From 6b761cebe1552f2375501c2c7e41346e9542f59d Mon Sep 17 00:00:00 2001 From: fpeters Date: Fri, 1 Dec 2006 10:46:34 +0000 Subject: [PATCH] support for idp intro cookie git-svn-id: svn://localhost/lasso-conform/trunk@29 2a3a78c3-912c-0410-af21-e1fb2d1df599 --- lcs/root.ptl | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/lcs/root.ptl b/lcs/root.ptl index df65ac7..df2a00b 100644 --- a/lcs/root.ptl +++ b/lcs/root.ptl @@ -1,4 +1,6 @@ import os +import base64 +import urllib import lasso from quixote import get_publisher, get_response, get_session, redirect, get_session_manager @@ -19,6 +21,34 @@ import qommon.ident from users import User +from qommon.tokens import Token + + +class CookieGetterDirectory(Directory): + _q_exports = ['', 'spintro'] + + def _q_index [html] (self): + template.html_top() + _('This domain is not for humans, it is only used to get identity ' + 'provider discovery cookie.') + + def spintro(self): + tok = get_request().form.get('tok') + token = Token.get(tok) + + session = get_session_manager().get(token.session_id) + + request = get_request() + try: + session.saml_idp_cookie = request.cookies['_saml_idp'] + except KeyError: + session.saml_idp_cookie = '' + + session.store() + token.remove_self() + + return redirect(token.next_url) + class IdentDirectory(Directory): def _q_lookup(self, component): @@ -137,6 +167,16 @@ class RootDirectory(Directory): for kidp, idp in get_cfg('idp', {}).items(): form.add_submit(kidp, _('Log on %s') % kidp) + if get_session().saml_idp_cookie is None: + form.add_submit('intro', _('Get IdP via Introduction Cookie')) + elif get_session().saml_idp_cookie: + intro_cookie_q = urllib.unquote(get_session().saml_idp_cookie) + splitted_cookie = [x for x in intro_cookie_q.split(str(' ')) if x] + last_id = splitted_cookie[-1] + v = misc.get_provider_key(base64.decodestring(last_id)) + form.add_submit('intro-%s' % v, + _('Log on using IdP discovered from IdP Introduction')) + if form.is_submitted(): return self.do_login(form) @@ -226,6 +266,18 @@ class RootDirectory(Directory): login = lasso.Login(server) idp = form.get_submit() + if idp == 'intro': + common_domain_getter_url = get_cfg('sp', {}).get('common_domain_getter_url') + token = Token(expiration_delay = 600) # ten minutes + token.session_id = get_session().id + token.protocol = 'saml2' + token.next_url = get_request().get_url() + token.store() + return redirect(common_domain_getter_url + '?tok=%s' % token.id) + + if idp and idp.startswith('intro-'): + idp = str(idp)[6:] + if idp: p = misc.get_provider(idp) idp = p.providerId @@ -281,6 +333,13 @@ class RootDirectory(Directory): return self.liberty.singleLogout() def _q_traverse(self, path): + fn = os.path.join(get_publisher().app_dir, 'common_cookie') + if os.path.exists(fn): + # on special domain to set cookie, nothing else, let's change root + get_publisher().app_dir = open(fn).read() + get_request().user = None + return CookieGetterDirectory()._q_traverse(path) + session = get_session() if session: get_request().user = session.get_user()