From ef422bbd42a1953bca5f596e4702a20a20eee1e1 Mon Sep 17 00:00:00 2001
From: Massimo DiPierro <massimodipierro@Massimos-MacBook-Air.local>
Date: Sat, 3 Dec 2011 00:15:25 -0600
Subject: [PATCH] improved CAS

---
 VERSION                                 |  2 +-
 gluon/contrib/login_methods/cas_auth.py |  8 ++-
 gluon/tools.py                          | 68 +++++++++++++------------
 3 files changed, 43 insertions(+), 35 deletions(-)

diff --git a/VERSION b/VERSION
index 838afc20..27471d83 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 1.99.3 (2011-12-02 23:27:41) dev
+Version 1.99.3 (2011-12-03 00:15:24) dev
diff --git a/gluon/contrib/login_methods/cas_auth.py b/gluon/contrib/login_methods/cas_auth.py
index 6007f253..d53f3608 100644
--- a/gluon/contrib/login_methods/cas_auth.py
+++ b/gluon/contrib/login_methods/cas_auth.py
@@ -97,7 +97,13 @@ class CasAuth( object ):
             if data.startswith('yes') or data.startswith('no'):
                 data = data.split('\n')
                 if data[0]=='yes':
-                    a=b=c = data[1]
+                    if ':' in data[1]: # for Compatibility with Custom CAS
+                        items = data[1].split(':')
+                        a = items[0]
+                        b = len(items)>1 and items[1] or a
+                        c = len(items)>2 and items[2] or b
+                    else:
+                        a = b = c = data[1]
                     return dict(user=a,email=b,username=c)
                 return None
             import xml.dom.minidom as dom
diff --git a/gluon/tools.py b/gluon/tools.py
index a760cc11..90233ec0 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -1143,7 +1143,7 @@ class Auth(object):
             if args(1) == self.settings.cas_actions['login']:
                 return self.cas_login(version=2)
             elif args(1) == self.settings.cas_actions['validate']:
-                return self.cas_validate(version=1)
+                return self.cas_validate(version=2)
             elif args(1) == self.settings.cas_actions['servicevalidate']:
                 return self.cas_validate(version=2, proxy=False)
             elif args(1) == self.settings.cas_actions['proxyvalidate']:
@@ -1531,8 +1531,11 @@ class Auth(object):
                 ticket = row.ticket
             else:
                 ticket = 'ST-'+web2py_uuid()
-                table.insert(service=session._cas_service, user_id=self.user.id,
-                             ticket=ticket, created_on=request.now, renew=interactivelogin)
+                table.insert(service=session._cas_service,
+                             user_id=self.user.id,
+                             ticket=ticket,
+                             created_on=request.now,
+                             renew=interactivelogin)
             service = session._cas_service
             del session._cas_service
             if request.vars.has_key('warn'):
@@ -1558,6 +1561,7 @@ class Auth(object):
         ticket = request.vars.ticket
         renew = True if request.vars.has_key('renew') else False
         row = table(ticket=ticket)
+        success = False
         if row:
             if self.settings.login_userfield:
                 userfield = self.settings.login_userfield
@@ -1566,39 +1570,37 @@ class Auth(object):
             else:
                 userfield = 'email'
             # If ticket is a service Ticket and RENEW flag respected
-            if ticket[0:3] == 'ST-' and not ((row.renew and renew) ^ renew):
+            if ticket[0:3] == 'ST-' and \
+                    not ((row.renew and renew) ^ renew):
                 user = self.settings.table_user(row.user_id)
                 row.delete_record()
-                if version == 1:
-                    raise HTTP(200,'yes\n%s'%(user[userfield]))
-                # assume version 2
+                success = True
+        def build_response(body):
+            return '<?xml version="1.0" encoding="UTF-8"?>\n'+\
+                TAG['cas:serviceResponse'](
+                body,**{'_xmlns:cas':'http://www.yale.edu/tp/cas'}).xml()
+        if success:
+            if version == 1:
+                message = 'yes\n%s' % user[userfield]
+            else: # assume version 2
                 username = user.get('username',user[userfield])
-                raise HTTP(200,'<?xml version="1.0" encoding="UTF-8"?>\n'+\
-                    TAG['cas:serviceResponse'](
-                        TAG['cas:authenticationSuccess'](
-                            TAG['cas:user'](username),
-                            *[TAG['cas:'+field.name](user[field.name]) \
-                                  for field in self.settings.table_user \
-                                  if field.readable]),
-                        **{'_xmlns:cas':'http://www.yale.edu/tp/cas'}).xml())
-            else: 
-                raise HTTP(200,'<?xml version="1.0" encoding="UTF-8"?>\n'+\
-                    TAG['cas:serviceResponse'](
-                        TAG['cas:authenticationFailure'](),
-                        **{'_xmlns:cas':'http://www.yale.edu/tp/cas'}).xml())
-            # Delete ticket if not already done
-            row.delete_record()
-                
-        if version == 1:
-            raise HTTP(200,'no\n')
-        # assume version 2
-        raise HTTP(200,'<?xml version="1.0" encoding="UTF-8"?>\n'+\
-                       TAG['cas:serviceResponse'](
-                TAG['cas:authenticationFailure'](
-                    'Ticket %s not recognized' % ticket,
-                    _code='INVALID TICKET'),
-                **{'_xmlns:cas':'http://www.yale.edu/tp/cas'}).xml())
-
+                message = build_response(
+                    TAG['cas:authenticationSuccess'](
+                        TAG['cas:user'](username),
+                        *[TAG['cas:'+field.name](user[field.name]) \
+                              for field in self.settings.table_user \
+                              if field.readable]))
+        else:
+           if version == 1:
+               message = 'no\n'
+           elif row:
+               message = build_response(TAG['cas:authenticationFailure']())
+           else:
+               message = build_response(
+                   TAG['cas:authenticationFailure'](
+                       'Ticket %s not recognized' % ticket,
+                       _code='INVALID TICKET'))
+        raise HTTP(200,message)
 
     def login(
         self,