0001-idp_oidc-add-iss-and-sid-parameter-to-frontchannel_l.patch
src/authentic2_idp_oidc/utils.py | ||
---|---|---|
30 | 30 |
from authentic2 import hooks |
31 | 31 |
from authentic2.attributes_ng.engine import get_attributes |
32 | 32 |
from authentic2.utils import crypto |
33 |
from authentic2.utils.misc import make_url |
|
33 | 34 |
from authentic2.utils.template import Template |
34 | 35 | |
35 | 36 |
from . import app_settings |
... | ... | |
294 | 295 |
oidc_sessions = request.session.setdefault('oidc_sessions', {}) |
295 | 296 |
if not client.frontchannel_logout_uri: |
296 | 297 |
return |
297 |
uri = client.frontchannel_logout_uri |
|
298 |
sid = get_session_id(request, client) |
|
299 |
iss = get_issuer(request) |
|
300 |
uri = make_url(client.frontchannel_logout_uri, params={'iss': iss, 'sid': sid}, resolve=False) |
|
298 | 301 |
oidc_session = { |
299 | 302 |
'frontchannel_logout_uri': uri, |
300 | 303 |
'frontchannel_timeout': client.frontchannel_timeout, |
301 | 304 |
'name': client.name, |
302 |
'sid': get_session_id(request, client), |
|
303 |
'iss': get_issuer(request), |
|
304 | 305 |
} |
305 | 306 |
if oidc_sessions.get(uri) == oidc_session: |
306 | 307 |
# already present |
tests/idp_oidc/test_misc.py | ||
---|---|---|
398 | 398 |
response = app.get(make_url('account_management')) |
399 | 399 |
response = response.click('Logout') |
400 | 400 |
if oidc_client.frontchannel_logout_uri: |
401 |
iframes = response.pyquery('iframe[src="https://example.com/southpark/logout/"]') |
|
401 |
iframes = response.pyquery('iframe[src^="https://example.com/southpark/logout/"]')
|
|
402 | 402 |
assert iframes |
403 |
assert '?iss=' in iframes.attr('src') |
|
404 |
assert '&sid=' in iframes.attr('src') |
|
403 | 405 |
if oidc_client.frontchannel_timeout: |
404 | 406 |
assert iframes.attr('onload').endswith(', %d)' % oidc_client.frontchannel_timeout) |
405 | 407 |
else: |
406 |
- |