From ece95d3da2620c5b4b6052aae9222035b701876b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= <clement@oodo.net>
Date: Fri, 29 Jun 2018 17:51:39 +0200
Subject: [PATCH] IDP choice template (#1465)

---
 lemonldap-ng-portal/MANIFEST                  |  2 +
 .../lib/Lemonldap/NG/Portal/Auth/CAS.pm       |  4 +-
 .../Lemonldap/NG/Portal/Auth/OpenIDConnect.pm |  4 +-
 .../lib/Lemonldap/NG/Portal/Auth/SAML.pm      |  3 +-
 .../lib/Lemonldap/NG/Portal/Main/Constants.pm |  3 +-
 .../lib/Lemonldap/NG/Portal/Main/Display.pm   | 30 ++++++-
 .../site/coffee/confirm.coffee                |  2 -
 .../site/coffee/idpchoice.coffee              |  3 +
 .../site/htdocs/static/common/js/confirm.js   |  3 -
 .../htdocs/static/common/js/confirm.min.js    |  2 +-
 .../site/htdocs/static/common/js/idpchoice.js |  9 +++
 .../htdocs/static/common/js/idpchoice.min.js  |  1 +
 .../site/templates/bootstrap/confirm.tpl      | 37 ---------
 .../site/templates/bootstrap/idpchoice.tpl    | 78 +++++++++++++++++++
 .../t/37-Logout-from-OIDC-RP-to-SAML-SP.t     |  1 +
 15 files changed, 132 insertions(+), 50 deletions(-)
 create mode 100644 lemonldap-ng-portal/site/coffee/idpchoice.coffee
 create mode 100644 lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
 create mode 100644 lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
 create mode 100644 lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl

diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 6c8765137..dde2bbab7 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -138,6 +138,7 @@ README
 site/coffee/2fregistration.coffee
 site/coffee/autoRenew.coffee
 site/coffee/confirm.coffee
+site/coffee/idpchoice.coffee
 site/coffee/info.coffee
 site/coffee/kerberos.coffee
 site/coffee/oidcchecksession.coffee
@@ -295,6 +296,7 @@ site/templates/bootstrap/error.tpl
 site/templates/bootstrap/ext2fcheck.tpl
 site/templates/bootstrap/footer.tpl
 site/templates/bootstrap/header.tpl
+site/templates/bootstrap/idpchoice.tpl
 site/templates/bootstrap/info.tpl
 site/templates/bootstrap/ldapPpGrace.tpl
 site/templates/bootstrap/login.tpl
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
index ace9b4b37..3054ddb53 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@@ -5,8 +5,8 @@ use Mouse;
 use URI::Escape;
 use Lemonldap::NG::Common::FormEncode;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_CONFIRM
   PE_ERROR
+  PE_IDPCHOICE
   PE_OK
   PE_REDIRECT
   PE_SENDRESPONSE
@@ -126,7 +126,7 @@ sub extractFormInfo {
             $req->datas->{confirmRemember} = 0;
 
             $req->datas->{login} = 1;
-            return PE_CONFIRM;
+            return PE_IDPCHOICE;
         }
     }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
index 986a7fb29..7948f0d70 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
@@ -4,8 +4,8 @@ use strict;
 use Mouse;
 use MIME::Base64 qw/encode_base64 decode_base64/;
 use Lemonldap::NG::Portal::Main::Constants qw(
-  PE_CONFIRM
   PE_ERROR
+  PE_IDPCHOICE
   PE_OK
 );
 
@@ -234,7 +234,7 @@ sub extractFormInfo {
             $req->datas->{confirmRemember} = 0;
 
             $req->datas->{login} = 1;
-            return PE_CONFIRM;
+            return PE_IDPCHOICE;
         }
     }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
index 35ecf2a40..72f2fac43 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
@@ -6,6 +6,7 @@ use Lemonldap::NG::Portal::Lib::SAML;
 use Lemonldap::NG::Common::FormEncode;
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_CONFIRM
+  PE_IDPCHOICE
   PE_LOGOUT_OK
   PE_REDIRECT
   PE_OK
@@ -860,7 +861,7 @@ sub extractFormInfo {
 
