use user authentication to filter SPs attached to the same organization as its IdP

c10ccf73 · Guillaume ROUSSE · 5d0eae68 · c10ccf73 · c10ccf73 · c10ccf73
Commit c10ccf73 authored 6 years ago by Guillaume ROUSSE
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -202,6 +202,8 @@ sub respond {
        $theme_templates_dir  :
        $default_templates_dir;

+    $Template::Stash::PRIVATE = undef;
+
    my $tt2 = Template->new({
        ENCODING     => 'utf8',
        PRE_CHOMP    => CHOMP_ONE,
@@ -255,7 +257,7 @@ sub req_select_sp {

    my @federations = split(/, */, $self->{configuration}->{federations}->{list});

-    my %federations;
+    my %groups;
    my @self_entities;
    foreach my $federation (@federations) {
        my $file = $self->get_metadata_file(federation => $federation);
@@ -272,9 +274,15 @@ sub req_select_sp {
        ) if $EVAL_ERROR;

        my $entities = $metadata->parse(type => 'sp');
-        $federations{$federation} = {
+        $groups{$federation} = {
            label    => $self->{configuration}->{$federation}->{label},
-            entities => $entities
+            entities => [
+                map { {
+                    id         => $_->{entityid},
+                    name       => $_->{display_name},
+                    federation => $federation
+                 } } @$entities
+            ]
        };

        # if user is authenticated, and its IdP is found in metadata,
@@ -283,13 +291,19 @@ sub req_select_sp {
            my $idps = $metadata->parse(id => $ENV{HTTP_SHIB_IDENTITY_PROVIDER});
            my $idp  = $idps->[0];
            if ($idp) {
-                $self->{logger}->debugf(
-		    "idp %s found in federation %s metadata",
-		    $ENV{HTTP_SHIB_IDENTITY_PROVIDER},
-		    $federation
-		);
                my $organization = $idp->{organization};
+                $self->{logger}->debugf(
+                    "idp %s found in federation %s metadata with organization %s",
+                    $ENV{HTTP_SHIB_IDENTITY_PROVIDER},
+                    $federation,
+                    $organization
+                );
                push @self_entities,
+                    map { {
+                        id         => $_->{entityid},
+                        name       => $_->{display_name},
+                        federation => $federation
+                    } }
                    grep { $_->{organization} eq $organization }
                    @$entities;
            }
@@ -297,7 +311,7 @@ sub req_select_sp {
    }

    if (@self_entities) {
-        $federations{self} = {
+        $groups{_self} = {
            label    => $self->{lh}->maketext("My organization"),
            entities => \@self_entities,
        };
@@ -306,8 +320,8 @@ sub req_select_sp {
    $self->respond(
        template => 'select_sp.tt2.html',
        data     => {
-            action      => 'select_sp',
-            federations => \%federations,
+            action => 'select_sp',
+            groups => \%groups,
        }
    );
 }

--- a/templates/web/edugain/select_sp.tt2.html
+++ b/templates/web/edugain/select_sp.tt2.html
@@ -15,13 +15,13 @@
            [% lh.maketext("You must be an administrator of that service to continue afterwards.") %]
        </p>

-        [% FOREACH federation IN federations.keys.sort() %]
+        [% FOREACH group IN groups.keys.sort() %]
        <fieldset>
-            <label for="[% federation %]_entityid">[% federations.$federation.label %]</label>
-            <select id="[% federation %]_entityid" name="[% federation %]_entityid">
+            <label for="[% group %]">[% groups.$group.label %]</label>
+            <select id="[% group %]" name="[% group %]">
                <option value=""></option>
-            [% FOREACH entity IN federations.$federation.entities.sort('display_name') %]
-                <option value="[% entity.entityid %]">[% entity.display_name %]</option>
+            [% FOREACH entity IN groups.$group.entities.sort('name') %]
+                <option value="[% entity.id %]" data-federation="[% entity.federation %]">[% entity.name %]</option>
            [% END %]
            </select>
        </fieldset>
@@ -80,17 +80,13 @@ $( document ).ready(function() {
                        item: ui.item.option
                    });

-                    // retrieve federation and entityid
-                    var id = this.element.attr('id');
-                    var id_parts = id.split('_');
-                    var federation = id_parts[0];
-                    var entity = this.element.val();
-
                    // reset other comboboxes
                    $("input[id!='" + id + "_combobox']").val("");
                    $("select[id!='" + id + "']  option:selected").prop('selected', false);

-                    // set federation
+                    // retrieve federation and entityid
+                    var entity     = this.element.val();
+                    var federation = this.element.find('option:selected').attr('data-federation');
                    $("#federation").val(federation);
                    $("#entityid").val(entity);
                },
@@ -186,8 +182,8 @@ $( document ).ready(function() {
        }
    });

-[% FOREACH federation IN federations.keys() %]
-    $( "#[% federation %]_entityid" ).combobox();
+[% FOREACH group IN groups.keys() %]
+    $( "#[% group %]" ).combobox();
 [% END %]

    $.validator.messages.required = "[% lh.maketext("This information is required") %]";

--- a/templates/web/renater/select_sp.tt2.html
+++ b/templates/web/renater/select_sp.tt2.html
@@ -15,13 +15,13 @@
            [% lh.maketext("You must be an administrator of that service to continue afterwards.") %]
        </p>

-        [% FOREACH federation IN federations.keys.sort() %]
+        [% FOREACH group IN groups.keys.sort() %]
        <fieldset>
-            <label for="[% federation %]_entityid">[% federations.$federation.label %]</label>
-            <select id="[% federation %]_entityid" name="[% federation %]_entityid">
+            <label for="[% group %]">[% groups.$group.label %]</label>
+            <select id="[% group %]" name="[% group %]">
                <option value=""></option>
-            [% FOREACH entity IN federations.$federation.entities.sort('display_name') %]
-                <option value="[% entity.entityid %]">[% entity.display_name %]</option>
+            [% FOREACH entity IN groups.$group.entities.sort('name') %]
+                <option value="[% entity.id %]" data-federation="[% entity.federation %]">[% entity.name %]</option>
            [% END %]
            </select>
        </fieldset>
@@ -80,17 +80,14 @@ $( document ).ready(function() {
                        item: ui.item.option
                    });

-                    // retrieve federation and entityid
-                    var id = this.element.attr('id');
-                    var id_parts = id.split('_');
-                    var federation = id_parts[0];
-                    var entity = this.element.val();
-
                    // reset other comboboxes
+                    var id = this.element.attr('id');
                    $("input[id!='" + id + "_combobox']").val("");
                    $("select[id!='" + id + "']  option:selected").prop('selected', false);

-                    // set federation
+                    // retrieve federation and entityid
+                    var entity     = this.element.val();
+                    var federation = this.element.find('option:selected').attr('data-federation');
                    $("#federation").val(federation);
                    $("#entityid").val(entity);
                },
@@ -186,8 +183,8 @@ $( document ).ready(function() {
        }
    });

-[% FOREACH federation IN federations.keys() %]
-    $( "#[% federation %]_entityid" ).combobox();
+[% FOREACH group IN groups.keys() %]
+    $( "#[% group %]" ).combobox();
 [% END %]

    $.validator.messages.required = "[% lh.maketext("This information is required") %]";