Add javascript login function allow service A to log user to service B via javascript

CORS need to be correctly configured if not this can lead to security issues.
Please do not put Access-Control-Allow-Origin: "*".
You can use django-cors-headers to properly configure CORS

cas_server/utils.py

@@ -14,11 +14,12 @@ from .default_settings import settings
 
 from django.utils.importlib import import_module
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
+from django.contrib import messages
 
 import random
 import string
-
+import json
 
 try:
     from urlparse import urlparse, urlunparse, parse_qsl
@@ -27,6 +28,13 @@ except ImportError:
     from urllib.parse import urlparse, urlunparse, parse_qsl, urlencode
 
 
+def JsonResponse(request, data):
+    data["messages"] = []
+    for msg in messages.get_messages(request):
+        data["messages"].append({'message': msg.message, 'level': msg.level_tag})
+    return HttpResponse(json.dumps(data), content_type="application/json")
+
+
 def import_attr(path):
     """transform a python module.attr path to the attr"""
     if not isinstance(path, str):
@@ -42,6 +50,12 @@ def redirect_params(url_name, params=None):
     return HttpResponseRedirect(url + "?%s" % params)
 
 
+def reverse_params(url_name, params=None, **kwargs):
+    url = reverse(url_name, **kwargs)
+    params = urlencode(params if params else {})
+    return url + "?%s" % params
+
+
 def update_url(url, params):
     """update params in the `url` query string"""
     if not isinstance(url, bytes):