Projet

Général

Profil

0003-misc-logout-all-sessions-when-SLO-does-not-contain-a.patch

Benjamin Dauvergne, 22 avril 2020 04:27

Télécharger (2,7 ko)

Voir les différences:

Subject: [PATCH 3/4] misc: logout all sessions when SLO does not contain a
 SessionIndex (#41949)

 mellon/views.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
mellon/views.py
27 27
from django.views.generic import View
28 28
from django.http import HttpResponseRedirect, HttpResponse
29 29
from django.contrib import auth
30
from django.contrib.sessions.models import Session
30 31
from django.conf import settings
31 32
from django.views.decorators.csrf import csrf_exempt
32 33
from django.shortcuts import render, resolve_url
......
514 515
    def post(self, request, *args, **kwargs):
515 516
        return self.idp_logout(request, force_str(request.body))
516 517

  
518
    def logout_all_sessions(self, request):
519
        if not ('.cached_db' in settings.SESSION_ENGINE or '.db' in settings.SESSION_ENGINE):
520
            self.log.error('cannot logout from all sessions, session are not in database')
521
            return
522
        user_id = request.user.id
523
        session_keys = []
524
        for session in Session.objects.all():
525
            if (session.get_decoded().get('_auth_user_id') == str(user_id)
526
                    and session.session_key != request.session.session_key):
527
                session_keys.append(session.session_key)
528
        Session.objects.filter(session_key__in=session_keys).delete()
529

  
517 530
    def idp_logout(self, request, msg):
518 531
        '''Handle logout request emitted by the IdP'''
519 532
        self.profile = logout = utils.create_logout(request)
......
523 536
            return HttpResponseBadRequest('error processing logout request: %r' % e)
524 537
        try:
525 538
            logout.validateRequest()
539
        except lasso.LogoutErrorUnknownPrincipal:
540
            self.log.warning('invalid SessionIndex or NameID')
526 541
        except lasso.Error as e:
527 542
            self.log.warning('error validating logout request: %r' % e)
543
        full_logout = not (logout.request.sessionIndexes)
528 544
        issuer = request.session.get('mellon_session', {}).get('issuer')
529 545
        if issuer == logout.remoteProviderId:
546
            if full_logout:
547
                self.log.info('no SessionIndex logging out all sessions')
548
                self.logout_all_sessions(request)
530 549
            self.log.info('user logged out by IdP SLO request')
531 550
            auth.logout(request)
551

  
532 552
        try:
533 553
            logout.buildResponseMsg()
534 554
        except lasso.Error as e:
535
-