Add support for Persona Identity Provider

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

3 files changed, 92 insertions, 0 deletions

diff --git a/templates/install/idp.conf b/templates/install/idp.conf
index 19af096..9cf2595 100644
--- a/templates/install/idp.conf
+++ b/templates/install/idp.conf
@@ -1,4 +1,5 @@
 Alias /${instance}/ui ${staticdir}/ui
+Alias /.well-known %{wellknowndir}
 WSGIScriptAlias /${instance} ${ipsilondir}/ipsilon
 WSGIDaemonProcess ${instance} user=${sysuser} group=${sysuser} home=${datadir}
 ${wsgi_socket}
@@ -15,3 +16,10 @@ ${sslrequiressl}
 <Directory ${staticdir}>
     Require all granted
 </Directory>
+
+<Directory ${wellknowndir}>
+    Require all granted
+</Directory>
+<Location /.well-known/browserid>
+    ForceType application/json
+</Location>
diff --git a/templates/persona/provisioning.html b/templates/persona/provisioning.html
new file mode 100644
index 0000000..a693cac
--- /dev/null
+++ b/templates/persona/provisioning.html
@@ -0,0 +1,62 @@
+{% extends "master.html" %}
+{% block main %}
+<div class="col-sm-12">
+  <div id="welcome">
+      <p>This page is used internally</p>
+  </div>
+</div>
+
+<script type="text/javascript" src="https://login.persona.org/provisioning_api.js"></script>
+<script type="text/javascript">
+    var xmlhttp = new XMLHttpRequest()
+
+    var loggedin = {{ loggedin|lower }};
+
+    xmlhttp.onreadystatechange = function()
+    {
+        if(xmlhttp.readyState == 4)
+        {
+            if(xmlhttp.status == 200)
+            {
+                navigator.id.registerCertificate(xmlhttp.responseText);
+            }
+            else if((xmlhttp.status == 401) || (xmlhttp.status == 403))
+            {
+                navigator.id.raiseProvisioningFailure('Error in provisioning!');
+            }
+            else
+            {
+                alert("Response code: " + xmlhttp.status);
+                alert("Response text: " + xmlhttp.responseText);
+            }
+        }
+    }
+
+    function generateServerSide(email, publicKey, certDuration, callback)
+    {
+        xmlhttp.open("POST", "Sign/", true);
+        xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+        xmlhttp.send("email=" + encodeURIComponent(email)
+                     + "&publicKey=" + encodeURIComponent(publicKey)
+                     + "&certDuration=" + encodeURIComponent(certDuration));
+    }
+
+    function startProvisioning()
+    {
+        navigator.id.beginProvisioning(function(email, certDuration)
+        {
+            if(loggedin)
+            {
+                navigator.id.genKeyPair(function(publicKey)
+                {
+                    generateServerSide(email, publicKey, certDuration);
+                });
+            } else {
+                navigator.id.raiseProvisioningFailure('user is not authenticated');
+            }
+        });
+    }
+
+    startProvisioning();
+</script>
+{% endblock %}
diff --git a/templates/persona/signin_result.html b/templates/persona/signin_result.html
new file mode 100644
index 0000000..cda130d
--- /dev/null
+++ b/templates/persona/signin_result.html
@@ -0,0 +1,22 @@
+{% extends "master.html" %}
+{% block main %}
+<div class="col-sm-12">
+  <div id="welcome">
+      <p>This page is used internally</p>
+  </div>
+</div>
+
+<script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script>
+<script type="text/javascript">
+    var loggedin = {{ loggedin|lower }};
+
+    if(loggedin)
+    {
+        navigator.id.beginAuthentication(function(email) {
+            navigator.id.completeAuthentication();
+        });
+    } else {
+        navigator.id.raiseAuthenticationFailure('User cancelled signon');
+    }
+</script>
+{% endblock %}