views: add an iframe mode to the login view

Use it by putting a tag:

  <iframe height="0" width="0" src="{% url "mellon_login" %}?{{ request.GET.urlencode }}&passive&iframe"></iframe>

in your page. It will do a passive authentication inside the iframe and
will use JS to reload the top frame if authentication is successfull.
This commit is contained in:
Benjamin Dauvergne 2015-08-27 14:37:44 +02:00
parent b1b0494ccc
commit 0e57f99312
4 changed files with 20 additions and 1 deletions

Binary file not shown.

View File

@ -0,0 +1,8 @@
{% extends "mellon/base.html" %}
{% load i18n %}
{% block mellon_extra_scripts %}
<script>
top.location.href = "{{ next_url|escapejs }}";
</script>
{% endblock %}

View File

@ -142,8 +142,16 @@ class LoginView(LogMixin, View):
return render(request, 'mellon/user_not_found.html', {
'saml_attributes': attributes })
request.session['lasso_session_dump'] = login.session.dump()
iframe = login.msgRelayState.startswith('iframe+')
if iframe:
login.msgRelayState = login.msgRelayState[len('iframe+'):]
next_url = login.msgRelayState or resolve_url(settings.LOGIN_REDIRECT_URL)
return HttpResponseRedirect(next_url)
if iframe:
return render(request, 'mellon/pop_iframe.html', {
'next_url': next_url,
})
else:
return HttpResponseRedirect(next_url)
def continue_sso_artifact_get(self, request):
idp_message = None
@ -210,6 +218,7 @@ class LoginView(LogMixin, View):
def get(self, request, *args, **kwargs):
'''Initialize login request'''
iframe = 'iframe' in request.GET
if 'SAMLart' in request.GET:
return self.continue_sso_artifact_get(request)
next_url = request.GET.get('next')
@ -239,6 +248,8 @@ class LoginView(LogMixin, View):
req_authncontext.authnContextClassRef = authn_classref
if next_url:
login.msgRelayState = next_url
if iframe:
login.msgRelayState = 'iframe+' + (login.msgRelayState or '')
login.buildAuthnRequestMsg()
except lasso.Error, e:
return HttpResponseBadRequest('error initializing the '