diff --git a/loops/organize/browser/member.py b/loops/organize/browser/member.py
index fb6997a..c2b6362 100644
--- a/loops/organize/browser/member.py
+++ b/loops/organize/browser/member.py
@@ -39,6 +39,7 @@ from loops.organize.util import getPrincipalFolder
import loops.browser.util
from loops.util import _
+import config
organize_macros = ViewPageTemplateFile('view_macros.pt')
@@ -60,6 +61,13 @@ class PersonalInfo(ConceptView):
def view(self):
return self
+ @Lazy
+ def selectAuthMethod(self):
+ return getattr(config, 'authentication_method', 'legacy') == 'cookie'
+
+ def getAuthMethod(self):
+ return self.request.cookies.get('loops_auth_method') or 'legacy'
+
@Lazy
def extUserLink(self):
from scopes.web.auth.oidc import IExternalPrincipal
diff --git a/loops/organize/browser/view_macros.pt b/loops/organize/browser/view_macros.pt
index efb50f4..0fc6f5c 100644
--- a/loops/organize/browser/view_macros.pt
+++ b/loops/organize/browser/view_macros.pt
@@ -60,6 +60,20 @@
Edit Filters
+
+ Authentication Method:
+
+
diff --git a/loops/server/auth.py b/loops/server/auth.py
index 0373bc1..039d720 100644
--- a/loops/server/auth.py
+++ b/loops/server/auth.py
@@ -5,24 +5,56 @@
from scopes.web.auth import oidc
from zope.authentication.interfaces import IAuthentication
+from zope.browserpage import ViewPageTemplateFile
from zope.component import provideAdapter, getUtility, provideUtility
from zope.interface import implementer, Interface
from zope.publisher.interfaces.browser import IBrowserRequest, IBrowserPage
from zope.publisher.browser import BrowserPage
from zope.security.proxy import removeSecurityProxy
+import config
+
def registerAuthUtility(config):
baseAuth = getUtility(IAuthentication)
print('*** registerAuthUtility, baseAuth:', baseAuth)
provideUtility(oidc.OidcAuthentication(baseAuth))
-class LoginView:
+class LoginPage:
+
+ index = ViewPageTemplateFile('loginform.pt')
+
+ def __init__(self, context, request):
+ self.context = context
+ self.request = request
+ self.authMethod = getattr(config, 'authentication_method', 'legacy')
+ if self.authMethod == 'cookie':
+ self.authMethod = getAuthMethodCookieValue(request)
+ self.oidc_allowed = self.authMethod in ('oidc', 'select')
def __call__(self):
+ print('***', self.request.principal.id)
+ print('***', self.authMethod)
+ if self.authMethod == 'oidc':
+ return self.authOidc()
+ return self.index()
+
+ def authOidc(self):
oidc.Authenticator(self.request).login()
return ''
+def getAuthMethodCookieValue(request):
+ print('***', dict(request.cookies))
+ return request.cookies.get('loops_auth_method') or 'legacy'
+
+
+# OIDC authentication
+
+class LoginView(LoginPage):
+
+ def __call__(self):
+ return self.authOidc()
+
class CallbackView:
diff --git a/loops/server/loginform.pt b/loops/server/loginform.pt
index 7bbfc3f..2f80420 100644
--- a/loops/server/loginform.pt
+++ b/loops/server/loginform.pt
@@ -25,7 +25,8 @@
You are not authorized to perform this action. However, you may login as a
different user who is authorized.
-
+
Login with OpenID Connect (Zitadel)
diff --git a/loops/server/loginform.zcml b/loops/server/loginform.zcml
index 7ef04e4..ccf6dd5 100644
--- a/loops/server/loginform.zcml
+++ b/loops/server/loginform.zcml
@@ -2,9 +2,9 @@
xmlns="http://namespaces.zope.org/zope"
xmlns:browser="http://namespaces.zope.org/browser">
-