IDP choice template (#1465)

2018-06-29 17:51:39 +02:00 · 2018-06-29 17:51:39 +02:00 · ece95d3da2
commit ece95d3da2
parent 33712dcf13
15 changed files with 132 additions and 50 deletions
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -138,6 +138,7 @@ README
 site/coffee/2fregistration.coffee
 site/coffee/autoRenew.coffee
 site/coffee/confirm.coffee
+site/coffee/idpchoice.coffee
 site/coffee/info.coffee
 site/coffee/kerberos.coffee
 site/coffee/oidcchecksession.coffee
@ -295,6 +296,7 @@ site/templates/bootstrap/error.tpl
 site/templates/bootstrap/ext2fcheck.tpl
 site/templates/bootstrap/footer.tpl
 site/templates/bootstrap/header.tpl
+site/templates/bootstrap/idpchoice.tpl
 site/templates/bootstrap/info.tpl
 site/templates/bootstrap/ldapPpGrace.tpl
 site/templates/bootstrap/login.tpl
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@ -5,8 +5,8 @@ use Mouse;
 use URI::Escape;
 use Lemonldap::NG::Common::FormEncode;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_CONFIRM
  PE_ERROR
+  PE_IDPCHOICE
  PE_OK
  PE_REDIRECT
  PE_SENDRESPONSE
@ -126,7 +126,7 @@ sub extractFormInfo {
            $req->datas->{confirmRemember} = 0;

            $req->datas->{login} = 1;
-            return PE_CONFIRM;
+            return PE_IDPCHOICE;
        }
    }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
@ -4,8 +4,8 @@ use strict;
 use Mouse;
 use MIME::Base64 qw/encode_base64 decode_base64/;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_CONFIRM
  PE_ERROR
+  PE_IDPCHOICE
  PE_OK
 );

@ -234,7 +234,7 @@ sub extractFormInfo {
            $req->datas->{confirmRemember} = 0;

            $req->datas->{login} = 1;
-            return PE_CONFIRM;
+            return PE_IDPCHOICE;
        }
    }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
@ -6,6 +6,7 @@ use Lemonldap::NG::Portal::Lib::SAML;
 use Lemonldap::NG::Common::FormEncode;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_CONFIRM
+  PE_IDPCHOICE
  PE_LOGOUT_OK
  PE_REDIRECT
  PE_OK
@ -860,7 +861,7 @@ sub extractFormInfo {

        #TODO: check this
        $req->datas->{login} = 1;
-        return PE_CONFIRM;
+        return PE_IDPCHOICE;
    }

    # If IDP is found but not confirmed, let the user confirm it
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
@ -90,6 +90,7 @@ use constant {
    PE_U2FFAILED                        => 83,
    PE_UNAUTHORIZEDPARTNER              => 84,
    PE_RENEWSESSION                     => 85,
+    PE_IDPCHOICE                        => 86,
 };

 # EXPORTER PARAMETERS
@ -115,7 +116,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
  PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
  PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
  PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
-  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION
+  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE
 );
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@ -59,7 +59,7 @@ sub display {
        );
    }

-    # 1.2 An authentication (or userDB) module needs to ask a question
+    # 1.2a An authentication (or userDB) module needs to ask a question
    #     before processing to the request
    elsif ( $req->{error} == PE_CONFIRM ) {
        $self->logger->debug('Display: confirm detected');
@ -78,6 +78,33 @@ sub display {
              && $req->datas->{login},
            ASK_LOGINS => $req->param('checkLogins') || 0,
            CONFIRMKEY => $self->stamp(),
+            REMEMBER   => $req->datas->{confirmRemember},
+            (
+                $req->datas->{customScript}
+                ? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
+                : ()
+            ),
+        );
+    }
+
+    # 1.2b An authentication (or userDB) module needs to ask a question
+    #     before processing to the request
+    elsif ( $req->{error} == PE_IDPCHOICE ) {
+        $self->logger->debug('Display: IDP choice detected');
+        $skinfile       = 'idpchoice';
+        %templateParams = (
+            AUTH_ERROR      => $req->error,
+            AUTH_ERROR_TYPE => $req->error_type,
+            AUTH_URL        => $req->{datas}->{_url},
+            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
+            ACTIVE_TIMER    => $req->datas->{activeTimer},
+            FORM_METHOD     => $self->conf->{confirmFormMethod},
+            CHOICE_PARAM    => $self->conf->{authChoiceParam},
+            CHOICE_VALUE    => $req->datas->{_authChoice},
+            CHECK_LOGINS    => $self->conf->{portalCheckLogins}
+              && $req->datas->{login},
+            ASK_LOGINS => $req->param('checkLogins') || 0,
+            CONFIRMKEY => $self->stamp(),
            LIST       => $req->datas->{list}        || [],
            REMEMBER   => $req->datas->{confirmRemember},
            (
@ -88,6 +115,7 @@ sub display {
        );
    }

