support for login page with both idp and password
This commit is contained in:
parent
04477eaa03
commit
e5c0a39de3
|
@ -4,6 +4,9 @@ from quixote.html import htmltext
|
|||
from quixote.util import StaticDirectory
|
||||
|
||||
import os
|
||||
import urlparse
|
||||
|
||||
import lasso
|
||||
|
||||
import wcs
|
||||
import wcs.root
|
||||
|
@ -37,6 +40,9 @@ from saml2 import Saml2Directory
|
|||
|
||||
OldRootDirectory = wcs.root.RootDirectory
|
||||
|
||||
import qommon.ident.password
|
||||
import qommon.ident.idp
|
||||
|
||||
|
||||
class FormsRootDirectory(wcs.forms.root.RootDirectory):
|
||||
|
||||
|
@ -443,16 +449,79 @@ class AlternateLoginDirectory(OldLoginDirectory):
|
|||
get_logger().info('login')
|
||||
ident_methods = get_cfg('identification', {}).get('methods', [])
|
||||
|
||||
# don't display authentication system choice
|
||||
if len(ident_methods) != 1:
|
||||
ident_methods = ['password']
|
||||
print 'ident_methods:', ident_methods
|
||||
|
||||
method = ident_methods[0]
|
||||
try:
|
||||
return qommon.ident.login(method)
|
||||
except KeyError:
|
||||
get_logger().error('failed to login with method %s' % method)
|
||||
return errors.TraversalError()
|
||||
if len(ident_methods) > 1 and 'idp' in ident_methods:
|
||||
# if there is more than one identification method, and there is a
|
||||
# possibility of SSO, if we got there as a consequence of an access
|
||||
# unauthorized url on admin/ or backoffice/, then idp auth method
|
||||
# is chosen forcefully.
|
||||
after_url = get_session().after_url
|
||||
if after_url:
|
||||
after_path = urlparse.urlparse(after_url)[2]
|
||||
if after_path.startswith(str('/admin')) or \
|
||||
after_path.startswith(str('/backoffice')):
|
||||
ident_methods = ['idp']
|
||||
|
||||
print 'TWICE: ident_methods:', ident_methods
|
||||
|
||||
# don't display authentication system choice
|
||||
if len(ident_methods) == 1:
|
||||
method = ident_methods[0]
|
||||
try:
|
||||
return qommon.ident.login(method)
|
||||
except KeyError:
|
||||
get_logger().error('failed to login with method %s' % method)
|
||||
return errors.TraversalError()
|
||||
|
||||
if sorted(ident_methods) == ['idp', 'password']:
|
||||
identities_cfg = get_cfg('identities', {})
|
||||
form = Form(enctype = 'multipart/form-data', id = 'login-form', use_tokens = False)
|
||||
if identities_cfg.get('email-as-username', False):
|
||||
form.add(StringWidget, 'username', title = _('Email'), size=25, required=True)
|
||||
else:
|
||||
form.add(StringWidget, 'username', title = _('Username'), size=25, required=True)
|
||||
form.add(PasswordWidget, 'password', title = _('Password'), size=25, required=True)
|
||||
form.add_submit('submit', _('Connect'))
|
||||
if form.is_submitted() and not form.has_errors():
|
||||
tmp = qommon.ident.password.MethodDirectory().login_submit(form)
|
||||
if not form.has_errors():
|
||||
return tmp
|
||||
|
||||
'<div id="login-password">'
|
||||
get_session().display_message()
|
||||
form.render()
|
||||
|
||||
'<p><a href="/ident/password/forgotten">%s</a></p>' % _('Forgotten password ?')
|
||||
|
||||
'</div>'
|
||||
|
||||
# XXX: this part only supports a single IdP
|
||||
'<div id="login-sso">'
|
||||
TextsDirectory.get_html_text('aq-sso-text')
|
||||
form = Form(enctype='multipart/form-data', action = '/ident/idp/login')
|
||||
form.add_hidden('method', 'idp')
|
||||
for kidp, idp in get_cfg('idp', {}).items():
|
||||
p = lasso.Provider(lasso.PROVIDER_ROLE_IDP,
|
||||
misc.get_abs_path(idp['metadata']),
|
||||
misc.get_abs_path(idp.get('publickey')), None)
|
||||
form.add_hidden('idp', p.providerId)
|
||||
break
|
||||
form.add_submit('submit', _('Connect'))
|
||||
|
||||
form.render()
|
||||
'</div>'
|
||||
|
||||
get_request().environ['REQUEST_METHOD'] = 'GET'
|
||||
|
||||
"""<script type="text/javascript">
|
||||
document.getElementById('login-form')['username'].focus();
|
||||
</script>"""
|
||||
|
||||
# XXX : GET BACK TO THIS LATER : LIEN POUR AUTH SAML
|
||||
|
||||
else:
|
||||
return OldLoginDirectory._q_index(self)
|
||||
|
||||
|
||||
class AlternateRootDirectory(OldRootDirectory):
|
||||
|
@ -764,4 +833,7 @@ TextsDirectory.register('aq-editor-info', N_('Editor Informations'))
|
|||
TextsDirectory.register('aq-accessibility', N_('Accessibility Statement'))
|
||||
TextsDirectory.register('aq-contact', N_('Contact Information'))
|
||||
TextsDirectory.register('aq-help', N_('Help'))
|
||||
|
||||
TextsDirectory.register('aq-sso-text', N_('Connecting with Identity Provider'),
|
||||
default = N_('''<h3>Connecting with Identity Provider</h3>
|
||||
<p>You can also use your identity provider to connect.
|
||||
</p>'''))
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 8.5 KiB |
Binary file not shown.
After Width: | Height: | Size: 187 B |
|
@ -886,3 +886,54 @@ div#main-content form div.page h3,
|
|||
div#main-content div.dataview div.page h3 {
|
||||
margin: 0 -8px 1em -8px;
|
||||
}
|
||||
|
||||
div#login-sso,
|
||||
div#login-password {
|
||||
border: 1px solid #888;
|
||||
-moz-border-radius: 10px;
|
||||
-webkit-border-radius: 10px;
|
||||
padding: 0 15px;
|
||||
margin: 0 auto;
|
||||
width: 23em;
|
||||
margin-bottom: 2em;
|
||||
}
|
||||
|
||||
div#login-sso div.buttons,
|
||||
div#login-password div.buttons {
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
div#login-sso div.buttons input,
|
||||
div#login-password div.buttons input {
|
||||
margin: 0;
|
||||
background: white url(login-button-bg.png) bottom left repeat-x;
|
||||
padding: 2px 10px;
|
||||
-moz-border-radius: 8px;
|
||||
-webkit-border-radius: 8px;
|
||||
color: #222;
|
||||
}
|
||||
|
||||
div#login-password div.PasswordWidget div.content,
|
||||
div#login-password div.StringWidget div.content {
|
||||
text-align: right;
|
||||
margin-right: 3em;
|
||||
}
|
||||
|
||||
div#login-password p {
|
||||
margin-bottom: 1em;
|
||||
}
|
||||
|
||||
div#login-sso {
|
||||
background: white url(keyring.png) 5px 5px no-repeat;
|
||||
min-height: 70px;
|
||||
}
|
||||
|
||||
div#login-sso h3 {
|
||||
font-size: 110%;
|
||||
}
|
||||
|
||||
div#login-sso h3,
|
||||
div#login-sso p {
|
||||
margin: 5px 0 0 60px;
|
||||
text-align: justify;
|
||||
}
|
||||
|
|
Reference in New Issue