         #TODO: check this
         $req->datas->{login} = 1;
-        return PE_CONFIRM;
+        return PE_IDPCHOICE;
     }
 
     # If IDP is found but not confirmed, let the user confirm it
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
index 67535079a..bc0642e6d 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
@@ -90,6 +90,7 @@ use constant {
     PE_U2FFAILED                        => 83,
     PE_UNAUTHORIZEDPARTNER              => 84,
     PE_RENEWSESSION                     => 85,
+    PE_IDPCHOICE                        => 86,
 };
 
 # EXPORTER PARAMETERS
@@ -115,7 +116,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
   PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
   PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
   PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
-  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION
+  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE
 );
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 869ab454b..df1c85175 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -59,7 +59,7 @@ sub display {
         );
     }
 
-    # 1.2 An authentication (or userDB) module needs to ask a question
+    # 1.2a An authentication (or userDB) module needs to ask a question
     #     before processing to the request
     elsif ( $req->{error} == PE_CONFIRM ) {
         $self->logger->debug('Display: confirm detected');
@@ -78,6 +78,33 @@ sub display {
               && $req->datas->{login},
             ASK_LOGINS => $req->param('checkLogins') || 0,
             CONFIRMKEY => $self->stamp(),
+            REMEMBER   => $req->datas->{confirmRemember},
+            (
+                $req->datas->{customScript}
+                ? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
+                : ()
+            ),
+        );
+    }
+
+    # 1.2b An authentication (or userDB) module needs to ask a question
+    #     before processing to the request
+    elsif ( $req->{error} == PE_IDPCHOICE ) {
+        $self->logger->debug('Display: IDP choice detected');
+        $skinfile       = 'idpchoice';
+        %templateParams = (
+            AUTH_ERROR      => $req->error,
+            AUTH_ERROR_TYPE => $req->error_type,
+            AUTH_URL        => $req->{datas}->{_url},
+            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
+            ACTIVE_TIMER    => $req->datas->{activeTimer},
+            FORM_METHOD     => $self->conf->{confirmFormMethod},
+            CHOICE_PARAM    => $self->conf->{authChoiceParam},
+            CHOICE_VALUE    => $req->datas->{_authChoice},
+            CHECK_LOGINS    => $self->conf->{portalCheckLogins}
+              && $req->datas->{login},
+            ASK_LOGINS => $req->param('checkLogins') || 0,
+            CONFIRMKEY => $self->stamp(),
             LIST       => $req->datas->{list}        || [],
             REMEMBER   => $req->datas->{confirmRemember},
             (
@@ -88,6 +115,7 @@ sub display {
         );
     }
 
