search

kstateome / django-cas

K-State's maintained version of django-cas
MIT License
111 stars 83 forks source link

django-cas with Django Rest Framework #61

Open chazzlabs opened 7 years ago

chazzlabs commented 7 years ago

I'm attempting to add CAS authentication to an existing Django/DRF app using django-cas. I've been successful so far except for redirecting to the CAS login page via the "Login" link in the DRF API page. If I explicitly navigate to the CAS login page and again explicitly to the DRF API page I'm properly authenticated; it's just redirecting within the app that seems to be giving me a problem. This perhaps has more to do with my unfamiliarity with Django, but I'm hoping I might at least get some confirmation on my setup.

More specifically, I'm seeing this error: 

Environment:

Request Method: GET
Request URL: http://localhost:8000/api-auth/login/?next=/api/

Django Version: 1.8.2
Python Version: 3.4.4
Installed Applications:
('django.contrib.admin',
 'django.contrib.contenttypes',
 'django.contrib.auth',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'rest_framework',
 'django_extensions',
 'rest_framework_swagger',
 'corsheaders',
 'cas')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'cas.middleware.CASMiddleware')

Traceback:
File "C:\Users\chazzlabs\Envs\backend-project\lib\site-packages\django\core\handlers\base.py" in get_response
  125.                     response = middleware_method(request, callback, callback_args, callback_kwargs)
File "C:\Users\chazzlabs\Envs\backend-project\lib\site-packages\cas\middleware.py" in process_view
  49.             return cas_login(request, *view_args, **view_kwargs)

Exception Type: TypeError at /api-auth/login/
Exception Value: login() got an unexpected keyword argument 'template_name'

It seems my issue is that, since the app is using the default DRF rest_framework.urls login view, it's sending a template_name keyword arg to the login() function of django-cas, which doesn't support the argument. I've configured django-cas according to the README, setting CAS_SERVER_URL, adding cas.middleware.CASMiddleware, adding the CAS login/logout URLs, and adding the AUTHENTICATION_BACKENDS. I've also configured DRF to use rest_framework.authentication.SessionAuthentication.

Is it possible to have the default DRF login views redirect to CAS, or is there perhaps another way I should go about this?

dstegelman commented 7 years ago

The DRF login URL config is just pointing to the built in django views and passing in a template specific to the DRF project. If you are using CAS you'd always want to use the CAS login/logout views in order for it to properly work. The other way it could be solved is to allow a template_name parameter, but that isn't really solving the problem.

Bottom line is that if you are going to use CAS, it's best to explicitly call the login/logout views in django-cas and not any others.

fengyehong commented 7 years ago

As we intercept login view like this:

if view_func == login:
            return cas_login(request, *view_args, **view_kwargs)

I think cas_login should be capable of handling all paramters django.contrib.auth.views accept, maybe just accept and ignore them, so no exception will be raised.

I‘m also wondering whether we should add a option to disable this kind of view intercept, so if our CAS server down, we can fallback to local login.