browser: reuse cached authentication sessions

With this change it is now possible for IDPs to persist cookies between
authentications. When properly configuired, IDPs may not even ask for a
password anymore.

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## vNext
 
+- It is now possible to reuse previous authentication sessions, so that
+  entering password/MFA token may not be needed at all.
+
 ## v0.6.3
 
 - Updating `poetry2nix` to fix build on `nixpkgs-unstable`

openconnect_sso/browser/webengine_process.py

@@ -10,8 +10,8 @@
 import structlog
 
 from PyQt5.QtCore import QUrl, QTimer
-from PyQt5.QtNetwork import QNetworkProxy
-from PyQt5.QtWebEngineWidgets import QWebEngineView, QWebEngineScript
+from PyQt5.QtNetwork import QNetworkCookie, QNetworkProxy
+from PyQt5.QtWebEngineWidgets import QWebEngineView, QWebEngineScript, QWebEngineProfile
 from PyQt5.QtWidgets import QApplication
 
 from openconnect_sso import config
@@ -119,6 +119,19 @@ async def wait(self):
         self.join()
 
 
+def on_sigterm(signum, frame):
+    logger.info("Terminate requested.")
+    # Force flush cookieStore to disk. Without this hack the cookieStore may
+    # not be synced at all if the browser lives only for a short amount of
+    # time. Something is off with the call order of destructors as there is no
+    # such issue in C++.
+
+    # See: https://github.com/qutebrowser/qutebrowser/commit/8d55d093f29008b268569cdec28b700a8c42d761
+    cookie = QNetworkCookie()
+    QWebEngineProfile.defaultProfile().cookieStore().deleteCookie(cookie)
+    QApplication.quit()
+
+
 class WebBrowser(QWebEngineView):
     def __init__(self, auto_fill_rules, on_update):
         super().__init__()
@@ -199,8 +212,3 @@ def get_selectors(rules, credentials):
                 f"""var elem = document.querySelector({selector}); if (elem) {{ elem.dispatchEvent(new Event("focus")); elem.click(); }}"""
             )
     return "\n".join(statements)
-
-
-def on_sigterm(signum, frame):
-    logger.info("SIGNAL handler")
-    QApplication.quit()