+
     # 1.3 There is a message to display
     elsif ( my $info = $req->info ) {
         $self->logger->debug('Display: info detected');
diff --git a/lemonldap-ng-portal/site/coffee/confirm.coffee b/lemonldap-ng-portal/site/coffee/confirm.coffee
index d08ae5558..9cf408b55 100644
--- a/lemonldap-ng-portal/site/coffee/confirm.coffee
+++ b/lemonldap-ng-portal/site/coffee/confirm.coffee
@@ -18,7 +18,5 @@ timer = () ->
 $(document).ready ->
 	setTimeout go, 30000
 	setTimeout timer, 1000
-	$(".idploop").on 'click', () ->
-		$("#idp").val $(this).attr("val")
 	$("#refuse").on 'click', () ->
 		$("#confirm").attr "value", $(this).attr("val")
diff --git a/lemonldap-ng-portal/site/coffee/idpchoice.coffee b/lemonldap-ng-portal/site/coffee/idpchoice.coffee
new file mode 100644
index 000000000..b31918f0b
--- /dev/null
+++ b/lemonldap-ng-portal/site/coffee/idpchoice.coffee
@@ -0,0 +1,3 @@
+$(document).ready ->
+	$(".idploop").on 'click', () ->
+		$("#idp").val $(this).attr("val")
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
index 734d90fc0..677aac747 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.js
@@ -29,9 +29,6 @@
   $(document).ready(function() {
     setTimeout(go, 30000);
     setTimeout(timer, 1000);
-    $(".idploop").on('click', function() {
-      return $("#idp").val($(this).attr("val"));
-    });
     return $("#refuse").on('click', function() {
       return $("#confirm").attr("value", $(this).attr("val"));
     });
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
index dabb14b62..5f9fe99f4 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/confirm.min.js
@@ -1 +1 @@
-(function(){var c,a,d,b;a=5;b=0;c=function(){if(b){return $("#form").submit()}};d=function(){var e;e=$("#timer").html();if(e){b=1;if(a>0){a--}e=e.replace(/\d+/,a);$("#timer").html(e);return setTimeout(d,1000)}};$(document).ready(function(){setTimeout(c,30000);setTimeout(d,1000);$(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))});return $("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
\ No newline at end of file
+(function(){var go,i,timer,timerIsEnabled;i=5;timerIsEnabled=0;go=function(){if(timerIsEnabled){return $("#form").submit()}};timer=function(){var h;h=$("#timer").html();if(h){timerIsEnabled=1;if(i>0){i--}h=h.replace(/\d+/,i);$("#timer").html(h);return setTimeout(timer,1e3)}};$(document).ready(function(){setTimeout(go,3e4);setTimeout(timer,1e3);return $("#refuse").on("click",function(){return $("#confirm").attr("value",$(this).attr("val"))})})}).call(this);
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
new file mode 100644
index 000000000..2e782fc1d
--- /dev/null
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.js
@@ -0,0 +1,9 @@
+// Generated by CoffeeScript 1.10.0
+(function() {
+  $(document).ready(function() {
+    return $(".idploop").on('click', function() {
+      return $("#idp").val($(this).attr("val"));
+    });
+  });
+
+}).call(this);
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
new file mode 100644
index 000000000..52edbd7e0
--- /dev/null
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/idpchoice.min.js
@@ -0,0 +1 @@
+(function(){$(document).ready(function(){return $(".idploop").on("click",function(){return $("#idp").val($(this).attr("val"))})})}).call(this);
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl b/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
index 7fc8b4eae..fa80bb529 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/confirm.tpl
@@ -19,48 +19,13 @@
     <div class="panel panel-info">
       <div class="panel-heading">
         <h3 class="panel-title">
-        <TMPL_IF NAME="LIST">
-          <span trspan="selectIdP">Select your Identity Provider</span>
-        <TMPL_ELSE>
           <span trspan="confirmation">Confirmation</span>
-        </TMPL_IF>
         </h3>
       </div>
       <div class="panel-body form">
 
       <TMPL_VAR NAME="MSG">
 
-      <TMPL_IF NAME="LIST">
-
-      <input type="hidden" id="idp" name="idp"/>
-
-      <div class="row">
-      <TMPL_LOOP NAME="LIST">
-        <div class="col-sm-6 <TMPL_VAR NAME="class">">
-          <button type="submit" class="btn btn-info idploop" val="<TMPL_VAR NAME="VAL">">
-          <TMPL_IF NAME="icon">
-            <img src="<TMPL_VAR NAME="icon">" class="glyphicon" />
-          <TMPL_ELSE>
-            <i class="glyphicon glyphicon-chevron-right"></i>
-          </TMPL_IF>
-            <TMPL_VAR NAME="NAME">
-          </button>
-        </div>
-      </TMPL_LOOP>
-      </div>
-
-      <TMPL_IF NAME="REMEMBER">
-	  <p>&nbsp;</p>
-      <div class="checkbox">
-        <input type="checkbox" id="remember" name="cookie_type" value="1" aria-describedby="rememberlabel">
-        <label id="rememberlabel" for="remember">
-          <span trspan="rememberChoice">Remember my choice</span>
-        </label>
-      </div>
-      </TMPL_IF>
-
-      <TMPL_ELSE>
-
       <TMPL_IF NAME="ACTIVE_TIMER">
         <div class="alert alert-info">
           <p id="timer" trspan="autoAccept">Automatically accept in 30 seconds</p>
@@ -78,8 +43,6 @@
         </button>
       </div>
 
