Force https for EPFL redirect (#1)

* Force https for EPFL redirect * Allow to configure the https force trough Django settings * Fix index view for anonymous user in sample app; Readded license * Added default redirect https settings in sample app * Respect origin protocol in Django; From default https parameter to optional force https * Update doc for force https
epfl-si · Jul 13, 2017 · 718e437 · 718e437
1 parent 043f2e8
commit 718e437
Show file tree

Hide file tree

Showing 7 changed files with 46 additions and 8 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,10 @@
 Change log
 ==========
+2.1.10
+------
+Add an option to force https if redirect url is not or half provided
+Force https for EPFL configuration
+
 2.1.9
 ------
 Move to Django 1.11

diff --git a/README.rst b/README.rst
@@ -180,7 +180,14 @@ Advanced settings
    
     TEQUILA_STRONG_AUTHENTICATION = True
 
-  Default value is False   
+  Default value is False
+
+* You can force a redirect to https, without respecting the origin.
+  so add this line to `settings.py`::
+
+    TEQUILA_FORCE_REDIRECT_HTTPS = True
+
+  Default value is False
 
 Logging
 -------

diff --git a/django_tequila/__init__.py b/django_tequila/__init__.py
@@ -2,4 +2,4 @@
     (c) All rights reserved. ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE, Switzerland, VPSI, 2017
 '''
 
-__version__ = '2.1.9'
+__version__ = '2.1.10'
diff --git a/django_tequila/tequila_auth_views/__init__.py b/django_tequila/tequila_auth_views/__init__.py
@@ -22,6 +22,11 @@ def login(request):
 
     # fullfill domain for tequila
     next_path = request.get_host() + next_path
+
+    if request.is_secure():
+        next_path = 'https://' + next_path
+    else:
+        next_path = 'http://' + next_path
 
     try:
         server_url = settings.TEQUILA_SERVER_URL
@@ -46,15 +51,22 @@ def login(request):
     try:
         strong_authentication = settings.TEQUILA_STRONG_AUTHENTICATION
     except AttributeError:
-        strong_authentication = False    
-
+        strong_authentication = False
+
+    try:
+        force_redirect_https = settings.TEQUILA_FORCE_REDIRECT_HTTPS
+    except AttributeError:
+        force_redirect_https = True
+
     tequila_client = TequilaClient(EPFLConfig(server_url = server_url,
                                         additional_params = additional_params,
                                         redirect_to = next_path,
                                         allows = allows_needed,
                                         service = service_name,
                                         allow_guests = True,
-                                        strong_authentication = strong_authentication))
+                                        strong_authentication = strong_authentication,
+                                        force_redirect_https = force_redirect_https,
+                                        ))
 
     request.session.set_test_cookie()
 

diff --git a/django_tequila/tequila_client/config.py b/django_tequila/tequila_client/config.py
@@ -7,6 +7,8 @@ def __init__(self,
                  server_url,
                  additional_params = None,
                  redirect_to = None,
+                 # should we force https
+                 force_redirect_https=False,
                  service = None,
                  request = None,
                  language = None,
@@ -22,10 +24,15 @@ def __init__(self,
         self.server_url = server_url
 
         if redirect_to:
-            if redirect_to.find('http://') == -1 and redirect_to.find('https://') == -1:
-                self.redirect_to = 'http://' + redirect_to
+            if force_redirect_https: # force https in all case
+                if redirect_to.find('http://') == -1 and redirect_to.find('https://') == -1:
+                    prefix = 'https://'
+                    self.redirect_to = prefix + redirect_to
+                else:
+                    self.redirect_to = redirect_to.replace('http:', 'https:')
             else:
                 self.redirect_to = redirect_to
+
         else:
             self.redirect_to = None
 

diff --git a/sample_app/settings.py b/sample_app/settings.py
@@ -116,6 +116,7 @@
 TEQUILA_NEW_USER_INACTIVE = False
 TEQUILA_CLEAN_URL = True
 TEQUILA_STRONG_AUTHENTICATION = False
+TEQUILA_FORCE_REDIRECT_HTTPS = False
 LOGIN_URL = "/login"
 LOGIN_REDIRECT_URL = "/"
 LOGIN_REDIRECT_IF_NOT_ALLOWED = "/not_allowed"

diff --git a/sample_app/views.py b/sample_app/views.py
@@ -1,3 +1,7 @@
+'''
+    (c) All rights reserved. ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE, Switzerland, VPSI, 2017
+'''
+
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.core.urlresolvers import reverse
@@ -7,7 +11,9 @@
 
 def index(request):
     user_info = request.user.__dict__
-    user_info.update(request.user.profile.__dict__)
+
+    if request.user.is_authenticated:
+        user_info.update(request.user.profile.__dict__)
 
     return render(request, 'index.html', {
         'user' : request.user,