From 0e57f9931243565d4bd15333e9f8d340698fc629 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 27 Aug 2015 14:37:44 +0200
Subject: [PATCH] views: add an iframe mode to the login view

Use it by putting a tag:

  <iframe height="0" width="0" src="{% url "mellon_login" %}?{{ request.GET.urlencode }}&passive&iframe"></iframe>

in your page. It will do a passive authentication inside the iframe and
will use JS to reload the top frame if authentication is successfull.
---
 mellon/locale/fr/LC_MESSAGES/django.mo          | Bin 0 -> 1135 bytes
 .../mellon/.authentication_failed.html.swp      | Bin 0 -> 12288 bytes
 mellon/templates/mellon/pop_iframe.html         |   8 ++++++++
 mellon/views.py                                 |  13 ++++++++++++-
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 mellon/locale/fr/LC_MESSAGES/django.mo
 create mode 100644 mellon/templates/mellon/.authentication_failed.html.swp
 create mode 100644 mellon/templates/mellon/pop_iframe.html

diff --git a/mellon/locale/fr/LC_MESSAGES/django.mo b/mellon/locale/fr/LC_MESSAGES/django.mo
new file mode 100644
index 0000000000000000000000000000000000000000..e0530d5137c9fbde0e693ac1d4cf4f3fa7928ded
GIT binary patch
literal 1135
zcmaJ<%W4!s6fHHr#+~3o5WI*IgQ;;64aANUjCsJoObj{-ilAlpotcU~RYN_-#}7z8
zz?}=11~-0#v(cqLpeuJS{QysmiBUugPT%gXd(S;}>wG>w@ls$N0Zsw;fn&fcAgvF;
z3E(4e5cmQd0=@!=fp5TB;5*O<PVN(;f%pRPG4KgUy!8V=>+c~R#rH$RRKJN>M|6k=
z@g3p~#M2W(pj7M!c2~+zI#d6&kRp&i)+Lr==&=bpS3z4t9i>Yy#Ih~ei-z}+ooKQ5
zs>@>CQuOSoW1}hXbhNJe+*qM==M7#S=wix?c8^K@$=OqWhj*Hu*+{uE<TylUDA)>N
zK>}S>)N|aap8*>`4G*F#r~H}4Qu#mww7+^$Eso2d^w@EATqo|@=*FU^AtH&J^3#MZ
z?MWMz2R&pOl&m~cZcV_SMBzvkeQmT4P6g`{m)LN2lk*@Og}lSgV-^_|o62;p>~mRK
zQ@P0l>w;|gt}f*D*!8k)GpcOdXv<~C<MGKA6*!~W+RSBHo0GL!nz@wCUAa)3t<{hy
zZ}Lzl>i_07abnqa%J?#=%ji0rO$EKQqT-NU*I-zWirx2XxIJgnMyTetzgTHPbi}}9
zn^ixfb!+(7zl=Jr(rUC;_YOHztyPvW8_>x1vjOA>jQ`@GRN5?1-c!zVsNZg{$@#s!
zq^`qGuA1By+H^CTf22cYql`|Ka?QHF&&UkMpT0i3fJ;a_b+b6LP!Xf8yvI2eOy%UR
zS2{Zm+_BzhtIr{D+;iVj%%h<gbg4b2j7uCJd$di1bfe{@E|QNsTA4t%mRij}Y}x#)
z5h)sN=RF%o+tW0((I=iEKTp;Kp@Gpyum9~zsCPz>-Z&U+*PRNAH6~dV&B@<|zJL46
foy4&7PiuD2mZL69^xQEgdJb&><!}DPNvq-qEm%@y

