auth/authform.py: improved disacosiation for multi accounts

mandaye/auth/authform.py

@@ -323,10 +323,15 @@ a password_field key if you want to encode a password.")
         # TODO: need to logout the first
         unique_id = env['beaker.session']['unique_id']
         qs = parse_qs(env['QUERY_STRING'])
-        if not qs.has_key('id'):
+        if not qs.has_key('id') and not unique_id:
             return _401('Access denied: beaker session invalid or not qs id')
-        id = qs['id'][0]
-        sp_user = backend.ManagerSPUser.get_by_id(id)
+        if qs.has_key('id'):
+            id = qs['id'][0]
+            sp_user = backend.ManagerSPUser.get_by_id(id)
+        else:
+            service_provider = backend.ManagerServiceProvider.get(self.site_name)
+            idp_user = backend.ManagerIDPUser.get(unique_id)
+            sp_user = backend.ManagerSPUser.get_last_connected(idp_user, service_provider)
         if not sp_user:
             return _302(values.get('associate_url'))
         return self._login_sp_user(sp_user, env, 'response.code==302', values)
@@ -353,6 +358,9 @@ a password_field key if you want to encode a password.")
             sp_user = backend.ManagerSPUser.get_by_id(sp_id)
             if sp_user:
                 backend.ManagerSPUser.delete(sp_user)
+                if backend.ManagerSPUser.get_sp_users(unique_id, self.site_name):
+                    env['QUERY_STRING'] = ''
+                    return self.change_user(env, values, request, response)
             else:
                 return _401('Access denied: bad id')
         elif qs.has_key('sp_name'):

mandaye/server.py

@@ -25,7 +25,6 @@ from mandaye.response import _404, _502, _500
 from mandaye.db import sql_session
 
 
-
 def get_response(env, request, url, cookiejar=None):
     """ request: Mandaye Request
     url: the target url