Revision 60de282a

b/aai/middleware.py
19 19
            try:
20 20
                user = SynnefoUser.objects.get(auth_token = request.META[self.auth_token])
21 21
            except SynnefoUser.DoesNotExist:
22
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
22
                return HttpResponseRedirect(settings.LOGIN_PATH)
23 23

  
24 24
            #Check user's auth token
25 25
            if (time.time() -
26 26
                time.mktime(user.auth_token_created.timetuple()) +
27 27
                settings.AUTH_TOKEN_DURATION * 3600) > 0:
28 28
                #The user's token has expired, re-login
29
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
29
                return HttpResponseRedirect(settings.LOGIN_PATH)
30 30

  
31 31
            request.user = user
32 32
            return
......
37 37
            #SIB headers when coming from a URL whitelist,
38 38
            #or a similar form of restriction
39 39
            if request.get_host() not in settings.SHIBBOLETH_WHITELIST.keys():
40
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
40
                return HttpResponseRedirect(settings.LOGIN_PATH)
41 41

  
42 42
            user = None
43 43
            try:
......
58 58
                    response.status_code = 302
59 59
                    return response
60 60
                else:
61
                    return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
61
                    return HttpResponseRedirect(settings.LOGIN_PATH)
62 62

  
63 63
            #User and authentication token valid, user allowed to proceed
64 64
            return
......
87 87

  
88 88
        if settings.TEST:
89 89
            if 'TEST-AAI' in request.META:
90
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
90
                return HttpResponseRedirect(settings.LOGIN_PATH)
91 91
        else:
92
            #No authentication info found in headers, redirect to Shibboleth
93
            return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
92
            #Avoid redirect loops
93
            if 'Referer' in request.META and request.META['Referer'].endswith(settings.LOGIN_PATH):
94
                return
95
            else :
96
                #No authentication info found in headers, redirect to Shibboleth
97
                return HttpResponseRedirect(settings.LOGIN_PATH)
94 98

  
95 99
    def process_response(self, request, response):
96 100
        #Tell proxies and other interested parties that the
b/aai/tests.py
90 90
        self.assertTrue('Vary' in response)
91 91
        self.assertTrue('X-Auth-Token' in response['Vary'])
92 92

  
93

  
94
    def test_shibboleth_redirect_loop(self):
95
        """
96
        """
97
        response = self.client.get(self.apibase + '/servers', {},
98
                                    **{'Referer' : settings.LOGIN_PATH,
99
                                    'TEST-AAI' : 'true'})
100
        self.assertEquals(response.status_code, 200)
101
        
102

  
93 103
    def test_fail_oapi_auth(self):
94 104
        """ test authentication from not registered user using OpenAPI
95 105
        """
......
115 125
    def _test_redirect(self, response):
116 126
        self.assertEquals(response.status_code, 302)
117 127
        self.assertTrue('Location' in response)
118
        self.assertEquals(response['Location'], settings.SHIBBOLETH_HOST)
128
        self.assertTrue(response['Location'].endswith(settings.LOGIN_PATH))
119 129

  
120 130
    def _update_user_ts(self, user):
121 131
        user.auth_token_created = (datetime.now() -
b/settings.py.dist
167 167
# to its resources. Thus, it needs to know its public URL.
168 168
API_ROOT_URL = 'http://127.0.0.1:8000/api/'
169 169

  
170
SHIBBOLETH_HOST = "http://wayf.grnet.gr/"
170
LOGIN_PATH = "/okeanos/login"
171 171

  
172 172
SHIBBOLETH_WHITELIST = {
173 173
    'localhost' : '127.0.0.1',

Also available in: Unified diff