Add UI to use new SSL login methods to account and login page
* authentic/root.ptl: thie commit add a new button to the login page if SSL authentication is activated that provoke redirection to the /login_ssl URL handler with the HTTPS method. It also show a link on the user page (shown when logged in) to associate a certificate to your account if this function is activated. It also show the currently federated certificate. Actually only one certificate can be federated to an account and no function is implemented to defederate a certificate from your account.
This commit is contained in:
parent
c86d369c3d
commit
b4ec376bf1
|
@ -140,17 +140,28 @@ class RootDirectory(Directory):
|
|||
identities_cfg = get_cfg('identities', {})
|
||||
branding_cfg = get_cfg('branding', {})
|
||||
passwords_cfg = get_cfg('passwords', {})
|
||||
ssl_cfg = get_cfg('ssl', {})
|
||||
|
||||
template.html_top(_('Account Management'))
|
||||
get_response().breadcrumb.append( ('', _('Account Management')) )
|
||||
allow_certificate_federation = ssl_cfg.get('allow_certificate_federation', False)
|
||||
|
||||
vars = {
|
||||
'can_change_password': str(passwords_cfg.get('can_change', False)),
|
||||
'creation_mode': identities_cfg.get('creation'),
|
||||
'identity_label': str(identity),
|
||||
'idp_sso_list': str(self.get_idp_sso_list()),
|
||||
'federations_list': str(self.get_idp_federations_list(identity))
|
||||
'federations_list': str(self.get_idp_federations_list(identity)),
|
||||
}
|
||||
if allow_certificate_federation:
|
||||
vars['allow_certificate_federation_url'] = htmltext('https://' + get_request().environ['HTTP_HOST'] + get_request().environ['SCRIPT_NAME'] + '/associate_certificate')
|
||||
certificates = [ x for x in identity.accounts if isinstance(x, identities.CertificateAccount) ]
|
||||
certificate_list = '<p>' + _('Certificates federated:') + '\n<ol>\n'
|
||||
for x in certificates:
|
||||
certificate_list = certificate_list + '<li>' + htmltext(x.dn or x.certificate_sha1) + '</li>\n'
|
||||
certificate_list = certificate_list + '</ol>\n</p>\n'
|
||||
if certificates:
|
||||
vars['certificate_list'] = certificate_list
|
||||
|
||||
return template.process_template(
|
||||
str(TextsDirectory.get_html_text('account')), vars)
|
||||
|
@ -317,6 +328,7 @@ class RootDirectory(Directory):
|
|||
identities_cfg = get_cfg('identities', {})
|
||||
passwords_cfg = get_cfg('passwords', {})
|
||||
login_cfg = get_cfg('login', {})
|
||||
ssl_cfg = get_cfg('ssl', {})
|
||||
|
||||
form = Form(enctype="multipart/form-data", id = "login", use_tokens = False)
|
||||
if identities_cfg.get('email-as-username', False):
|
||||
|
@ -339,6 +351,8 @@ class RootDirectory(Directory):
|
|||
form.add(SingleSelectWidget, "idp", title = _('Proxies request to'), options = options)
|
||||
|
||||
form.add_submit('submit', _('Log in'))
|
||||
if ssl_cfg.get('allow_ssl_login', False):
|
||||
form.add_submit('ssl', _('Log in using SSL certificate'))
|
||||
if login_cfg.get('cancel_button') and get_session().lasso_login_dump:
|
||||
form.add_submit('cancel', _('Cancel'))
|
||||
|
||||
|
@ -369,6 +383,7 @@ class RootDirectory(Directory):
|
|||
identities_cfg = get_cfg('identities', {})
|
||||
passwords_cfg = get_cfg('passwords', {})
|
||||
branding_cfg = get_cfg('branding', {})
|
||||
ssl_cfg = get_cfg('ssl', {})
|
||||
|
||||
form = self.get_login_form()
|
||||
|
||||
|
@ -390,6 +405,9 @@ class RootDirectory(Directory):
|
|||
session.lasso_login_dump = None
|
||||
return self.liberty.sso_after_authentication(login, False)
|
||||
|
||||
if form.is_submitted() and form.get_submit() == 'ssl' and ssl_cfg.get('allow_ssl_login', False):
|
||||
return redirect(get_request().environ['SCRIPT_NAME'] + '/login_ssl')
|
||||
|
||||
authentication_failure = None
|
||||
if form.is_submitted() and not form.has_errors():
|
||||
try:
|
||||
|
@ -438,7 +456,7 @@ class RootDirectory(Directory):
|
|||
# Find an identity
|
||||
identity = None
|
||||
|
||||
if ssl_client_s_dn:
|
||||
if ssl_client_s_dn and ssl_client_verify == 'OK':
|
||||
id = ssl_client_s_dn
|
||||
dn_to_id_regexp = ssl_cfg.get('dn_to_id_regexp')
|
||||
if dn_to_id_regexp:
|
||||
|
@ -510,7 +528,7 @@ class RootDirectory(Directory):
|
|||
session.store()
|
||||
return redirect('.')
|
||||
else:
|
||||
raise errors.AccessForbiddenError()
|
||||
raise errors.TraversalError()
|
||||
|
||||
def more_login_text(self):
|
||||
pass # placeholder to be subclassed XXX: inoperant now
|
||||
|
@ -993,7 +1011,7 @@ class RootDirectory(Directory):
|
|||
|
||||
TextsDirectory.register('account',
|
||||
N_('Account Management'),
|
||||
hint = N_('Available variables: identity_label, idp_sso_list, federations_list'),
|
||||
hint = N_('Available variables: identity_label, idp_sso_list, federations_list, certificate_list, allow_certificate_federation'),
|
||||
default = N_('''\
|
||||
<h2 class="identity-title">[identity_label]</h2>
|
||||
|
||||
|
@ -1012,6 +1030,12 @@ TextsDirectory.register('account',
|
|||
[if-any federations_list]
|
||||
<p id="federations"><a href="federations">Federations</a></p>
|
||||
[end]
|
||||
[if-any allow_certificate_federation_url]
|
||||
<p><a href="[allow_certificate_federation_url]">Associate a certificate to this account<a/></p>
|
||||
[if-any certificate_list]
|
||||
[certificate_list]
|
||||
[end]
|
||||
[end]
|
||||
'''))
|
||||
|
||||
TextsDirectory.register('register',
|
||||
|
|
Reference in New Issue