change_password_url parameter for alternate login methods

2017-07-31 19:00:24 +02:00
parent 1014d3e86e
commit d5167f2ed6
3 changed files with 45 additions and 2 deletions
@@ -49,7 +49,8 @@ class CasAuth(object):
                           email=lambda v: v.get('email', None),
                           user_id=lambda v: v['user']),
                 casversion=1,
-                 casusername='cas:user'
+                 casusername='cas:user',
+		 change_password_url=None
                 ):
        self.urlbase = urlbase
        self.cas_login_url = "%s/%s" % (self.urlbase, actions[0])
@@ -64,6 +65,9 @@ class CasAuth(object):
                              #vars=current.request.vars,
                              scheme=True)

+	# URL to let users change their password in the IDP system
+        self.cas_change_password_url = change_password_url
+
    def login_url(self, next="/"):
        current.session.token = self._CAS_login()
        return next
@@ -74,6 +78,10 @@ class CasAuth(object):
        self._CAS_logout()
        return next

+    def change_password_url(self, next="/"):
+        self._CAS_change_password()
+        return next
+
    def get_user(self):
        user = current.session.token
        if user:
@@ -135,3 +143,6 @@ class CasAuth(object):
        redirects to the CAS logout page
        """
        redirect("%s?service=%s" % (self.cas_logout_url, self.cas_my_url))
+
+    def _CAS_change_password(self):
+        redirect(self.cas_change_password_url)
@@ -145,10 +145,16 @@ class Saml2Auth(object):
            username=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0],
            email=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0],
            user_id=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0],
-            )):
+            ), logout_url=None, change_password_url=None):
        self.config_file = config_file
        self.maps = maps

+	# URL for redirecting users to when they sign out
+        self.saml_logout_url = logout_url
+
+        # URL to let users change their password in the IDP system
+        self.saml_change_password_url = change_password_url
+
    def login_url(self, next="/"):
        d = saml2_handler(current.session, current.request)
        if 'url' in d:
@@ -170,6 +176,12 @@ class Saml2Auth(object):

    def logout_url(self, next="/"):
        current.session.saml2_info = None
+        current.session.auth = None
+        self._SAML_logout()
+        return next
+
+    def change_password_url(self, next="/"):
+        self._SAML_change_password()
        return next

    def get_user(self):        
@@ -180,3 +192,13 @@ class Saml2Auth(object):
                d[key] = self.maps[key](user)
            return d
        return None
+
+    def _SAML_logout(self):
+        """
+        exposed SAML.logout()
+        redirects to the SAML logout page
+        """
+        redirect(self.saml_logout_url)
+
+    def _SAML_change_password(self):
+        redirect(self.saml_change_password_url)
@@ -3663,6 +3663,16 @@ class Auth(AuthAPI):
        if not self.is_logged_in():
            redirect(self.settings.login_url,
                     client_side=self.settings.client_side)
+
+        # Go to external link to change the password
+        if self.settings.login_form != self:
+            cas = self.settings.login_form
+            # To prevent error if change_password_url function is not defined in alternate login
+            if hasattr(cas, 'change_password_url'):
+                next = cas.change_password_url(next)
+                if next is not None:
+                    redirect(next)
+
        db = self.db
        table_user = self.table_user()
        s = db(table_user.id == self.user.id)