# Opus Magnum Submitter with CAS Authentication

A simple Django application that demonstrates CAS (Central Authentication Service) integration with PolyLAN's CAS server at https://polylan.ch/cas/.

## Features

- 🔐 CAS authentication with PolyLAN
- 👤 Automatic user creation with custom attributes
- 🏷️ CAS groups and permissions storage
- 🏠 Protected home page requiring authentication
- 🌍 Public page accessible without authentication
- 🚪 Clean login/logout functionality
- 📱 Responsive web interface
- 🛠️ Admin interface for user management

## Quick Start

1. **Install dependencies:**
   ```bash
   pip install -e .
   ```

2. **Run database migrations:**
   ```bash
   cd opus_submitter
   uv run manage.py migrate
   ```

3. **Create a superuser (optional, for admin access):**
   ```bash
   uv run manage.py createsuperuser
   ```

4. **Start the development server:**
   ```bash
   uv run manage.py runserver localhost:7777
   ```

5. **Access the application:**
   - Open your browser to http://localhost:7777/
   - Try the public page: http://localhost:7777/public/
   - Login with CAS to access protected features
   - Admin interface: http://localhost:7777/admin/ (requires superuser)

## How It Works

### Authentication Flow

1. User visits a protected page (e.g., home page)
2. Django redirects to `/cas/login/`
3. CAS redirects to PolyLAN CAS server: `https://polylan.ch/cas/login`
4. User enters credentials on PolyLAN
5. CAS validates credentials and redirects back with a service ticket
6. Django validates the ticket with the CAS server
7. User is authenticated and redirected to the requested page

### Configuration

The CAS configuration is in `opus_submitter/settings.py`:

```python
# CAS Authentication Settings
CAS_SERVER_URL = 'https://polylan.ch/cas/'
CAS_VERSION = '3'
CAS_CREATE_USER = True
CAS_LOGOUT_COMPLETELY = True
```

### URLs

- `/` - Protected home page (requires authentication)
- `/public/` - Public page (no authentication required)
- `/cas/login/` - CAS login endpoint
- `/cas/logout/` - CAS logout endpoint
- `/admin/` - Django admin (requires staff privileges)

## Project Structure

```
opus_submitter/
├── manage.py
├── opus_submitter/
│   ├── __init__.py
│   ├── settings.py      # Django settings with CAS configuration
│   ├── urls.py          # URL routing with CAS endpoints
│   ├── wsgi.py
│   └── asgi.py
└── templates/
    ├── base.html        # Base template with navigation
    ├── home.html        # Protected home page
    └── public.html      # Public page
```

## Dependencies

- Django 5.2.7+
- django-cas-ng 5.0.1+ (CAS client for Django)
- requests 2.31.0+ (HTTP library for CAS communication)

## Development

To modify the CAS configuration:

1. Edit `CAS_SERVER_URL` in `settings.py` if using a different CAS server
2. Adjust `CAS_VERSION` if needed (supports CAS 1.0, 2.0, and 3.0)
3. Set `CAS_CREATE_USER = False` if you don't want automatic user creation

## Testing

1. Visit http://127.0.0.1:8000/public/ (should work without login)
2. Visit http://127.0.0.1:8000/ (should redirect to CAS login)
3. Login with your PolyLAN credentials
4. Verify you're redirected back and can see user information
5. Test logout functionality

## Notes

- This is a development setup with `DEBUG = True`
- For production, update `SECRET_KEY`, set `DEBUG = False`, and configure `ALLOWED_HOSTS`
- The application automatically creates Django users from CAS authentication
- User information is populated from CAS attributes when available