+
    # 1.3 There is a message to display
    elsif ( my $info = $req->info ) {
        $self->logger->debug('Display: info detected');
--- a/lemonldap-ng-portal/site/coffee/confirm.coffee
+++ b/lemonldap-ng-portal/site/coffee/confirm.coffee
@ -18,7 +18,5 @@ timer = () ->
 $(document).ready ->
 	setTimeout go, 30000
 	setTimeout timer, 1000
-	$(".idploop").on 'click', () ->
-		$("#idp").val $(this).attr("val")
 	$("#refuse").on 'click', () ->
 		$("#confirm").attr "value", $(this).attr("val")
--- a/lemonldap-ng-portal/site/coffee/idpchoice.coffee
+++ b/lemonldap-ng-portal/site/coffee/idpchoice.coffee
@ -0,0 +1,3 @@
+$(document).ready ->
+	$(".idploop").on 'click', () ->
+		$("#idp").val $(this).attr("val")
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
@ -29,9 +29,6 @@
  $(document).ready(function() {
    setTimeout(go, 30000);
    setTimeout(timer, 1000);
-    $(".idploop").on('click', function() {
-      return $("#idp").val($(this).attr("val"));
-    });
    return $("#refuse").on('click', function() {
      return $("#confirm").attr("value", $(this).attr("val"));
    });
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
@ -1 +1 @@
-(function(){var c,a,d,b;a=5;b=0;c=function(){if(b){return $("#form").submit()}};d=function(){var e;e=$("#timer").html();if(e){b=1;if(a>0){a--}e=e.replace(/\d+/,a);$("#timer").html(e);return setTimeout(d,1000)}};$(document).ready(function(){setTimeout(c,30000);setTimeout(d,1000);$(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))});return $("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
+(function(){var go,i,timer,timerIsEnabled;i=5;timerIsEnabled=0;go=function(){if(timerIsEnabled){return $("#form").submit()}};timer=function(){var h;h=$("#timer").html();if(h){timerIsEnabled=1;if(i>0){i--}h=h.replace(/\d+/,i);$("#timer").html(h);return setTimeout(timer,1e3)}};$(document).ready(function(){setTimeout(go,3e4);setTimeout(timer,1e3);return $("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
@ -0,0 +1,9 @@
+// Generated by CoffeeScript 1.10.0
+(function() {
+  $(document).ready(function() {
+    return $(".idploop").on('click', function() {
+      return $("#idp").val($(this).attr("val"));
+    });
+  });
+
+}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
@ -0,0 +1 @@
+(function(){$(document).ready(function(){return $(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))})})}).call(this);
--- a/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
@ -19,48 +19,13 @@
    <div class="panel panel-info">
      <div class="panel-heading">
        <h3 class="panel-title">
-        <TMPL_IF NAME="LIST">
-          <span trspan="selectIdP">Select your Identity Provider</span>
-        <TMPL_ELSE>
          <span trspan="confirmation">Confirmation</span>
-        </TMPL_IF>
        </h3>
      </div>
      <div class="panel-body form">

