From 209b0ebaac1a9c5c72108eee1cb64ef23fc9de3e Mon Sep 17 00:00:00 2001
From: Philip Sahli <philip@sahli.net>
Date: Sat, 31 Mar 2018 15:57:55 +0200
Subject: [PATCH] develop csrf debug false work #23

---
 tumbo/aaa/cas/authentication.py |  8 ++++++--
 tumbo/aaa/cas/pipeline.py       |  3 +++
 tumbo/aaa/cas/views.py          |  2 ++
 tumbo/aaa/pipeline.py           | 11 +++++++----
 tumbo/aaa/tests.py              | 26 ++++++++++++++++++--------
 tumbo/core/tests.py             |  4 ++++
 tumbo/tumbo/dev.py              | 16 ++++++++--------
 tumbo/tumbo/dev_kubernetes.py   |  3 ++-
 tumbo/ui/views.py               |  1 +
 9 files changed, 51 insertions(+), 23 deletions(-)

diff --git a/tumbo/aaa/cas/authentication.py b/tumbo/aaa/cas/authentication.py
index a400fa6..9e9ce9a 100644
--- a/tumbo/aaa/cas/authentication.py
+++ b/tumbo/aaa/cas/authentication.py
@@ -11,6 +11,7 @@
 
 from core.models import Base
 from core.utils import read_jwt
+import django.contrib.sessions.backends.cache
 
 User = get_user_model()
 
@@ -20,10 +21,11 @@
 def cas_login(function):
     def wrapper(request, *args, **kwargs):
         # logger.debug("authenticate %s" % request.user)
-        user=request.user
+        user = request.user
 
         # if logged in
         if request.user.is_authenticated():
+            #import pdb; pdb.set_trace()
             logger.info("user.is_authenticated with user %s" % request.user.username)
             logger.info("user has internalid: %s" % request.user.authprofile.internalid)
             return function(request, *args, **kwargs)
@@ -49,7 +51,8 @@ def wrapper(request, *args, **kwargs):
             cas_ticketverify=reverse('cas-ticketverify')
             cas_ticketverify+="?ticket=%s&service=%s" % (ticket, service_full)
             host = urlparse(request.build_absolute_uri()).netloc
-            response = requests.get("https://%s%s" % (host, cas_ticketverify))
+            # TODO: normally with https
+            response = requests.get("http://%s%s" % (host, cas_ticketverify))
             logger.info("Response from verify: " + str(response.status_code))
             logger.info("Response from verify: " + response.text)
 
@@ -63,6 +66,7 @@ def wrapper(request, *args, **kwargs):
             auth_login(request, user)
 
             request.session['cookie_path'] = "/userland/%s/%s" % (base.user.username, base.name)
+            logger.info("Setting cookie_path to: " % request.session['cookie_path'])
             request.session.cycle_key()
 
             # user is logged in successfully, redirect to service URL
diff --git a/tumbo/aaa/cas/pipeline.py b/tumbo/aaa/cas/pipeline.py
index e3d0ff3..cba8e7f 100644
--- a/tumbo/aaa/cas/pipeline.py
+++ b/tumbo/aaa/cas/pipeline.py
@@ -1,6 +1,7 @@
 import logging
 
 from aaa.cas.models import Ticket
+from core.models import AuthProfile
 
 
 logger = logging.getLogger(__name__)
@@ -14,6 +15,8 @@ def create_ticket(backend, user, response, *args, **kwargs):
     logger.info("create_ticket pipeline for user %s started" % user.username)
 
     # workaround for creating internalid
+    auth, created = AuthProfile.objects.get_or_create(user=user)
+    user.authprofile = auth
     user.authprofile.internalid = user.authprofile.internalid
     user.authprofile.save()
 
diff --git a/tumbo/aaa/cas/views.py b/tumbo/aaa/cas/views.py
index 2f1ab95..f5acc5e 100644
--- a/tumbo/aaa/cas/views.py
+++ b/tumbo/aaa/cas/views.py
@@ -12,6 +12,7 @@
 from django.shortcuts import redirect, render
 from django.http import HttpResponse
 from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
 
 from core.utils import create_jwt
 from core.models import Base
@@ -22,6 +23,7 @@
 
 logger = logging.getLogger(__name__)
 
+@csrf_exempt
 def loginpage(request):
     """
     If a user wants to login, he opens the url named `cas-login`, which renders the cas_loginpage.html.
diff --git a/tumbo/aaa/pipeline.py b/tumbo/aaa/pipeline.py
index 6f524e2..ee4a0a8 100644
--- a/tumbo/aaa/pipeline.py
+++ b/tumbo/aaa/pipeline.py
@@ -2,16 +2,19 @@
 from django.conf import settings
 
 def _is_member(user, group):
+    print user, group
     print user.groups.filter(name=group).exists()
     return user.groups.filter(name=group).exists()
 
 def restrict_user(backend, user, response, *args, **kwargs):
+    print backend
     if user.is_superuser: return
 
-    group = getattr(settings, "SOCIAL_AUTH_USER_GROUP", None)
-    if group:
-        if not _is_member(user, group):
-            return HttpResponse("Login forbidden.")
+    #group = getattr(settings, "SOCIAL_AUTH_USER_GROUP", None)
+    #if group:
+    #    if not _is_member(user, group):
+    #        return HttpResponse("Login forbidden.")
 
