From 36839064c4095baeb036efdf5fb2755a57e0176b Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Mon, 21 Nov 2016 17:35:05 +0100
Subject: [PATCH] redirect to password change page if required by proxied
 application (#14037)

---
 mandayejs/do_login.js                        | 11 +++++++++++
 mandayejs/mandaye/views.py                   |  4 +++-
 mandayejs/static/archimed/js/auth.checker.js |  5 ++++-
 mandayejs/static/arpege/js/auth.checker.js   |  5 ++++-
 mandayejs/static/duonet/js/auth.checker.js   |  3 +++
 mandayejs/static/imuse/js/auth.checker.js    |  5 ++++-
 mandayejs/static/sezhame/js/auth.checker.js  | 15 ++++++++++-----
 mandayejs/static/teamnet/js/auth.checker.js  |  7 +++++++
 8 files changed, 46 insertions(+), 9 deletions(-)

diff --git a/mandayejs/do_login.js b/mandayejs/do_login.js
index 6e34f9f..bf41ee8 100644
--- a/mandayejs/do_login.js
+++ b/mandayejs/do_login.js
@@ -64,8 +64,19 @@ page.open(input.address, function(status) {
          input.auth_success = page.evaluate(function(){
              return auth_success();
          });
+         input.password_change_required = page.evaluate(function() {
+             return password_change_required();
+         });
      }
 
+      if (input.password_change_required) {
+        output['result'] = 'redirect';
+        output['reason'] = 'password_change_required';
+        output['url'] = page.url;
+        console.log(JSON.stringify(output));
+        phantom.exit();
+    }
+
     if (!input.auth_success){
         output['result'] = 'failure';
         output['reason'] = 'authentication';
diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py
index ef2ea17..1f9eef5 100644
--- a/mandayejs/mandaye/views.py
+++ b/mandayejs/mandaye/views.py
@@ -151,12 +151,14 @@ def post_login_do(request, *args, **kwargs):
     result = exec_phantom(login_info)
     logger.debug(result)
 
-    if result.get('result') != 'ok':
+    if result.get('result') == 'failure':
         logger.debug('authentication failed')
         logger.debug("redirecting to {}".format(resolve_url('associate')))
         credentials.delete()
         messages.error(request, _('wrong user credentials'))
         url = resolve_url('associate')
+    elif result.get('result') == 'redirect':
+        url = result.get('url', '/')
     else:
         credentials.linked = True
         credentials.save()
diff --git a/mandayejs/static/archimed/js/auth.checker.js b/mandayejs/static/archimed/js/auth.checker.js
index 04c7bfe..62a8319 100644
--- a/mandayejs/static/archimed/js/auth.checker.js
+++ b/mandayejs/static/archimed/js/auth.checker.js
@@ -5,5 +5,8 @@ $(function(){
             return true;
         }
         return false;
-    }
+    };
+    window.password_change_required = function() {
+        return false;
+    };
 });
diff --git a/mandayejs/static/arpege/js/auth.checker.js b/mandayejs/static/arpege/js/auth.checker.js
index 4eba48f..8cde2f3 100644
--- a/mandayejs/static/arpege/js/auth.checker.js
+++ b/mandayejs/static/arpege/js/auth.checker.js
@@ -3,5 +3,8 @@ $(function(){
         if(window.location.href.indexOf('/affichage_accueil_prive.do') != -1)
             return true;
         return false;
-    }
+    };
+    window.password_change_required = function() {
+        return false;
+    };
 });
diff --git a/mandayejs/static/duonet/js/auth.checker.js b/mandayejs/static/duonet/js/auth.checker.js
index 56ef332..ef60a34 100644
--- a/mandayejs/static/duonet/js/auth.checker.js
+++ b/mandayejs/static/duonet/js/auth.checker.js
@@ -4,4 +4,7 @@ $(function(){
            return true;
        return false;
     };
+    window.password_change_required = function() {
+        return false;
+    };
 });
diff --git a/mandayejs/static/imuse/js/auth.checker.js b/mandayejs/static/imuse/js/auth.checker.js
index f1453f7..23202ef 100644
--- a/mandayejs/static/imuse/js/auth.checker.js
+++ b/mandayejs/static/imuse/js/auth.checker.js
@@ -3,6 +3,9 @@ $(function(){
         if ($('#INDEX_TBL_LOGIN').length < 1)
             return true;
         return false;
-    }
+    };
+    window.password_change_required = function() {
+        return false;
+    };
 })
 
diff --git a/mandayejs/static/sezhame/js/auth.checker.js b/mandayejs/static/sezhame/js/auth.checker.js
index 84d3d21..747e43a 100644
--- a/mandayejs/static/sezhame/js/auth.checker.js
+++ b/mandayejs/static/sezhame/js/auth.checker.js
@@ -1,5 +1,10 @@
-window.auth_success = function(){
-    if (location.href.indexOf('/sezhame/users/'))
-        return true;
-    return false;
-}
+$(function(){
+    window.auth_success = function(){
+        if (location.href.indexOf('/sezhame/users/'))
+            return true;
+        return false;
+    };
+    window.password_change_required = function() {
+        return false;
+    };
+});
diff --git a/mandayejs/static/teamnet/js/auth.checker.js b/mandayejs/static/teamnet/js/auth.checker.js
index 3352e26..9324d96 100644
--- a/mandayejs/static/teamnet/js/auth.checker.js
+++ b/mandayejs/static/teamnet/js/auth.checker.js
@@ -4,4 +4,11 @@ $(function(){
            return true;
        return false;
     };
+    window.password_change_required = function() {
+        if ($("input[type='password'][name='old_pass']").length > 0 &&
+            $("input[type='password'][name='new_pass']").length > 0 &&
+            $("input[type='password'][name='conf_pass']").length > 0)
+            return true;
+        return false;
+    };
 });
-- 
2.10.2