summaryrefslogtreecommitdiffstats
path: root/idp/extra/modules/root.ptl
blob: a38dbf84cd86a456498606882d6cb91ce0e7cae2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
import lasso

from quixote import redirect
from qommon import get_cfg, get_logger
from qommon.form import *
from qommon import template
import authentic.root

from authentic import identities
from authentic import misc

import directory
import store
import admin

OldRootDirectory = authentic.root.RootDirectory


class AlternateRootDirectory(OldRootDirectory):
    backoffice = None
    admin = admin.AdminRootDirectory()

    def __init__(self):
        OldRootDirectory.__init__(self)
        self._q_exports = OldRootDirectory._q_exports + ['backoffice']

    def _q_index [html] (self):
        session = get_session()
        if not session or not session.user:
            return self.login()

        user = get_session().get_user_object()
        if user.is_admin():
            return redirect('/backoffice/')

        template.html_top()

        all_services = directory.get_services()

        collectivity = user.get_collectivity()
        service_instances = directory.get_service_instances(collectivity)

        providers = get_cfg('providers', {})
        '<ul>'
        for service in service_instances:
            service_type = directory.get_service(service.cdg59serviceType)
            service_label = service_type.cn
            service_description = service_type.description

            if service_type.cdg59isGlobal:
                url = service_type.cdg59URL
            else:
                url = service.cdg59URL

            if service.cdg59metadataURL:
                try:
                    klp = [x for x, y in providers.items() if \
                        service.cdg59metadataURL == y.get('metadata_url')] [0]
                except IndexError:
                    # bad, unregistered saml provider
                    pass
                else:
                    try:
                        provider, unused_label = misc.get_provider_and_label(klp)
                    except KeyError:
                        pass
                    else:
                        if provider.getProtocolConformance() == lasso.PROTOCOL_SAML_2_0:
                            url = 'saml/sp/%s/login' % klp
                        else:
                            url = 'liberty/sp/%s/login' % klp

            if url in (service_type.cdg59URL, service.cdg59URL):
                label = _('Go to %s') % service_label
            else:
                label = _('Log on %s') % service_label

            '<li><a href="%s">%s</a>' % (url, label)
            if service_description:
                ' <p class="service_description">%s</p>' % service_description
            '</li>'

        '</ul>'



        if user.is_admin():
            '<p>'
            '<a href="/admin/">%s</a> - ' % _('Administration Interface')
            '<a href="/backoffice/">%s</a> - ' % _('Back Office Interface')
            '<a href="/singleLogout">%s</a>' % _('Logout')
            '</p>'
        elif user.is_local_admin():
            '<p>'
            '<a href="/backoffice/">%s</a> - ' % _('Back Office Interface')
            '<a href="/singleLogout">%s</a>' % _('Logout')
            '</p>'
        else:
            '<p>'
            '<a href="/singleLogout">%s</a>' % _('Logout')
            '</p>'

    def _q_traverse(self, path):
        get_publisher().store = identities.load_store()
        if not self.backoffice:
            self.backoffice = get_publisher().backoffice_directory_class()
        session = get_session()
        if session:
            identities.get_store().connect(session)
        return OldRootDirectory._q_traverse(self, path)

    def get_login_form(self):
        form = OldRootDirectory.get_login_form(self)
        try:
            collectivities = directory.get_sorted_collectivities()
        except directory.UnconfiguredError:
            return form
        collectivities = [(x.dn, x.cn) for x in collectivities]
        password_widget = form.widgets[-1]
        form.widgets.remove(password_widget)
        form.add(SingleSelectWidget, 'collectivity', title = _('Collectivity'), required = True,
                options = collectivities)
        form.widgets.append(password_widget)
        return form

    def login_submit(self, form):
        try:
            store = directory.get_store()
        except directory.UnconfiguredError:
            return OldRootDirectory.login_submit(form)

        username = form.get_widget('username').parse()
        password = form.get_widget('password').parse()
        collectivity = form.get_widget('collectivity').parse()

        identity = store.get_identity_for_account(username, password, collectivity)
        if identity is None:
            get_logger().warn('Authentication Failure (un: %s)' % username)
            raise authentic.root.LoginError()

        session = get_session()
        session.set_user(identity.id)
        store.init_session(session, password)

        return self.login_success(identity)


from qommon.publisher import get_publisher_class
get_publisher_class().root_directory_class = AlternateRootDirectory