From 625e46fe817a884ef96f2524046fe44465bf1f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Thu, 22 Jan 2015 15:22:25 +0100 Subject: [PATCH] Add a method which store credentials during a local authentification * auth/authform.py: add method store_credentials_in_session and manage auto association during a login * filters/default.py: don't display toolbar if a user is locally logged in and is already associated Closes #6000 --- mandaye/auth/authform.py | 37 +++++++++++++++++++++++++++++++--- mandaye/default-config.ini | 2 +- mandaye/filters/default.py | 2 ++ mandaye/templates/toolbar.html | 17 +++++++++++----- 4 files changed, 49 insertions(+), 9 deletions(-) diff --git a/mandaye/auth/authform.py b/mandaye/auth/authform.py index 7f18f49..dde9205 100644 --- a/mandaye/auth/authform.py +++ b/mandaye/auth/authform.py @@ -304,6 +304,7 @@ a password_field key if you want to encode a password.") def login(self, env, values, request, response): """ Automatic login on a site with a form """ + session = self.env['beaker.session'] # Specific method to get current idp unique id unique_id = self.get_current_unique_id(env) logger.debug('Trying to login on Mandaye') @@ -312,15 +313,22 @@ a password_field key if you want to encode a password.") # FIXME: hack to force beaker to generate an id # somtimes beaker doesn't do it by himself - env['beaker.session'].regenerate_id() + session.regenerate_id() - env['beaker.session']['unique_id'] = unique_id - env['beaker.session'].save() + session['unique_id'] = unique_id + session.save() logger.debug('User %s successfully login' % env['beaker.session']['unique_id']) association = Association.get_last_connected(self.site_name, unique_id) if not association: + if session.get('post_values'): + logger.info('Auto associate user which is already locally logged in') + self._save_association(env, unique_id, session['post_values']) + del session['post_values'] + del session['is_associated'] + session.save() + return _302(self.urls['login_url']) logger.debug('User %s is not associate' % env['beaker.session']['unique_id']) return _302(self.urls.get('associate_url') + "?type=first") return self._login_sp_user(association, env, values) @@ -440,6 +448,29 @@ a password_field key if you want to encode a password.") return True return False + def store_credentials_in_session(self, env, values, request, response): + """ This method is an 'on_reponse' filter. + It will parse the post and store post_values in the current session + + WARNING: you may need to filter the request with store_request_content_buffer + filter before using this method. You also need to clear the mandaye session + during a local logout + """ + session = self.env['beaker.session'] + if request.msg: + post = parse_qs(request.msg, request) + post_fields = self.form_values['post_fields'] + post_values = {} + for field in post_fields: + if post.has_key(field): + post_values[field] = post[field][0] + if self.verify_replay(response, values): + local_login = post_values[self.form_values['username_field']] + session['post_values'] = post_values + session['is_associated'] = Association.has_sp_login(local_login, self.site_name) + session.save() + return response + def check_credentials(self, env, values, request, response): """ This method is designed to be called like a json webservice diff --git a/mandaye/default-config.ini b/mandaye/default-config.ini index c5c3d33..4396895 100644 --- a/mandaye/default-config.ini +++ b/mandaye/default-config.ini @@ -43,7 +43,7 @@ encrypt_sp_password: false encrypt_secret: [template_vars] -; my_var: toto +idp_url: https://www.identity-hub.com [authentifications] saml2: mandaye.auth.saml2.SAML2Auth diff --git a/mandaye/filters/default.py b/mandaye/filters/default.py index 216070a..99facfb 100644 --- a/mandaye/filters/default.py +++ b/mandaye/filters/default.py @@ -82,6 +82,7 @@ class MandayeFilter(object): @staticmethod def addtoolbar(env, values, request, response): + session = env['beaker.session'] if config.mandaye_offline_toolbar or \ env['beaker.session'].has_key('unique_id'): response.msg = re.sub( @@ -105,6 +106,7 @@ class MandayeFilter(object): values['site_name'] = env["mandaye.config"]["site_name"] values['is_login'] = False values['is_user_locally_logged_in'] = None + values['is_user_associated'] = env['beaker.session'].get('is_associated') if hasattr(env['mandaye.mapper'], 'is_user_locally_logged_in'): values['is_user_locally_logged_in'] = env['mandaye.mapper'].\ is_user_locally_logged_in(env, request, response) diff --git a/mandaye/templates/toolbar.html b/mandaye/templates/toolbar.html index 16e20f4..51e3de2 100644 --- a/mandaye/templates/toolbar.html +++ b/mandaye/templates/toolbar.html @@ -14,16 +14,23 @@ % if account:
  • - Me désassocier + Délier mon compter
    • % endif % elif is_user_locally_logged_in: -
  • - Lier mon compte -
    • + % if not is_user_associated: +
  • + Lier mon compte +
    • + % endif % else:
  • - Me connecter + Me connecter avec mon compte citoyen +
    • + % endif + % if is_login or is_user_associated: +
  • + Mon compte citoyen
    • % endif