diff --git a/gluon/contrib/login_methods/cas_auth.py b/gluon/contrib/login_methods/cas_auth.py index 1a07c5f1..73be8ae1 100644 --- a/gluon/contrib/login_methods/cas_auth.py +++ b/gluon/contrib/login_methods/cas_auth.py @@ -49,7 +49,8 @@ class CasAuth(object): email=lambda v: v.get('email', None), user_id=lambda v: v['user']), casversion=1, - casusername='cas:user' + casusername='cas:user', + change_password_url=None ): self.urlbase = urlbase self.cas_login_url = "%s/%s" % (self.urlbase, actions[0]) @@ -64,6 +65,9 @@ class CasAuth(object): #vars=current.request.vars, scheme=True) + # URL to let users change their password in the IDP system + self.cas_change_password_url = change_password_url + def login_url(self, next="/"): current.session.token = self._CAS_login() return next @@ -74,6 +78,10 @@ class CasAuth(object): self._CAS_logout() return next + def change_password_url(self, next="/"): + self._CAS_change_password() + return next + def get_user(self): user = current.session.token if user: @@ -135,3 +143,6 @@ class CasAuth(object): redirects to the CAS logout page """ redirect("%s?service=%s" % (self.cas_logout_url, self.cas_my_url)) + + def _CAS_change_password(self): + redirect(self.cas_change_password_url) diff --git a/gluon/contrib/login_methods/saml2_auth.py b/gluon/contrib/login_methods/saml2_auth.py index 42fe24db..462d9845 100644 --- a/gluon/contrib/login_methods/saml2_auth.py +++ b/gluon/contrib/login_methods/saml2_auth.py @@ -145,10 +145,16 @@ class Saml2Auth(object): username=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0], email=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0], user_id=lambda v:v['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'][0], - )): + ), logout_url=None, change_password_url=None): self.config_file = config_file self.maps = maps + # URL for redirecting users to when they sign out + self.saml_logout_url = logout_url + + # URL to let users change their password in the IDP system + self.saml_change_password_url = change_password_url + def login_url(self, next="/"): d = saml2_handler(current.session, current.request) if 'url' in d: @@ -170,6 +176,12 @@ class Saml2Auth(object): def logout_url(self, next="/"): current.session.saml2_info = None + current.session.auth = None + self._SAML_logout() + return next + + def change_password_url(self, next="/"): + self._SAML_change_password() return next def get_user(self): @@ -180,3 +192,13 @@ class Saml2Auth(object): d[key] = self.maps[key](user) return d return None + + def _SAML_logout(self): + """ + exposed SAML.logout() + redirects to the SAML logout page + """ + redirect(self.saml_logout_url) + + def _SAML_change_password(self): + redirect(self.saml_change_password_url) diff --git a/gluon/tools.py b/gluon/tools.py index 4b34be77..a4b28aa0 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -3663,6 +3663,16 @@ class Auth(AuthAPI): if not self.is_logged_in(): redirect(self.settings.login_url, client_side=self.settings.client_side) + + # Go to external link to change the password + if self.settings.login_form != self: + cas = self.settings.login_form + # To prevent error if change_password_url function is not defined in alternate login + if hasattr(cas, 'change_password_url'): + next = cas.change_password_url(next) + if next is not None: + redirect(next) + db = self.db table_user = self.table_user() s = db(table_user.id == self.user.id)