27 |
27 |
from django.views.generic import View
|
28 |
28 |
from django.http import HttpResponseRedirect, HttpResponse
|
29 |
29 |
from django.contrib import auth
|
|
30 |
from django.contrib.sessions.models import Session
|
30 |
31 |
from django.conf import settings
|
31 |
32 |
from django.views.decorators.csrf import csrf_exempt
|
32 |
33 |
from django.shortcuts import render, resolve_url
|
... | ... | |
514 |
515 |
def post(self, request, *args, **kwargs):
|
515 |
516 |
return self.idp_logout(request, force_str(request.body))
|
516 |
517 |
|
|
518 |
def logout_all_sessions(self, request):
|
|
519 |
if not ('.cached_db' in settings.SESSION_ENGINE or '.db' in settings.SESSION_ENGINE):
|
|
520 |
self.log.error('cannot logout from all sessions, session are not in database')
|
|
521 |
return
|
|
522 |
user_id = request.user.id
|
|
523 |
session_keys = []
|
|
524 |
for session in Session.objects.all():
|
|
525 |
if (session.get_decoded().get('_auth_user_id') == str(user_id)
|
|
526 |
and session.session_key != request.session.session_key):
|
|
527 |
session_keys.append(session.session_key)
|
|
528 |
Session.objects.filter(session_key__in=session_keys).delete()
|
|
529 |
|
517 |
530 |
def idp_logout(self, request, msg):
|
518 |
531 |
'''Handle logout request emitted by the IdP'''
|
519 |
532 |
self.profile = logout = utils.create_logout(request)
|
... | ... | |
523 |
536 |
return HttpResponseBadRequest('error processing logout request: %r' % e)
|
524 |
537 |
try:
|
525 |
538 |
logout.validateRequest()
|
|
539 |
except lasso.LogoutErrorUnknownPrincipal:
|
|
540 |
self.log.warning('invalid SessionIndex or NameID')
|
526 |
541 |
except lasso.Error as e:
|
527 |
542 |
self.log.warning('error validating logout request: %r' % e)
|
|
543 |
full_logout = not (logout.request.sessionIndexes)
|
528 |
544 |
issuer = request.session.get('mellon_session', {}).get('issuer')
|
529 |
545 |
if issuer == logout.remoteProviderId:
|
|
546 |
if full_logout:
|
|
547 |
self.log.info('no SessionIndex logging out all sessions')
|
|
548 |
self.logout_all_sessions(request)
|
530 |
549 |
self.log.info('user logged out by IdP SLO request')
|
531 |
550 |
auth.logout(request)
|
|
551 |
|
532 |
552 |
try:
|
533 |
553 |
logout.buildResponseMsg()
|
534 |
554 |
except lasso.Error as e:
|
535 |
|
-
|