Add javascript login function allow service A to log user to service B via javascript

CORS need to be correctly configured if not this can lead to security issues. Please do not put Access-Control-Allow-Origin: "*". You can use django-cors-headers to properly configure CORS
2015-11-17 14:50:16 +01:00
parent ee987f6d00
commit 9df1cd2e31
3 changed files with 149 additions and 25 deletions
--- a/cas_server/static/cas_server/cas.js
+++ b/cas_server/static/cas_server/cas.js
@ -0,0 +1,53 @@
+function cas_login(cas_server_login, service, login_service){
+  url = cas_server_login + '?service=' + encodeURIComponent(service);
+  $.ajax({
+    type: 'GET',
+    url:url,
+    beforeSend: function (request) {   
+      request.setRequestHeader("X-AJAX", "1");
+    },
+    xhrFields: {
+      withCredentials: true
+    },
+    success: function(data, textStatus, request){
+      if(data.status == 'success'){
+        $.ajax({
+          type: 'GET',
+          url: data.url,
+          xhrFields: {
+            withCredentials: true
+          },
+        });
+      } else {
+        if(data.detail == "login required"){
+          window.location.href = cas_server_login + '?service=' + encodeURIComponent(login_service);
+        } else {
+          alert('error: ' + data.messages[1].message);
+        }
+      }
+    },
+    error: function (request, textStatus, errorThrown) {},
+  });
+}
+
+function cas_logout(cas_server_logout){
+  $.ajax({
+    type: 'GET',
+    url:cas_server_logout,
+    beforeSend: function (request) {   
+      request.setRequestHeader("X-AJAX", "1");
+    },
+    xhrFields: {
+      withCredentials: true
+    },
+    error: function (request, textStatus, errorThrown) {},
+    success: function(data, textStatus, request){
+      if(data.status == 'error'){
+        alert('error: ' + data.messages[1].message);
+      }
+    },
+  });
+}
+    
+
+