CAS: Améliore traitement des erreurs
This commit is contained in:
parent
a34702d247
commit
dd6ca9b188
@ -231,12 +231,11 @@ def create_app(config_class=DevConfig):
|
||||
CAS(app, url_prefix="/cas")
|
||||
app.wsgi_app = ReverseProxied(app.wsgi_app)
|
||||
app.json_encoder = ScoDocJSONEncoder
|
||||
app.logger.setLevel(logging.INFO)
|
||||
|
||||
# Evite de logguer toutes les requetes dans notre log
|
||||
logging.getLogger("werkzeug").disabled = True
|
||||
|
||||
app.config.from_object(config_class)
|
||||
# Evite de logguer toutes les requetes dans notre log
|
||||
logging.getLogger("werkzeug").disabled = True
|
||||
app.logger.setLevel(app.config["LOG_LEVEL"])
|
||||
|
||||
# Vérifie/crée lien sym pour les URL statiques
|
||||
link_filename = f"{app.root_path}/static/links/{sco_version.SCOVERSION}"
|
||||
|
@ -11,6 +11,7 @@ from flask_login import login_user
|
||||
from app.auth import bp
|
||||
from app.auth.models import User
|
||||
from app.models.config import ScoDocSiteConfig
|
||||
from app.scodoc.sco_exceptions import ScoValueError
|
||||
|
||||
# after_cas_login/after_cas_logout : routes appelées par redirect depuis le serveur CAS.
|
||||
|
||||
@ -61,6 +62,11 @@ def after_cas_logout():
|
||||
return flask.redirect(url_for("scodoc.index"))
|
||||
|
||||
|
||||
def cas_error_callback(message):
|
||||
"Called by CAS when an error occurs, with a message"
|
||||
raise ScoValueError(f"Erreur authentification CAS: {message}")
|
||||
|
||||
|
||||
def set_cas_configuration(app: flask.app.Flask = None):
|
||||
"""Force la configuration du module flask_cas à partir des paramètres de
|
||||
la config de ScoDoc.
|
||||
@ -71,6 +77,7 @@ def set_cas_configuration(app: flask.app.Flask = None):
|
||||
app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server")
|
||||
app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login"
|
||||
app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout"
|
||||
app.config["CAS_ERROR_CALLBACK"] = cas_error_callback
|
||||
app.config["CAS_SSL_VERIFY"] = ScoDocSiteConfig.get("cas_ssl_verify")
|
||||
app.config["CAS_SSL_CERTIFICATE"] = ScoDocSiteConfig.get("cas_ssl_certificate")
|
||||
else:
|
||||
|
10
config.py
10
config.py
@ -1,7 +1,7 @@
|
||||
# -*- coding: UTF-8 -*
|
||||
|
||||
import os
|
||||
import uuid
|
||||
import logging
|
||||
from dotenv import load_dotenv
|
||||
|
||||
BASEDIR = os.path.abspath(os.path.dirname(__file__))
|
||||
@ -16,6 +16,7 @@ class Config:
|
||||
SECRET_KEY = os.environ.get("SECRET_KEY") or "90e01e75831e4276a4c70d29564b425f"
|
||||
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||
LOG_TO_STDOUT = os.environ.get("LOG_TO_STDOUT")
|
||||
LOG_LEVEL = getattr(logging, os.environ.get("LOG_LEVEL", "INFO"), "INFO")
|
||||
MAIL_SERVER = os.environ.get("MAIL_SERVER", "localhost")
|
||||
MAIL_PORT = int(os.environ.get("MAIL_PORT", 25))
|
||||
MAIL_USE_TLS = os.environ.get("MAIL_USE_TLS") is not None
|
||||
@ -40,13 +41,6 @@ class Config:
|
||||
# Pour conserver l'ordre des objets dans les JSON:
|
||||
# e.g. l'ordre des UE dans les bulletins
|
||||
JSON_SORT_KEYS = False
|
||||
# STATIC_URL_PATH = "/ScoDoc/static"
|
||||
# static_folder = "stat"
|
||||
# SERVER_NAME = os.environ.get("SERVER_NAME")
|
||||
# XXX temporaire: utiliser SiteConfig
|
||||
CAS_SERVER = os.environ.get("CAS_SERVER")
|
||||
CAS_AFTER_LOGIN = os.environ.get("CAS_AFTER_LOGIN")
|
||||
CAS_AFTER_LOGOUT = os.environ.get("CAS_AFTER_LOGOUT")
|
||||
|
||||
|
||||
class ProdConfig(Config):
|
||||
|
@ -113,7 +113,7 @@ def validate(ticket):
|
||||
|
||||
cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"]
|
||||
cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"]
|
||||
|
||||
cas_error_callback = current_app.config.get("CAS_ERROR_CALLBACK")
|
||||
current_app.logger.debug("validating token {0}".format(ticket))
|
||||
|
||||
cas_validate_url = create_cas_validate_url(
|
||||
@ -140,6 +140,8 @@ def validate(ticket):
|
||||
ssl_context.load_verify_locations(cadata=ca_data)
|
||||
except (ssl.SSLError, ValueError):
|
||||
current_app.logger.error("CAS : error loading SSL cert.")
|
||||
if cas_error_callback:
|
||||
cas_error_callback("erreur chargement certificat SSL CAS (PEM)")
|
||||
return False
|
||||
else:
|
||||
ssl_context = None
|
||||
@ -159,8 +161,13 @@ def validate(ticket):
|
||||
)
|
||||
except ValueError:
|
||||
current_app.logger.error("CAS returned unexpected result")
|
||||
if cas_error_callback:
|
||||
cas_error_callback("réponse invalide du serveur CAS")
|
||||
except URLError:
|
||||
current_app.logger.error("CAS : error validating token: check SSL certificate")
|
||||
cas_error_callback(
|
||||
"erreur connexion au serveur CAS: vérifiez le certificat SSL"
|
||||
)
|
||||
|
||||
if isValid:
|
||||
current_app.logger.debug("valid")
|
||||
|
Loading…
x
Reference in New Issue
Block a user