新增cas登录认证

.env.list

@@ -16,3 +16,9 @@ CSRF_TRUSTED_ORIGINS=http://127.0.0.1:9123
 Q_CLUSTER_WORKERS=4
 Q_CLUSTER_TIMEOUT=60
 Q_CLUISTER_SYNC=false
+
+# https://djangocas.dev/docs/latest/
+ENABLE_CAS=false
+CAS_SERVER_URL=https://sso.chinawayltd.com
+CAS_VERSION=2
+SECURE_SSL_REDIRECT=false

archery/settings.py

@@ -363,10 +363,38 @@
     )  # 每次登录从ldap同步用户信息
     AUTH_LDAP_USER_ATTR_MAP = env("AUTH_LDAP_USER_ATTR_MAP")
 
+# CAS认证
+ENABLE_CAS = env("ENABLE_CAS", default=False)
+if ENABLE_CAS:
+    INSTALLED_APPS += ("django_cas_ng",)
+    MIDDLEWARE += ("django_cas_ng.middleware.CASMiddleware",)
+    AUTHENTICATION_BACKENDS = (
+        "common.authenticate.cas_auth.CASAuthenticationBackend",
+        "django.contrib.auth.backends.ModelBackend",
+    )
+
+    # CAS 的地址
+    CAS_SERVER_URL = env("CAS_SERVER_URL")
+    # CAS 版本
+    CAS_VERSION = env("CAS_VERSION")
+    # 存入所有 CAS 服务端返回的 User 数据。
+    CAS_APPLY_ATTRIBUTES_TO_USER = True
+    # 关闭浏览器退出登录
+    SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    #  忽略  SSL  证书校验
+    CAS_VERIFY_SSL_CERTIFICATE = env("CAS_VERIFY_SSL_CERTIFICATE", default=False)
+    #  忽略来源验证
+    CAS_IGNORE_REFERER = True
+    # https请求问题
+    CAS_FORCE_SSL_SERVICE_URL = env("CAS_FORCE_SSL_SERVICE_URL", default=False)
+    CAS_RETRY_LOGIN = True
+    CAS_RETRY_TIMEOUT = 1
+
 SUPPORTED_AUTHENTICATION = [
     ("LDAP", ENABLE_LDAP),
     ("DINGDING", ENABLE_DINGDING),
     ("OIDC", ENABLE_OIDC),
+    ("CAS", ENABLE_CAS),
 ]
 # 计算当前启用的外部认证方式数量
 ENABLE_AUTHENTICATION_COUNT = len(

common/authenticate/cas_auth.py

@@ -0,0 +1,25 @@
+from django.contrib.auth.models import User
+from django_cas_ng.backends import CASBackend
+
+
+class CASAuthenticationBackend(CASBackend):
+    def get_user_info_ldap(self, user: User):
+        """
+        If CAS uses LDAP as the database, it can read user information from LDAP.
+        Using the django_auth_ldap module to search for LDAP user information
+        """
+        from django_auth_ldap.backend import LDAPBackend
+
+        ldap_backend = LDAPBackend()
+        try:
+            ldap_user = ldap_backend.populate_user(user.username)
+            if ldap_user is None:
+                return None
+            # Retrieve field information based on the LDAP attribute map.
+            user.email = ldap_user.ldap_user.attrs["mail"][0]
+            user.display = ldap_user.ldap_user.attrs["cn"][0]
+            # If the Feishu app ID has been configured, query the user ID.
+            return user
+        except Exception as e:
+            print(str(e))
+            return None

requirements.txt

@@ -39,4 +39,5 @@ alibabacloud_dysmsapi20170525==2.0.9
 tencentcloud-sdk-python==3.0.656
 mozilla-django-oidc==3.0.0
 django-auth-dingding==0.0.3
+django-cas-ng==4.3.0
 cassandra-driver

sql/urls.py

@@ -1,5 +1,5 @@
 # -*- coding: UTF-8 -*-
-
+from django.conf import settings
 from django.urls import path
 from django.views.i18n import JavaScriptCatalog
 
@@ -31,9 +31,7 @@
     path("", views.index),
     path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
     path("index/", views.index),
-    path("login/", views.login, name="login"),
     path("login/2fa/", views.twofa, name="twofa"),
-    path("logout/", auth.sign_out),
     path("signup/", auth.sign_up),
     path("sqlworkflow/", views.sqlworkflow),
     path("submitsql/", views.submit_sql),
@@ -163,3 +161,20 @@
     path("user/list/", user.lists),
     path("user/qrcode/<str:data>/", totp.generate_qrcode),
 ]
+if settings.ENABLE_CAS:
+    import django_cas_ng.views
+
+    urlpatterns += [
+        path("login/", django_cas_ng.views.LoginView.as_view(), name="cas-login"),
+        path("logout/", django_cas_ng.views.LogoutView.as_view(), name="cas-logout"),
+        path(
+            "callback/",
+            django_cas_ng.views.CallbackView.as_view(),
+            name="cas-proxy-callback",
+        ),
+    ]
+else:
+    urlpatterns += [
+        path("login/", views.login, name="login"),
+        path("logout/", auth.sign_out),
+    ]