settings
    #
    # @staticmethod
    # def ensure_group_exists(group_name, permission_names=list()):

--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -75,7 +75,7 @@ class LogInView(SAMLMixin, View):
    def get(self, request, *args, **kwargs):
        if request.user.is_authenticated:
            if self.already_authenticated_403:
-                return exceptions.PermissionDenied()
+                raise exceptions.PermissionDenied()
            if self.already_authenticated_redirect:
                return http.HttpResponseRedirect(urls.reverse(self.already_authenticated_redirect))
            if request.user.last_login > timezone.now() - timedelta(seconds=20):
@@ -94,6 +94,7 @@ class LogInView(SAMLMixin, View):
        return str(next_url)
+@method_decorator(never_cache, "dispatch")
 class LogOutView(RedirectView):
    """
    Logs the user out locally.
@@ -147,6 +148,9 @@ class ACSAuthNView(SAMLMixin, View):
    It's how OneLogin toolkit works, cannot easily detect/process other statements here, so I don't even try.
    """
+    def get(self, *args, **kwargs):
+        raise http.Http404()
    def post(self, request, *args, **kwargs):
        auth = self.get_onelogin_auth(request)
        auth.process_response()
@@ -248,6 +252,7 @@ class SLSView(SAMLMixin, View):
        return response
+@method_decorator(never_cache, "dispatch")
 class MetadataView(SAMLMixin, View):
    def get(self, request, *args, **kwargs):
@@ -260,6 +265,7 @@ class MetadataView(SAMLMixin, View):
        return http.HttpResponse(content_type="text/xml", content=meta)
+@method_decorator(never_cache, "dispatch")
 class DevView(FormView):
    class DevForm(forms.Form):