      <TMPL_VAR NAME="MSG">

-      <TMPL_IF NAME="LIST">
-
-      <input type="hidden" id="idp" name="idp"/>
-
-      <div class="row">
-      <TMPL_LOOP NAME="LIST">
-        <div class="col-sm-6 <TMPL_VAR NAME="class">">
-          <button type="submit" class="btn btn-info idploop" val="<TMPL_VAR NAME="VAL">">
-          <TMPL_IF NAME="icon">
-            <img src="<TMPL_VAR NAME="icon">" class="glyphicon" />
-          <TMPL_ELSE>
-            <i class="glyphicon glyphicon-chevron-right"></i>
-          </TMPL_IF>
-            <TMPL_VAR NAME="NAME">
-          </button>
-        </div>
-      </TMPL_LOOP>
-      </div>
-
-      <TMPL_IF NAME="REMEMBER">
-	  <p>&nbsp;</p>
-      <div class="checkbox">
-        <input type="checkbox" id="remember" name="cookie_type" value="1" aria-describedby="rememberlabel">
-        <label id="rememberlabel" for="remember">
-          <span trspan="rememberChoice">Remember my choice</span>
-        </label>
-      </div>
-      </TMPL_IF>
-
-      <TMPL_ELSE>
-
      <TMPL_IF NAME="ACTIVE_TIMER">
        <div class="alert alert-info">
          <p id="timer" trspan="autoAccept">Automatically accept in 30 seconds</p>
@ -78,8 +43,6 @@
        </button>
      </div>

-      </TMPL_IF>
-
      <!-- //if:jsminified
        <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/confirm.min.js"></script>
      //else -->
--- a/lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl
@ -0,0 +1,78 @@
+<TMPL_INCLUDE NAME="header.tpl">
+
+<div id="logincontent" class="container">
+
+  <form id="form" action="#" method="<TMPL_VAR NAME="FORM_METHOD">" class="confirm" role="form">
+
+    <TMPL_VAR NAME="HIDDEN_INPUTS">
+    <TMPL_IF NAME="AUTH_URL">
+      <input type="hidden" name="url" value="<TMPL_VAR NAME="AUTH_URL">" />
+    </TMPL_IF>
+    <TMPL_IF NAME="CHOICE_VALUE">
+      <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
+    </TMPL_IF>
+    <TMPL_IF NAME="CONFIRMKEY">
+      <input type="hidden" id="confirm" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">" />
+    </TMPL_IF>
+    <input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
+
+    <div class="panel panel-info">
+      <div class="panel-heading">
+        <h3 class="panel-title">
+          <span trspan="selectIdP">Select your Identity Provider</span>
+        </h3>
+      </div>
+      <div class="panel-body form">
+
+      <input type="hidden" id="idp" name="idp"/>
+
+      <div class="row">
+      <TMPL_LOOP NAME="LIST">
+        <div class="col-sm-6 <TMPL_VAR NAME="class">">
+          <button type="submit" class="btn btn-info idploop" val="<TMPL_VAR NAME="VAL">">
+          <TMPL_IF NAME="icon">
+            <img src="<TMPL_VAR NAME="icon">" class="glyphicon" />
+          <TMPL_ELSE>
+            <i class="glyphicon glyphicon-chevron-right"></i>
+          </TMPL_IF>
+            <TMPL_VAR NAME="NAME">
+          </button>
+        </div>
+      </TMPL_LOOP>
+      </div>
+
+      <TMPL_IF NAME="REMEMBER">
+	  <p>&nbsp;</p>
+      <div class="checkbox">
+        <input type="checkbox" id="remember" name="cookie_type" value="1" aria-describedby="rememberlabel">
+        <label id="rememberlabel" for="remember">
+          <span trspan="rememberChoice">Remember my choice</span>
+        </label>
+      </div>
+      </TMPL_IF>
+
+      <!-- //if:jsminified
+        <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/idpchoice.min.js"></script>
+      //else -->
+        <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/idpchoice.js"></script>
+      <!-- //endif -->
+
+      </div>
+    </div>
+    
+	  <TMPL_IF NAME="PORTAL_URL">
+	    <div id="logout">
+	      <div class="buttons">
+	        <a href="<TMPL_VAR NAME="PORTAL_URL"><TMPL_IF NAME="AUTH_URL">/?url=<TMPL_VAR NAME="AUTH_URL"></TMPL_IF>" class="btn btn-primary" role="button">
+	          <span class="glyphicon glyphicon-home"></span>&nbsp;
+	          <span trspan="goToPortal">Go to portal</span>
+	        </a>
+	      </div>
+	    </div>
+	  </TMPL_IF>
+	  
+  </form>
+
+</div>
+
+<TMPL_INCLUDE NAME="footer.tpl">
--- a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
+++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
@ -334,6 +334,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
    expectForm( $res, '#', undef, 'confirm', 'idp' );

    #print STDERR Dumper($res);
+
 }

 count($maintests);
				`@ -0,0 +1 @@`
				`(function(){$(document).ready(function(){return $(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))})})}).call(this);`