-      </TMPL_IF>
-
       <!-- //if:jsminified
         <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/confirm.min.js"></script>
       //else -->
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl b/lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl
new file mode 100644
index 000000000..2c7b58b0d
--- /dev/null
+++ b/lemonldap-ng-portal/site/templates/bootstrap/idpchoice.tpl
@@ -0,0 +1,78 @@
+<TMPL_INCLUDE NAME="header.tpl">
+
+<div id="logincontent" class="container">
+
+  <form id="form" action="#" method="<TMPL_VAR NAME="FORM_METHOD">" class="confirm" role="form">
+
+    <TMPL_VAR NAME="HIDDEN_INPUTS">
+    <TMPL_IF NAME="AUTH_URL">
+      <input type="hidden" name="url" value="<TMPL_VAR NAME="AUTH_URL">" />
+    </TMPL_IF>
+    <TMPL_IF NAME="CHOICE_VALUE">
+      <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
+    </TMPL_IF>
+    <TMPL_IF NAME="CONFIRMKEY">
+      <input type="hidden" id="confirm" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">" />
+    </TMPL_IF>
+    <input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
+
+    <div class="panel panel-info">
+      <div class="panel-heading">
+        <h3 class="panel-title">
+          <span trspan="selectIdP">Select your Identity Provider</span>
+        </h3>
+      </div>
+      <div class="panel-body form">
+
+      <input type="hidden" id="idp" name="idp"/>
+
+      <div class="row">
+      <TMPL_LOOP NAME="LIST">
+        <div class="col-sm-6 <TMPL_VAR NAME="class">">
+          <button type="submit" class="btn btn-info idploop" val="<TMPL_VAR NAME="VAL">">
+          <TMPL_IF NAME="icon">
+            <img src="<TMPL_VAR NAME="icon">" class="glyphicon" />
+          <TMPL_ELSE>
+            <i class="glyphicon glyphicon-chevron-right"></i>
+          </TMPL_IF>
+            <TMPL_VAR NAME="NAME">
+          </button>
+        </div>
+      </TMPL_LOOP>
+      </div>
+
+      <TMPL_IF NAME="REMEMBER">
+	  <p>&nbsp;</p>
+      <div class="checkbox">
+        <input type="checkbox" id="remember" name="cookie_type" value="1" aria-describedby="rememberlabel">
+        <label id="rememberlabel" for="remember">
+          <span trspan="rememberChoice">Remember my choice</span>
+        </label>
+      </div>
+      </TMPL_IF>
+
+      <!-- //if:jsminified
+        <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/idpchoice.min.js"></script>
+      //else -->
+        <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/idpchoice.js"></script>
+      <!-- //endif -->
+
+      </div>
+    </div>
+    
+	  <TMPL_IF NAME="PORTAL_URL">
+	    <div id="logout">
+	      <div class="buttons">
+	        <a href="<TMPL_VAR NAME="PORTAL_URL"><TMPL_IF NAME="AUTH_URL">/?url=<TMPL_VAR NAME="AUTH_URL"></TMPL_IF>" class="btn btn-primary" role="button">
+	          <span class="glyphicon glyphicon-home"></span>&nbsp;
+	          <span trspan="goToPortal">Go to portal</span>
+	        </a>
+	      </div>
+	    </div>
+	  </TMPL_IF>
+	  
+  </form>
+
+</div>
+
+<TMPL_INCLUDE NAME="footer.tpl">
diff --git a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
index 83bae4538..2e7a5e532 100644
--- a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
+++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
@@ -334,6 +334,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
     expectForm( $res, '#', undef, 'confirm', 'idp' );
 
     #print STDERR Dumper($res);
+
 }
 
 count($maintests);