Add a email-only sso login page that redirects to a deployment-specific domai

(imported from commit 7134ad71f01b3c22c61c6c0e65f7196efaf92237)
2013-11-07 13:57:13 -05:00 · 2013-11-07 13:57:13 -05:00 · d13500ac0d
parent 4070a95735
commit d13500ac0d
4 changed files with 65 additions and 11 deletions
--- a/templates/zerver/login.html
+++ b/templates/zerver/login.html
@ -25,11 +25,16 @@ autofocus('#id_username');

    <h3 class="login-page-header">You look familiar.</h3>

-{% if form.errors %}
+{% if form.errors or sso_unknown_email %}
 <div class="alert alert-error">
-    {% for error in form.errors.values %}
-    <div>{{ error | striptags }}</div>
-    {% endfor %}
+    {% if sso_unknown_email %}
+        Zulip is not currently available for your domain. <br />
+        <a href="https://zulip.com/signup">Sign up</a> to find out when Zulip is ready for you.
+    {% else %}
+        {% for error in form.errors.values %}
+        <div>{{ error | striptags }}</div>
+        {% endfor %}
+    {% endif %}
 </div>
 {% endif %}

@ -40,7 +45,12 @@ autofocus('#id_username');
 {% endif %}

        <form name="login_form" id="login_form" method="post" class="login-form"
-              action="{% url 'django.contrib.auth.views.login' %}?next={{ next }}">
+            {% if sso_only %}
+              action="{% url 'zilencer.views.account_deployment_dispatch' %}"
+            {% else %}
+              action="{% url 'django.contrib.auth.views.login' %}?next={{ next }}"
+            {% endif %}
+        >
            {% csrf_token %}
            <div class="control-group">
                <label for="id_username" class="control-label">Email</label>
@ -48,25 +58,32 @@ autofocus('#id_username');
                    <input id="id_username" type="email" name="username" class="email required" value="{{ email }}" maxlength="72" />
                </div>
            </div>
+
+            {% if not sso_only %}
            <div class="control-group">
                <label for="id_password" class="control-label">Password</label>
                <div class="controls">
                    <input id="id_password" name="password" class="required" type="password">
                </div>
            </div>
+            {% endif %}
            <div class="control-group">
                <div class="controls">
                    <input type="submit" class="btn btn-large btn-primary" value="Log in" />
+                    {% if not sso_only %}
                    <span class="login-forgot-password">
                      <a href="{% url 'django.contrib.auth.views.password_reset' %}">Forgot password?</a>
                    </span>
+                    {% endif %}
                </div>
            </div>
        </form>

+    {% if not sso_only %}
    <div class="login-google">
    or <a href="/accounts/login/openid/" class="login-google-button zocial google">Sign in with Google</a>
    </div>
+    {% endif %}

 </div>
 <div class="footer-padder"></div>
--- a/zilencer/urls/pages.py
+++ b/zilencer/urls/pages.py
@ -0,0 +1,9 @@
+from django.conf.urls import patterns, url, include
+
+urlpatterns = patterns('zilencer.views',
+    # SSO dispatch page for desktop app with SSO
+    # Allows the user to enter their email address only,
+    # and then redirects the user to the proper deployment
+    # SSO-login page
+    url(r'^accounts/deployment_dispatch$', 'account_deployment_dispatch', {'template_name': 'zerver/login.html'}),
+)
--- a/zilencer/views.py
+++ b/zilencer/views.py
@ -1,5 +1,7 @@
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
+from django.contrib.auth.views import login as django_login_page
+from django.http import HttpResponseRedirect

 from zerver.decorator import has_request_variables, REQ, json_to_dict
 from zerver.lib.actions import internal_send_message
@ -49,15 +51,37 @@ def submit_feedback(request, deployment, message=REQ(converter=json_to_dict)):

    return HttpResponse(message['sender_email'])

+
+def realm_for_email(email):
+    try:
+        user = get_user_profile_by_email(email)
+        return user.realm
+    except UserProfile.DoesNotExist:
+        pass
+
+    return get_realm(email_to_domain(email))
+
 # Requests made to this endpoint are UNAUTHENTICATED
@csrf_exempt
@has_request_variables
 def lookup_endpoints_for_user(request, email=REQ()):
    try:
-        return json_response(get_user_profile_by_email(email).realm.deployment.endpoints)
-    except UserProfile.DoesNotExist:
-        try:
-            return json_response(get_realm(email_to_domain(email)).deployment.endpoints)
-        except AttributeError:
-            return json_error("Cannot determine endpoint for user.", status=404)
+        return json_response(realm_for_email(email).deployment.endpoints)
+    except AttributeError:
+        return json_error("Cannot determine endpoint for user.", status=404)

+def account_deployment_dispatch(request, **kwargs):
+    sso_unknown_email = False
+    if request.method == 'POST':
+        email = request.POST['username']
+        realm = realm_for_email(email)
+        try:
+            return HttpResponseRedirect(realm.deployment.base_site_url)
+        except AttributeError:
+            # No deployment found for this user/email
+            sso_unknown_email = True
+
+    template_response = django_login_page(request, **kwargs)
+    template_response.context_data['sso_only'] = True
+    template_response.context_data['sso_unknown_email'] = sso_unknown_email
+    return template_response
--- a/zproject/urls.py
+++ b/zproject/urls.py
@ -228,6 +228,10 @@ if not settings.LOCAL_SERVER:
        url(r'^deployments/', include('zilencer.urls.api')),
    )

+    urlpatterns += patterns('',
+        url(r'^', include('zilencer.urls.pages')),
+    )
+
    urlpatterns += patterns('',
        url(r'^', include('analytics.urls')),
    )