handle direct access to authentic backoffice

2017-11-25 15:08:00 +01:00 · 2017-11-25 15:08:00 +01:00 · aa527bfd17
parent 7a65a4298c
commit aa527bfd17
1 changed files with 14 additions and 6 deletions
--- a/src/authentic2_gnm/templatetags/gnm.py
+++ b/src/authentic2_gnm/templatetags/gnm.py
@ -25,18 +25,26 @@ register = template.Library()

@register.filter
 def is_coming_for(request):
-    try:
-        authn_request = ET.fromstring(request.session['saml:authnRequest'])
-        next_url = authn_request.findall(
-                '{urn:oasis:names:tc:SAML:2.0:protocol}Extensions/{https://www.entrouvert.com/}next_url')[0].text
-    except (KeyError, IndexError):
-        return 'unknown'
+    if not 'authnRequest' in request.session:
+        # look at ?next parameter
+        next_url = request.GET.get('next')
+    else:
+        try:
+            authn_request = ET.fromstring(request.session['saml:authnRequest'])
+            next_url = authn_request.findall(
+                    '{urn:oasis:names:tc:SAML:2.0:protocol}Extensions/{https://www.entrouvert.com/}next_url')[0].text
+        except (KeyError, IndexError):
+            return 'unknown'
    target_path = urlparse.urlparse(next_url).path
    for prefix in ('manage', 'admin', 'backoffice'):
        if target_path.startswith('/%s/' % prefix):
            return 'backoffice'

    target_domain = urlparse.urlparse(next_url).netloc
+    if not target_domain:
+        # local authentic
+        return 'frontoffice'
+
    if 'agent' in target_domain:
        return 'backoffice'