Add a method which store credentials during a local authentification
* auth/authform.py: add method store_credentials_in_session and manage auto association during a login * filters/default.py: don't display toolbar if a user is locally logged in and is already associated Closes #6000
This commit is contained in:
parent
8b1775a3ad
commit
625e46fe81
|
@ -304,6 +304,7 @@ a password_field key if you want to encode a password.")
|
|||
def login(self, env, values, request, response):
|
||||
""" Automatic login on a site with a form
|
||||
"""
|
||||
session = self.env['beaker.session']
|
||||
# Specific method to get current idp unique id
|
||||
unique_id = self.get_current_unique_id(env)
|
||||
logger.debug('Trying to login on Mandaye')
|
||||
|
@ -312,15 +313,22 @@ a password_field key if you want to encode a password.")
|
|||
|
||||
# FIXME: hack to force beaker to generate an id
|
||||
# somtimes beaker doesn't do it by himself
|
||||
env['beaker.session'].regenerate_id()
|
||||
session.regenerate_id()
|
||||
|
||||
env['beaker.session']['unique_id'] = unique_id
|
||||
env['beaker.session'].save()
|
||||
session['unique_id'] = unique_id
|
||||
session.save()
|
||||
|
||||
logger.debug('User %s successfully login' % env['beaker.session']['unique_id'])
|
||||
|
||||
association = Association.get_last_connected(self.site_name, unique_id)
|
||||
if not association:
|
||||
if session.get('post_values'):
|
||||
logger.info('Auto associate user which is already locally logged in')
|
||||
self._save_association(env, unique_id, session['post_values'])
|
||||
del session['post_values']
|
||||
del session['is_associated']
|
||||
session.save()
|
||||
return _302(self.urls['login_url'])
|
||||
logger.debug('User %s is not associate' % env['beaker.session']['unique_id'])
|
||||
return _302(self.urls.get('associate_url') + "?type=first")
|
||||
return self._login_sp_user(association, env, values)
|
||||
|
@ -440,6 +448,29 @@ a password_field key if you want to encode a password.")
|
|||
return True
|
||||
return False
|
||||
|
||||
def store_credentials_in_session(self, env, values, request, response):
|
||||
""" This method is an 'on_reponse' filter.
|
||||
It will parse the post and store post_values in the current session
|
||||
|
||||
WARNING: you may need to filter the request with store_request_content_buffer
|
||||
filter before using this method. You also need to clear the mandaye session
|
||||
during a local logout
|
||||
"""
|
||||
session = self.env['beaker.session']
|
||||
if request.msg:
|
||||
post = parse_qs(request.msg, request)
|
||||
post_fields = self.form_values['post_fields']
|
||||
post_values = {}
|
||||
for field in post_fields:
|
||||
if post.has_key(field):
|
||||
post_values[field] = post[field][0]
|
||||
if self.verify_replay(response, values):
|
||||
local_login = post_values[self.form_values['username_field']]
|
||||
session['post_values'] = post_values
|
||||
session['is_associated'] = Association.has_sp_login(local_login, self.site_name)
|
||||
session.save()
|
||||
return response
|
||||
|
||||
def check_credentials(self, env, values, request, response):
|
||||
"""
|
||||
This method is designed to be called like a json webservice
|
||||
|
|
|
@ -43,7 +43,7 @@ encrypt_sp_password: false
|
|||
encrypt_secret:
|
||||
|
||||
[template_vars]
|
||||
; my_var: toto
|
||||
idp_url: https://www.identity-hub.com
|
||||
|
||||
[authentifications]
|
||||
saml2: mandaye.auth.saml2.SAML2Auth
|
||||
|
|
|
@ -82,6 +82,7 @@ class MandayeFilter(object):
|
|||
|
||||
@staticmethod
|
||||
def addtoolbar(env, values, request, response):
|
||||
session = env['beaker.session']
|
||||
if config.mandaye_offline_toolbar or \
|
||||
env['beaker.session'].has_key('unique_id'):
|
||||
response.msg = re.sub(
|
||||
|
@ -105,6 +106,7 @@ class MandayeFilter(object):
|
|||
values['site_name'] = env["mandaye.config"]["site_name"]
|
||||
values['is_login'] = False
|
||||
values['is_user_locally_logged_in'] = None
|
||||
values['is_user_associated'] = env['beaker.session'].get('is_associated')
|
||||
if hasattr(env['mandaye.mapper'], 'is_user_locally_logged_in'):
|
||||
values['is_user_locally_logged_in'] = env['mandaye.mapper'].\
|
||||
is_user_locally_logged_in(env, request, response)
|
||||
|
|
|
@ -14,16 +14,23 @@
|
|||
</li>
|
||||
% if account:
|
||||
<li>
|
||||
<a href="javascript:mandaye_disassociate_logout('${urls['disassociate_url']}', '${account['sp_login']}', ${account['id']})" title="Cliquer ici pour supprimer l'association entre ce compte et votre compte citoyen.">Me désassocier</a>
|
||||
<a href="javascript:mandaye_disassociate_logout('${urls['disassociate_url']}', '${account['sp_login']}', ${account['id']})" title="Cliquer ici pour supprimer l'association entre ce compte et votre compte citoyen">Délier mon compter</a>
|
||||
</li>
|
||||
% endif
|
||||
% elif is_user_locally_logged_in:
|
||||
<li>
|
||||
<a href="${urls['connection_url']}" title="Cliquer ici pour lier votre compte citoyen avec ${site_name}">Lier mon compte</a>
|
||||
</li>
|
||||
% if not is_user_associated:
|
||||
<li>
|
||||
<a href="${urls['connection_url']}" title="Cliquer ici pour lier votre compte citoyen avec ${site_name}">Lier mon compte</a>
|
||||
</li>
|
||||
% endif
|
||||
% else:
|
||||
<li>
|
||||
<a href="/mandaye/sso" title="Cliquer ici pour vous connecter sur ${site_name}">Me connecter</a>
|
||||
<a href="/mandaye/sso" title="Cliquer ici pour vous connecter sur ${site_name}">Me connecter avec mon compte citoyen</a>
|
||||
</li>
|
||||
% endif
|
||||
% if is_login or is_user_associated:
|
||||
<li>
|
||||
<a href="${idp_url}/accounts" title="Cliquer ici pour vous rendre sur votre compte citoyen">Mon compte citoyen</a>
|
||||
</li>
|
||||
% endif
|
||||
</ul>
|
||||
|
|
Reference in New Issue