模仿 USTC CAS 的程序,用于开发校内网站应用的本地调试。

Related tags

Testingustc-cas-mock
Overview

ustc-cas-mock

模仿 USTC CAS 的程序,用于开发校内网站应用阶段调试。

请勿在生产环境部署!

只测试了最常用的三个 CAS route:

/login
/serviceValidate(验证 CAS ticket)
/logout

没有测试过 proxy ticket。(因为我用不到,我也不知道怎么改)

Why?

USTCCAS 比较特别的一点是,用户可以用不同的用户名登录:GID 可以,学号也可以,并且学号可以是自入学以来所有的学号。在开发时,很多同学都不会注意这件事情,这会导致一个人可以用多个不同的「身份」登录系统(并且在科大呆的时间越长,身份的数量就越多),往往是非预期的。

第二点特别的是,CAS 系统限制仅允许 ustc.edu.cn 域名的 service 使用,于是在本地开发的时候就特别难受,虽然可以用……「某些方式」绕过去,但是如果你真的拿到了一个学校域名,上线前又要大改配置,不太好受。

这个仓库代码使用了一个魔改版的 django-mama-cas,因为默认的 callback 没法方便插入特定的逻辑。

关于返回的属性

本仓库的逻辑是返回 CAS 能够返回的所有的信息,但是实际上,USTCCAS 在未申请权限的情况下只会返回最基本的信息:GID 和登录用的用户名,这一点需要特别注意。

此外,在 attributes 的处理上,USTCCAS 和 CAS 3.0 标准不完全一致:

USTCCAS 类似于下面这样:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>登录用户名</cas:user>
<attributes>
<cas:gid>1234567</cas:gid>
</attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>

而 CAS 3.0 类似于:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
    <cas:authenticationSuccess>
        <cas:user>登录用户名</cas:user>
        <cas:attributes>
            <cas:gid>1234567</cas:gid>
        </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

USTCCAS 的 attributes 是 attributes 而不是 cas:attributes

此外:

  • 有一些属性我也没有完全搞清楚,比如说 xbm 我就不知道是啥,反正这个值好像正常情况下应该返回 1。
  • 关于人员在校状态码和人员分类码的信息,如果不适合公开,请联系我,我会立刻处理。

使用

首先配置虚拟环境,安装依赖,然后:

$ python manage.py migrate
$ python manage.py createsuperuser

然后可以使用创建的 superuser 登录 /admin 进行配置。需要注意,在添加用户后,还需要编辑用户,添加学号信息(学号值和顺序)。

当然,如果懒得配置,也可以在 cas 目录里直接:

$ curl -L https://github.com/taoky/ustc-cas-mock/releases/download/v0.1/test.sql | sqlite3 db.sqlite3

superuser 的 username/password 为 test/test。请注意在修改密码前确保服务仅本地可访问。

You might also like...
Comments
Releases(v0.1)
Owner
taoky
I compute, therefore I am.
taoky
GitHub Repository
FaceBot is a script to automatically create a facebook account using the selenium and chromedriver modules.

FaceBot is a script to automatically create a facebook account using the selenium and chromedriver modules. That way, we don't need to input full name, email and password and date of birth. All will

Fadjrir Herlambang 2 Jun 17, 2022
A utility for mocking out the Python Requests library.

Responses A utility library for mocking out the requests Python library. Note Responses requires Python 2.7 or newer, and requests = 2.0 Installing p

Sentry 3.8k Jan 03, 2023
One-stop solution for HTTP(S) testing.

