新增cas登录认证 (hhyo#2340)

* 新增cas登录 * 新增cas登录 * 新增cas登录 * 新增cas登录 * 新增cas登录 * black格式化 * 修改模块引用错误 * 修改模块引用错误 * 修改模块引用错误 --------- Co-authored-by: lanjiaxuan <lanjiaxuan@e6yun.com>
finovy · Nov 10, 2023 · cd804a6 · cd804a6
1 parent 1f0a40e
commit cd804a6
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 1 deletion.
diff --git a/.env.list b/.env.list
@@ -16,3 +16,9 @@ CSRF_TRUSTED_ORIGINS=http://127.0.0.1:9123
 Q_CLUSTER_WORKERS=4
 Q_CLUSTER_TIMEOUT=60
 Q_CLUISTER_SYNC=false
+
+# https://djangocas.dev/docs/latest/
+ENABLE_CAS=true
+CAS_SERVER_URL=https://127.0.0.1
+CAS_VERSION=2
+SECURE_SSL_REDIRECT=false
diff --git a/archery/settings.py b/archery/settings.py
@@ -363,10 +363,40 @@
     )  # 每次登录从ldap同步用户信息
     AUTH_LDAP_USER_ATTR_MAP = env("AUTH_LDAP_USER_ATTR_MAP")
 
+# CAS认证
+ENABLE_CAS = env("ENABLE_CAS", default=False)
+if ENABLE_CAS:
+    INSTALLED_APPS += ("django_cas_ng",)
+    MIDDLEWARE += ("django_cas_ng.middleware.CASMiddleware",)
+    AUTHENTICATION_BACKENDS = (
+        "django.contrib.auth.backends.ModelBackend",
+        "django_cas_ng.backends.CASBackend",
+    )
+
+    # CAS 的地址
+    CAS_SERVER_URL = env("CAS_SERVER_URL")
+    # CAS 版本
+    CAS_VERSION = env("CAS_VERSION")
+    # 存入所有 CAS 服务端返回的 User 数据。
+    CAS_APPLY_ATTRIBUTES_TO_USER = True
+    # 关闭浏览器退出登录
+    SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    #  忽略  SSL  证书校验
+    CAS_VERIFY_SSL_CERTIFICATE = env("CAS_VERIFY_SSL_CERTIFICATE", default=False)
+    #  忽略来源验证
+    CAS_IGNORE_REFERER = True
+    # https请求问题
+    CAS_FORCE_SSL_SERVICE_URL = env("CAS_FORCE_SSL_SERVICE_URL", default=False)
+    CAS_RETRY_TIMEOUT = 1
+    CAS_RETRY_LOGIN = True
+    CAS_EXTRA_LOGIN_PARAMS = {"renew": True}
+    CAS_LOGOUT_COMPLETELY = True
+
 SUPPORTED_AUTHENTICATION = [
     ("LDAP", ENABLE_LDAP),
     ("DINGDING", ENABLE_DINGDING),
     ("OIDC", ENABLE_OIDC),
+    ("CAS", ENABLE_CAS),
 ]
 # 计算当前启用的外部认证方式数量
 ENABLE_AUTHENTICATION_COUNT = len(
@@ -375,7 +405,7 @@
 if ENABLE_AUTHENTICATION_COUNT > 0:
     if ENABLE_AUTHENTICATION_COUNT > 1:
         logger.warning(
-            "系统外部认证目前支持LDAP、DINGDING、OIDC三种，认证方式只能启用其中一种，如果启用多个，实际生效的只有一个，优先级LDAP > DINGDING > OIDC"
+            "系统外部认证目前支持LDAP、DINGDING、OIDC、CAS四种，认证方式只能启用其中一种，如果启用多个，实际生效的只有一个，优先级LDAP > DINGDING > OIDC > CAS"
         )
     authentication = ""  # 默认为空
     for name, enabled in SUPPORTED_AUTHENTICATION:

diff --git a/archery/urls.py b/archery/urls.py
@@ -1,6 +1,7 @@
 from django.urls import include, path
 from django.contrib import admin
 from common import views
+from django.conf import settings
 
 urlpatterns = [
     path("admin/", admin.site.urls),
@@ -10,6 +11,17 @@
     path("", include(("sql.urls", "sql"), namespace="sql")),
 ]
 
+if settings.ENABLE_CAS:
+    import django_cas_ng.views
+
+    urlpatterns += [
+        path(
+            "cas/authenticate/",
+            django_cas_ng.views.LoginView.as_view(),
+            name="cas-login",
+        ),
+    ]
+
 handler400 = views.bad_request
 handler403 = views.permission_denied
 handler404 = views.page_not_found

diff --git a/common/middleware/check_login_middleware.py b/common/middleware/check_login_middleware.py
@@ -14,6 +14,7 @@
     "/oidc/logout/",
     "/dingding/callback/",
     "/dingding/authenticate/",
+    "/cas/authenticate/",
 ]
 
 IGNORE_URL_RE = r"/api/(v1|auth)/\w+"

diff --git a/common/templates/login.html b/common/templates/login.html
@@ -32,6 +32,10 @@
                 <div class="form-group" id="login-method-oidc">
                     <a class="btn btn-primary btn-block" role="button" href="/oidc/authenticate/">{{ oidc_btn_name }}</a>
                 </div>
+            {% elif cas_enabled %}
+            <div class="form-group">
+                <a class="btn btn-primary btn-block" role="button" href="/cas/authenticate/">CAS认证登录</a>
+            </div>
             {% endif %}
             {% if dingding_enabled or oidc_enabled %}
                 <div class="text-right">

diff --git a/requirements.txt b/requirements.txt
@@ -39,4 +39,5 @@ alibabacloud_dysmsapi20170525==2.0.9
 tencentcloud-sdk-python==3.0.656
 mozilla-django-oidc==3.0.0
 django-auth-dingding==0.0.3
+django-cas-ng==4.3.0
 cassandra-driver
diff --git a/sql/views.py b/sql/views.py
@@ -65,6 +65,7 @@ def login(request):
             "sign_up_enabled": SysConfig().get("sign_up_enabled"),
             "oidc_enabled": settings.ENABLE_OIDC,
             "dingding_enabled": settings.ENABLE_DINGDING,
+            "cas_enabled": settings.ENABLE_CAS,
             "oidc_btn_name": SysConfig().get("oidc_btn_name", "以OIDC登录"),
         },
     )