From 17600509e98ecfc4f201e7c23aedec12b7dab97e Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Mon, 21 Nov 2016 17:35:05 +0100
Subject: [PATCH] redirect to password change page if required by proxied
 application (#14037)

---
 mandayejs/do_login.js                       | 13 +++++++++++++
 mandayejs/mandaye/views.py                  |  4 +++-
 mandayejs/static/teamnet/js/auth.checker.js |  7 +++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/mandayejs/do_login.js b/mandayejs/do_login.js
index 6e34f9f..1f76b71 100644
--- a/mandayejs/do_login.js
+++ b/mandayejs/do_login.js
@@ -64,8 +64,21 @@ page.open(input.address, function(status) {
          input.auth_success = page.evaluate(function(){
              return auth_success();
          });
+         input.password_change_required = page.evaluate(function() {
+             if (typeof(password_change_required) == 'function')
+                 return password_change_required();
+             return false;
+         });
      }
 
+      if (input.password_change_required) {
+        output['result'] = 'redirect';
+        output['reason'] = 'password_change_required';
+        output['url'] = page.url;
+        console.log(JSON.stringify(output));
+        phantom.exit();
+    }
+
     if (!input.auth_success){
         output['result'] = 'failure';
         output['reason'] = 'authentication';
diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py
index ef2ea17..1f9eef5 100644
--- a/mandayejs/mandaye/views.py
+++ b/mandayejs/mandaye/views.py
@@ -151,12 +151,14 @@ def post_login_do(request, *args, **kwargs):
     result = exec_phantom(login_info)
     logger.debug(result)
 
-    if result.get('result') != 'ok':
+    if result.get('result') == 'failure':
         logger.debug('authentication failed')
         logger.debug("redirecting to {}".format(resolve_url('associate')))
         credentials.delete()
         messages.error(request, _('wrong user credentials'))
         url = resolve_url('associate')
+    elif result.get('result') == 'redirect':
+        url = result.get('url', '/')
     else:
         credentials.linked = True
         credentials.save()
diff --git a/mandayejs/static/teamnet/js/auth.checker.js b/mandayejs/static/teamnet/js/auth.checker.js
index 3352e26..9324d96 100644
--- a/mandayejs/static/teamnet/js/auth.checker.js
+++ b/mandayejs/static/teamnet/js/auth.checker.js
@@ -4,4 +4,11 @@ $(function(){
            return true;
        return false;
     };
+    window.password_change_required = function() {
+        if ($("input[type='password'][name='old_pass']").length > 0 &&
+            $("input[type='password'][name='new_pass']").length > 0 &&
+            $("input[type='password'][name='conf_pass']").length > 0)
+            return true;
+        return false;
+    };
 });
-- 
2.10.2