 def redirect_with_ticket_to_service(backend, user, response, *args, **kwargs):
+    print backend, user, response, args, str(kwargs)
     response = redirect(service+"?ticket=aaa")
diff --git a/tumbo/aaa/tests.py b/tumbo/aaa/tests.py
index 7ecfb10..4d2863b 100644
--- a/tumbo/aaa/tests.py
+++ b/tumbo/aaa/tests.py
@@ -34,6 +34,7 @@ def _setup(self):
 
     def test_login_to_console(self):
         self.client1.login(username='user1', password='pass')
+        self.client1.logout()
         response = self.client1.get(reverse('console'))
         self.assertEqual(200, response.status_code)
 
@@ -48,18 +49,13 @@ def test_step1_login_to_cas_with_service_redirects_to_service_with_ticket(self):
         self._setup()
         response = self.client1.post(self.cas_login_url, {'username':'user1', 'password': 'pass', 'service': self.userland_home})
         self.assertEqual(302, response.status_code)
-        try:
-            self.assertTrue(("?ticket=" in response['Location']))
-        except Exception, e:
-            logger.error(response['Location'])
-            #print response['Location']
-            raise e
+        self.assertTrue(("http://testserver/userland/user1/base1/static/index.html?ticket=" in response['Location']))
         return response['Location']
 
     def test_step2_service_calls_cas_url_to_verify_ticket(self):
         #self._setup()
-        url = self.test_step1_login_to_cas_with_service_redirects_to_service_with_ticket()
-        qs = urlparse(url).query
+        self.url = self.test_step1_login_to_cas_with_service_redirects_to_service_with_ticket()
+        qs = urlparse(self.url).query
         self.cas_ticketverify+="?%s&service=%s" % (qs, self.userland_home)
         self.client1.logout()
         self.response = self.client1.get(self.cas_ticketverify)
@@ -69,3 +65,17 @@ def test_step2_verify_ticket_returns_readable_token(self):
         self.test_step2_service_calls_cas_url_to_verify_ticket()
         username, data = read_jwt(self.response.content, settings.SECRET_KEY)
         User.objects.get(username=username)
+
+    def test_call_service_with_ticket(self):
+        url = self.test_step1_login_to_cas_with_service_redirects_to_service_with_ticket()
+        print url
+
+        self.response = self.client1.get(url)
+        print self.response._headers
+        # expect 404 because worker is not running
+        self.assertEqual(404, self.response.status_code)
+        #self.assertContains("asdf", self.response.content)
+
+        # if successfull, we receive a Set-Cookie Header
+        #import pdb; pdb.set_trace()
+
diff --git a/tumbo/core/tests.py b/tumbo/core/tests.py
index 426c204..5d836ef 100644
--- a/tumbo/core/tests.py
+++ b/tumbo/core/tests.py
@@ -72,6 +72,10 @@ def setUp(self, distribute_mock):
         setting.value = "setting2_value"
         setting.save()
 
+        #self.client1 = Client(enforce_csrf_checks=True)  # logged in with objects
+        #self.client2 = Client(enforce_csrf_checks=True)  # logged in without objects
+        #self.client3 = Client(enforce_csrf_checks=True)  # not logged in
+        
         self.client1 = Client()  # logged in with objects
         self.client2 = Client()  # logged in without objects
         self.client3 = Client()  # not logged in
diff --git a/tumbo/tumbo/dev.py b/tumbo/tumbo/dev.py
index 12d6e97..d17993c 100644
--- a/tumbo/tumbo/dev.py
+++ b/tumbo/tumbo/dev.py
@@ -74,14 +74,14 @@
         'token': os.environ.get('DIGITALOCEAN_CONFIG', None),
         'zone': os.environ.get('DIGITALOCEAN_ZONE', None)
     },
-    'core.plugins.datastore': {
-        'ENGINE': "django.db.backends.postgresql_psycopg2",
-        'HOST': "127.0.0.1",
-        'PORT': "15432",
-        'NAME': "store",
-        'USER': "store",
-        'PASSWORD': "store123"
-    }
+    #'core.plugins.datastore': {
+    #    'ENGINE': "django.db.backends.postgresql_psycopg2",
+    #    'HOST': "127.0.0.1",
+    #    'PORT': "15432",
+    #    'NAME': "store",
+    #    'USER': "store",
+    #    'PASSWORD': "store123"
+    #}
 }
 
 TUMBO_SCHEDULE_JOBSTORE = "sqlite:////tmp/jobstore.db"
diff --git a/tumbo/tumbo/dev_kubernetes.py b/tumbo/tumbo/dev_kubernetes.py
index 8cc11b3..92f82c5 100644
--- a/tumbo/tumbo/dev_kubernetes.py
+++ b/tumbo/tumbo/dev_kubernetes.py
@@ -87,7 +87,8 @@
 
 TUMBO_SCHEDULE_JOBSTORE = "sqlite:////tmp/jobstore.db"
 
-REDIS_METRICS['PASSWORD'] = os.environ.get('CACHE_ENV_REDIS_PASS', None)
+if os.environ.get('CACHE_ENV_REDIS_PASS', None):
+    REDIS_METRICS['PASSWORD'] = os.environ.get('CACHE_ENV_REDIS_PASS')
 
 #TEMPLATE_LOADERS += (
 #     'core.loader.DevLocalRepositoryPathLoader',
diff --git a/tumbo/ui/views.py b/tumbo/ui/views.py
index 4217404..2458488 100644
--- a/tumbo/ui/views.py
+++ b/tumbo/ui/views.py
@@ -38,6 +38,7 @@ def home(request):
 def profile(request):
     """Home view, displays login mechanism"""
     auth, created = AuthProfile.objects.get_or_create(user=request.user)
+    print auth, created
     if not request.user.is_authenticated():
         raise Exception("Not Logged in")