literal 0
HcmV?d00001

diff --git a/mellon/templates/mellon/.authentication_failed.html.swp b/mellon/templates/mellon/.authentication_failed.html.swp
new file mode 100644
index 0000000000000000000000000000000000000000..c9782fd9e8153cd6ed940ca25649b87e6afae859
GIT binary patch
literal 12288
zcmeI2yKdA#6o!W&B<|M+K{FTy8q9{E2uPfj5EVicAV74>?9Oa#;<e4pI3fyx3Lbzb
zK!}!>nkN9>0Evo*j)H=Me|*_n!X{J*bS(XHd}e&kna^iNTIIB7?p?phFP*>0a2;ms
z)~n^auczeHi5bRpnp$Vx>gvd)xhq>u!gwP$x?w`0RU=z1?y}KSahxU%t9n^1tTMGh
z<Tg}^jXJ_cY0~P7C|2@(XnXNC0?`yAKm<k!<hJWyKEN){Uck;~?6h}^A3J(?bPhcc
z0U|&IhyW2F0z`la5CJ0aUlXv|4)zQyoT^rNwz}^ayH}5NBLYN#2oM1xKm>>Y5g-CY
zfCvx)B0vQGK>|WDHn)edZ;<={fBpOa^C8AQLLZ>F&~xYvbR60P?S{S`#2EAdYC=B_
zU>@`ox)1G#c0u3wGxi>O0o{On=<7bl-as#*6=)9nvX`+>&^t&&K6DZ~0_}u;)_MMe
zoGE1@Km>>Y5g-CYfC&5*0&CM;C9)l-on=0~&Vq)FR+^0S(jIl4k>kQZ?CkCuA9J=q
zO5TZuF^gW=zv*igi&bOM!Ra*vYny9pd|=}1>p=rXxRteA=fqBMg0NPL#BlHSz%}xN
z4_o`d9OOI{r%HdjNxOV=<9AZ2Oh4_?*eZ-q9;Q(;@15h`c9$^fa<GVNMT|}J9}ZZ5
zfInP8PZ=YYfF9T@ca^EgdouMZ<$;er`J0v7Nom({`sg>-Mr2H`bRTf}xEaum6;Z!B
z0C~N1Hj+{xV;;$VEsnMh`>u63*UFd5;xBw?R?tP|NY&1lO5{N!E2}CHV?`N9$+E{o
zt-6aI@Fwc9ZRI*f{=nTwbuC4&a*`{rNK80iK{n>8LWO#(<`%Q+z-2K<GHVTxZg7EN
zzZxEnep?BXCNB1wq;0Z=d5%nnUAYaIxpcAp2iqLa#aU2pwCVLbq2i<Pcqk07dauj3
zM_!n;%62MO3)Vq6`x_9U64Dh0JXd@D>PXjj6}e;@&Nf+q^J?oa?QI?o$<zzx<*9{D
zo>(-QyAp6?!)N2h9T@abKs>ZI^VOp~T3Pf^6Iz)N@k&2Mfhet0-O@@%T6Jtobgj}Y
z8}(G0TNKR#YG-k*j`{^T@m(Z2o<C|)i<ar=D6^(sMVt!BqYIZ4XK<@}j5SIeq*beZ
MTNqU|(mSr~7mdj|kpKVy

literal 0
HcmV?d00001

diff --git a/mellon/templates/mellon/pop_iframe.html b/mellon/templates/mellon/pop_iframe.html
new file mode 100644
index 0000000..84fb425
--- /dev/null
+++ b/mellon/templates/mellon/pop_iframe.html
@@ -0,0 +1,8 @@
+{% extends "mellon/base.html" %}
+{% load i18n %}
+
+{% block mellon_extra_scripts %}
+<script>
+	top.location.href = "{{ next_url|escapejs }}";
+</script>
+{% endblock %}
diff --git a/mellon/views.py b/mellon/views.py
index a319455..a74948a 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -142,8 +142,16 @@ class LoginView(LogMixin, View):
             return render(request, 'mellon/user_not_found.html', {
                 'saml_attributes': attributes })
         request.session['lasso_session_dump'] = login.session.dump()
+        iframe = login.msgRelayState.startswith('iframe+')
+        if iframe:
+            login.msgRelayState = login.msgRelayState[len('iframe+'):]
         next_url = login.msgRelayState or resolve_url(settings.LOGIN_REDIRECT_URL)
-        return HttpResponseRedirect(next_url)
+        if iframe:
+            return render(request, 'mellon/pop_iframe.html', {
+                      'next_url': next_url,
+                    })
+        else:
+            return HttpResponseRedirect(next_url)
 
     def continue_sso_artifact_get(self, request):
         idp_message = None
@@ -210,6 +218,7 @@ class LoginView(LogMixin, View):
 
     def get(self, request, *args, **kwargs):
         '''Initialize login request'''
+        iframe = 'iframe' in request.GET
         if 'SAMLart' in request.GET:
             return self.continue_sso_artifact_get(request)
         next_url = request.GET.get('next')
@@ -239,6 +248,8 @@ class LoginView(LogMixin, View):
                 req_authncontext.authnContextClassRef = authn_classref
             if next_url:
                 login.msgRelayState = next_url
+            if iframe:
+                login.msgRelayState = 'iframe+' + (login.msgRelayState or '')
             login.buildAuthnRequestMsg()
         except lasso.Error, e:
             return HttpResponseBadRequest('error initializing the '