Commit 8512989a authored by o's avatar o
Browse files

update login token on relogin_saml

parent f29791b6
......@@ -55,10 +55,17 @@ module ApiBackend
end
end
def self.auth(user, pw, handoff, options = {})
def self.auth_saml(user, pw, options = {})
if EmailValidation::immerda_email_conform(user)
return post(['auth', if handoff then 'handoff' else 'master_saml' end],
{"email"=>user, "password" => pw}.merge(options))
return post(['auth', 'master_saml'],
{"email"=>user, "password" => pw}.merge(options))
end
end
def self.handoff(user, pw, options = {})
if EmailValidation::immerda_email_conform(user)
return post(['auth', 'handoff'],
{"email"=>user, "password" => pw}.merge(options))
end
end
......
class HandoffLoginController < LoginController
public
def auth(user, pw, unlock, totp)
ApiBackend::handoff(
user,
pw,
unlock: unlock,
totp: totp)
end
protected
def successful_login(options, pw)
@user = options["email"]
......
......@@ -5,6 +5,11 @@ require 'jsobfu'
class LoginController < ApplicationController
CountIpFails = false
def save_login_token(res)
session[:login_token] = res['login_token']
session[:login_user] = @input_user_id
end
def login
unless session[:properly_initialized]
return new_login_session
......@@ -45,17 +50,10 @@ class LoginController < ApplicationController
end
begin
res = ApiBackend::auth(@input_user_id,
@input_pw,
!!@handoff,
unlock: @input_unlock,
totp: @input_totp,
saml_request: @saml_request)
if res
if res = auth(@input_user_id, @input_pw, @input_unlock, @input_totp)
# Login ok
reset_user_session
session[:login_token] = res['login_token']
session[:login_user] = @input_user_id
save_login_token(res)
if CountIpFails
Rails.cache.write(client_auth_key, 0, expires_in: 10.minutes)
......@@ -89,12 +87,6 @@ class LoginController < ApplicationController
return login_failed
end
def logout
# TODO (use iframes to log out at all SPs)
reset_user_session
render 'logout'
end
def new
flash[:notice] = nil
new_login_session
......
......@@ -36,10 +36,24 @@ class SamlLoginController < LoginController
if !session_expired? && session[:login_token]
update_session_expiry
load_custom_params_new
if res = ApiBackend::reissue_saml(session[:login_user], session[:login_token], @saml_request)
if res = ApiBackend::reissue_saml(session[:login_user],
session[:login_token],
@saml_request)
reset_user_session
save_login_token(res)
return successful_login(res, nil)
end
end
super
end
def auth(user, pw, unlock, totp)
ApiBackend::auth_saml(
user,
pw,
unlock: unlock,
totp: totp,
saml_request: @saml_request)
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment