POC Campus Condorcet : correction bug redirection post-SSO WAYF

django/sp_sso/invite/urls.py

@@ -2,8 +2,9 @@ from django.conf.urls import url
 
 from . import views
 from saml.decorators import user_in_ldap
+from django.contrib.auth.decorators import login_required
 
 urlpatterns = [
-    url(r'^$', user_in_ldap(views.InvitationFormView.as_view()), name='invitation'),
+    url(r'^$', login_required(user_in_ldap(views.InvitationFormView.as_view())), name='invitation'),
     url(r'^sent/$', views.invitation_sent , name='sent'),
 ]

django/sp_sso/saml/decorators.py

@@ -42,7 +42,7 @@ def user_in_ldap(function):
                 request.session['host_type'] = 'member'
             else:
                 request.session['host_type'] = 'affiliate'
-            return redirect(reverse('auth_login') + "?next=/invite/")
+            return redirect(reverse('auth_login') + "?next="+request.path)
         user_data = saml_collect_data(request)
         if not ldap_contains_user(user_data):
             logger.info(u'user not registered error for request %s' % request)
@@ -61,7 +61,7 @@ def user_can_declare(function):
     """
     def wrapped(request, *args, **kwargs):
         if not request.session.get('mellon_session'):
-            return redirect(reverse('auth_login') + '?next=/declare/')
+            return redirect(reverse('auth_login') + '?next='+request.path)
         user_data = saml_collect_data(request)
 
         if ldap_contains_user(user_data):

django/sp_sso/saml/urls.py

@@ -2,8 +2,10 @@ from django.conf.urls import url
 
 from . import views
 from .decorators import user_not_in_ldap
+from django.contrib.auth.decorators import login_required
 
 urlpatterns = [
-    url(r'^$', user_not_in_ldap(views.RegistrationFormView.as_view()), name='register'),
+    url(r'^$', login_required(user_not_in_ldap(views.RegistrationFormView.as_view())), name='register'),
+    #url(r'blank^$', user_not_in_ldap(views.RegistrationFormView.as_view()), name='blankregister'),
     url(r'^wcs_post/$', views.wcs_post , name='wcs_post'),
 ]

django/sp_sso/sp_sso/settings.py

@@ -69,7 +69,7 @@ AUTHENTICATION_BACKENDS = (
 
 AUTH_USER_MODEL = 'saml.SupAnnUser'
 
-LOGIN_REDIRECT_URL = '/register/' #XXX how to handle login for multiple apps ?
+LOGIN_REDIRECT_URL = '/logged_in/'
 LOGIN_URL = '/login/'
 LOGOUT_URL = '/logout/'
 
@@ -98,7 +98,7 @@ MELLON_IDENTITY_PROVIDERS = [{
     'METADATA_URL': 'http://idp-condorcet.dev.entrouvert.org/idp/saml2/metadata'
 }]
 
-#MELLON_DISCOVERY_SERVICE_URL = "https://discovery.renater.fr/test"
+MELLON_DISCOVERY_SERVICE_URL = "https://discovery.renater.fr/test"
 
 MELLON_PUBLIC_KEYS = ('''MIIC+TCCAeGgAwIBAgIJAPDzLp0rbCqRMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
 BAMMCHdob2NhcmVzMB4XDTE3MDMwODE2MjYyNloXDTI3MDMwNjE2MjYyNlowEzER

django/sp_sso/sp_sso/urls.py

@@ -2,16 +2,20 @@ from django.conf.urls import include, url
 from django.contrib import admin
 
 from . import views
-from saml.decorators import user_can_declare
+from saml.decorators import user_can_declare, user_not_in_ldap
+from saml import views as samlviews
+from django.contrib.auth.decorators import login_required
 
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
     url(r'^register/', include('saml.urls')),
+    url(r'^blank/', user_not_in_ldap(samlviews.RegistrationFormView.as_view()), name="blankregister"),
     url(r'^invite/', include('invite.urls'), name="invite"),
-    url(r'^declare/$', user_can_declare(views.declare), name="declare"),
+    url(r'^declare/$', login_required(user_can_declare(views.declare)), name="declare"),
     url(r'^declare/subscribed/$', views.subscribed, name='subscribed'),
     url(r'^$', views.index),
     url(r'^accounts/mellon/', include('mellon.urls')),
     url(r'^logout/$', views.logout, name='auth_logout'),
     url(r'^login/$', views.login, name='auth_login'),
+    url(r'^logged_in/', views.logged_in, name='auth_logged_in'),
 ]

django/sp_sso/sp_sso/views.py

@@ -32,6 +32,7 @@ def login(request, *args, **kwargs):
     if any(get_idps()):
         if not 'next' in request.GET:
             return HttpResponseRedirect(resolve_url('mellon_login'))
+        request.session['next_field'] = request.GET.get('next')
         return HttpResponseRedirect(resolve_url('mellon_login') + '?next='
                                     + urllib.quote(request.GET.get('next')))
     return auth_views.login(request, *args, **kwargs)
@@ -44,6 +45,10 @@ def logout(request, next_page=None):
     next_page = '/login'
     return HttpResponseRedirect(next_page)
 
+def logged_in(request, next_page=None):
+    callback = request.session.get('next_field', '/')
+    return HttpResponseRedirect(callback)
+
 def subscribed(request):
     """Success view for the self-subscription process"""
     logger.info(u'Processing request %s',  request)

django/sp_sso/templates/index.html

@@ -16,10 +16,10 @@
 <p style='text-align:center'>
 <h2 style='color:#21C910'>{% trans "Your are moving in to the Campus" %}</h2>
 <a class='button inline' href="{% url "declare" %}">{% trans "Register using your Campus institution account" %}</a><br/><br/>
-<a class='button inline' href="/invite?host_type=member">{% trans "Send invites for people to declare their accounts" %}</a><br/><br/>
+<a class='button inline' href="{% url "declare" %}?host_type=member">{% trans "Send invites for people to declare their accounts" %}</a><br/><br/>
 <h2 style='color:#109BC9'>{% trans "You have been invited by a member of the Campus" %}</h2>
-<a class='button inline' href="{% url "auth_login" %}">{% trans "Register using your origin institution account" %}</a><br/><br/>
-<a class='button inline' href="{% url "register" %}">{% trans "Register using an empty form" %}</a><br/><br/>
+<a class='button inline' href="{% url "register" %}">{% trans "Register using your origin institution account" %}</a><br/><br/>
+<a class='button inline' href="{% url "blankregister" %}">{% trans "Register using an empty form" %}</a><br/><br/>
 <h2 style='color:#D85D5D'>{% trans "You would like to invite somebody to the Campus" %}</h2>
 <a class='button inline' href="{% url "invitation" %}">{% trans "Send invites" %}</a><br/>
 </div>