HttpRunner HttpRunner is a simple & elegant, yet powerful HTTP(S) testing framework. Enjoy! ✨ 🚀 ✨ Design Philosophy Convention over configuration ROI

HttpRunner 3.5k Jan 04, 2023
Descriptor Vector Exchange

Descriptor Vector Exchange This repo provides code for learning dense landmarks without supervision. Our approach is described in the ICCV 2019 paper

James Thewlis 74 Nov 29, 2022
Auto-hms-action - Automation of NU Health Management System

🦾 Automation of NU Health Management System 🤖 長崎大学 健康管理システムの自動化 🏯 Usage / 使い方

k5-mot 3 Mar 04, 2022
Automated mouse clicker script using PyAutoGUI and Typer.

clickpy Automated mouse clicker script using PyAutoGUI and Typer. This app will randomly click your mouse between 1 second and 3 minutes, to prevent y

Joe Fitzgibbons 0 Dec 01, 2021
Automação de Processos (obtenção de informações com o Selenium), atualização de Planilha e Envio de E-mail.

Automação de Processo: Código para acompanhar o valor de algumas ações na B3. O código entra no Google Drive, puxa os valores das ações (pré estabelec

Hemili Beatriz 1 Jan 08, 2022
Python version of the Playwright testing and automation library.

🎭 Playwright for Python Docs | API Playwright is a Python library to automate Chromium, Firefox and WebKit browsers with a single API. Playwright del

Microsoft 7.8k Jan 02, 2023
A wrapper for webdriver that is a jumping off point for web automation.

Webdriver Automation Plus ===================================== Description: Tests the user can save messages then find them in search and Saved items

1 Nov 08, 2021
frwk_51pwn is an open-sourced remote vulnerability testing and proof-of-concept development framework

frwk_51pwn Legal Disclaimer Usage of frwk_51pwn for attacking targets without prior mutual consent is illegal. frwk_51pwn is for security testing purp

51pwn 4 Apr 24, 2022
Code coverage measurement for Python

Coverage.py Code coverage testing for Python. Coverage.py measures code coverage, typically during test execution. It uses the code analysis tools and

Ned Batchelder 2.3k Jan 04, 2023
A simple python script that uses selenium(chrome web driver),pyautogui,time and schedule modules to enter google meets automatically

A simple python script that uses selenium(chrome web driver),pyautogui,time and schedule modules to enter google meets automatically

3 Feb 07, 2022
pywinauto is a set of python modules to automate the Microsoft Windows GUI

pywinauto is a set of python modules to automate the Microsoft Windows GUI. At its simplest it allows you to send mouse and keyboard actions to windows dialogs and controls, but it has support for mo

3.8k Jan 06, 2023
Cornell record & replay mock server

Cornell: record & replay mock server Cornell makes it dead simple, via its record and replay features to perform end-to-end testing in a fast and isol

HiredScoreLabs 134 Sep 15, 2022
Argument matchers for unittest.mock

callee Argument matchers for unittest.mock More robust tests Python's mocking library (or its backport for Python 3.3) is simple, reliable, and easy

Karol Kuczmarski 77 Nov 03, 2022
Lightweight, scriptable browser as a service with an HTTP API

Splash - A javascript rendering service Splash is a javascript rendering service with an HTTP API. It's a lightweight browser with an HTTP API, implem

Scrapinghub 3.8k Jan 03, 2023
Ward is a modern test framework for Python with a focus on productivity and readability.

Ward is a modern test framework for Python with a focus on productivity and readability.

Darren Burns 1k Dec 31, 2022
Find index entries in $INDEX_ALLOCATION attributes

INDXRipper Find index entries in $INDEX_ALLOCATION attributes Timeline created using mactime.pl on the combined output of INDXRipper and fls. See: sle

32 Nov 05, 2022
FFPuppet is a Python module that automates browser process related tasks to aid in fuzzing

FFPuppet FFPuppet is a Python module that automates browser process related tasks to aid in fuzzing. Happy bug hunting! Are you fuzzing the browser? G

Mozilla Fuzzing Security 24 Oct 25, 2022
HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom

hey is a tiny program that sends some load to a web application. hey was originally called boom and was influenced from Tarek Ziade's tool at tarekzia

Jaana Dogan 14.9k Jan 07, 2023