support for idp intro cookie

git-svn-id: svn://localhost/lasso-conform/trunk@29 2a3a78c3-912c-0410-af21-e1fb2d1df599

lcs/root.ptl

@@ -1,4 +1,6 @@
 import os
+import base64
+import urllib
 import lasso
 
 from quixote import get_publisher, get_response, get_session, redirect, get_session_manager
@@ -19,6 +21,34 @@ import qommon.ident
 
 from users import User
 
+from qommon.tokens import Token
+
+
+class CookieGetterDirectory(Directory):
+    _q_exports = ['', 'spintro']
+
+    def _q_index [html] (self):
+        template.html_top()
+        _('This domain is not for humans, it is only used to get identity '
+          'provider discovery cookie.')
+
+    def spintro(self):
+        tok = get_request().form.get('tok')
+        token = Token.get(tok)
+
+        session = get_session_manager().get(token.session_id)
+
+        request = get_request()
+        try:
+            session.saml_idp_cookie = request.cookies['_saml_idp']
+        except KeyError:
+            session.saml_idp_cookie = ''
+
+        session.store()
+        token.remove_self()
+
+        return redirect(token.next_url)
+
 
 class IdentDirectory(Directory):
     def _q_lookup(self, component):
@@ -137,6 +167,16 @@ class RootDirectory(Directory):
         for kidp, idp in get_cfg('idp', {}).items():
             form.add_submit(kidp, _('Log on %s') % kidp)
 
+        if get_session().saml_idp_cookie is None:
+            form.add_submit('intro', _('Get IdP via Introduction Cookie'))
+        elif get_session().saml_idp_cookie:
+            intro_cookie_q = urllib.unquote(get_session().saml_idp_cookie)
+            splitted_cookie = [x for x in intro_cookie_q.split(str(' ')) if x]
+            last_id = splitted_cookie[-1]
+            v = misc.get_provider_key(base64.decodestring(last_id))
+            form.add_submit('intro-%s' % v,
+                    _('Log on using IdP discovered from IdP Introduction'))
+
         if form.is_submitted():
             return self.do_login(form)
 
@@ -226,6 +266,18 @@ class RootDirectory(Directory):
         login = lasso.Login(server)
 
         idp = form.get_submit()
+        if idp == 'intro':
+            common_domain_getter_url = get_cfg('sp', {}).get('common_domain_getter_url')
+            token = Token(expiration_delay = 600) # ten minutes
+            token.session_id = get_session().id
+            token.protocol = 'saml2'
+            token.next_url = get_request().get_url()
+            token.store()
+            return redirect(common_domain_getter_url + '?tok=%s' % token.id)
+
+        if idp and idp.startswith('intro-'):
+            idp = str(idp)[6:]
+
         if idp:
             p = misc.get_provider(idp)
             idp = p.providerId
@@ -281,6 +333,13 @@ class RootDirectory(Directory):
             return self.liberty.singleLogout()
 
     def _q_traverse(self, path):
+        fn = os.path.join(get_publisher().app_dir, 'common_cookie')
+        if os.path.exists(fn):
+            # on special domain to set cookie, nothing else, let's change root
+            get_publisher().app_dir = open(fn).read()
+            get_request().user = None
+            return CookieGetterDirectory()._q_traverse(path)
+
         session = get_session()
         if session:
             get_request().user = session.get_user()