support for idp intro cookie
git-svn-id: svn://localhost/lasso-conform/trunk@29 2a3a78c3-912c-0410-af21-e1fb2d1df599
This commit is contained in:
parent
85aa8bc522
commit
6b761cebe1
59
lcs/root.ptl
59
lcs/root.ptl
|
@ -1,4 +1,6 @@
|
|||
import os
|
||||
import base64
|
||||
import urllib
|
||||
import lasso
|
||||
|
||||
from quixote import get_publisher, get_response, get_session, redirect, get_session_manager
|
||||
|
@ -19,6 +21,34 @@ import qommon.ident
|
|||
|
||||
from users import User
|
||||
|
||||
from qommon.tokens import Token
|
||||
|
||||
|
||||
class CookieGetterDirectory(Directory):
|
||||
_q_exports = ['', 'spintro']
|
||||
|
||||
def _q_index [html] (self):
|
||||
template.html_top()
|
||||
_('This domain is not for humans, it is only used to get identity '
|
||||
'provider discovery cookie.')
|
||||
|
||||
def spintro(self):
|
||||
tok = get_request().form.get('tok')
|
||||
token = Token.get(tok)
|
||||
|
||||
session = get_session_manager().get(token.session_id)
|
||||
|
||||
request = get_request()
|
||||
try:
|
||||
session.saml_idp_cookie = request.cookies['_saml_idp']
|
||||
except KeyError:
|
||||
session.saml_idp_cookie = ''
|
||||
|
||||
session.store()
|
||||
token.remove_self()
|
||||
|
||||
return redirect(token.next_url)
|
||||
|
||||
|
||||
class IdentDirectory(Directory):
|
||||
def _q_lookup(self, component):
|
||||
|
@ -137,6 +167,16 @@ class RootDirectory(Directory):
|
|||
for kidp, idp in get_cfg('idp', {}).items():
|
||||
form.add_submit(kidp, _('Log on %s') % kidp)
|
||||
|
||||
if get_session().saml_idp_cookie is None:
|
||||
form.add_submit('intro', _('Get IdP via Introduction Cookie'))
|
||||
elif get_session().saml_idp_cookie:
|
||||
intro_cookie_q = urllib.unquote(get_session().saml_idp_cookie)
|
||||
splitted_cookie = [x for x in intro_cookie_q.split(str(' ')) if x]
|
||||
last_id = splitted_cookie[-1]
|
||||
v = misc.get_provider_key(base64.decodestring(last_id))
|
||||
form.add_submit('intro-%s' % v,
|
||||
_('Log on using IdP discovered from IdP Introduction'))
|
||||
|
||||
if form.is_submitted():
|
||||
return self.do_login(form)
|
||||
|
||||
|
@ -226,6 +266,18 @@ class RootDirectory(Directory):
|
|||
login = lasso.Login(server)
|
||||
|
||||
idp = form.get_submit()
|
||||
if idp == 'intro':
|
||||
common_domain_getter_url = get_cfg('sp', {}).get('common_domain_getter_url')
|
||||
token = Token(expiration_delay = 600) # ten minutes
|
||||
token.session_id = get_session().id
|
||||
token.protocol = 'saml2'
|
||||
token.next_url = get_request().get_url()
|
||||
token.store()
|
||||
return redirect(common_domain_getter_url + '?tok=%s' % token.id)
|
||||
|
||||
if idp and idp.startswith('intro-'):
|
||||
idp = str(idp)[6:]
|
||||
|
||||
if idp:
|
||||
p = misc.get_provider(idp)
|
||||
idp = p.providerId
|
||||
|
@ -281,6 +333,13 @@ class RootDirectory(Directory):
|
|||
return self.liberty.singleLogout()
|
||||
|
||||
def _q_traverse(self, path):
|
||||
fn = os.path.join(get_publisher().app_dir, 'common_cookie')
|
||||
if os.path.exists(fn):
|
||||
# on special domain to set cookie, nothing else, let's change root
|
||||
get_publisher().app_dir = open(fn).read()
|
||||
get_request().user = None
|
||||
return CookieGetterDirectory()._q_traverse(path)
|
||||
|
||||
session = get_session()
|
||||
if session:
|
||||
get_request().user = session.get_user()
|
||||
|
|
Reference in New Issue