723 |
723 |
|
724 |
724 |
def sp_logout_request(self, request):
|
725 |
725 |
'''Launch a logout request to the identity provider'''
|
726 |
|
next_url = request.GET.get(REDIRECT_FIELD_NAME)
|
727 |
726 |
referer = request.headers.get('Referer')
|
|
727 |
field_next_url = request.GET.get(REDIRECT_FIELD_NAME)
|
|
728 |
next_url = None
|
|
729 |
if field_next_url and utils.same_origin(request.build_absolute_uri(), field_next_url):
|
|
730 |
next_url = field_next_url
|
|
731 |
next_url = next_url or '/'
|
728 |
732 |
if not referer or utils.same_origin(request.build_absolute_uri(), referer):
|
729 |
733 |
if hasattr(request, 'user') and request.user.is_authenticated:
|
730 |
734 |
logout = None
|
... | ... | |
754 |
758 |
self.log.info('user logged out, SLO request sent to IdP')
|
755 |
759 |
else:
|
756 |
760 |
# anonymous user: if next_url is None redirect to referer
|
757 |
|
return HttpResponseRedirect(next_url or referer)
|
|
761 |
return HttpResponseRedirect(next_url)
|
758 |
762 |
else:
|
759 |
763 |
self.log.warning('logout refused referer %r is not of the same origin', referer)
|
760 |
764 |
return HttpResponseRedirect(next_url)
|
761 |
765 |
|
762 |
|
def sp_logout_response(self, request):
|
|
766 |
def sp_logout_response(self, request, next_url='/'):
|
763 |
767 |
'''Launch a logout request to the identity provider'''
|
764 |
768 |
self.profile = logout = utils.create_logout(request)
|
765 |
769 |
logout.msgRelayState = request.GET.get('RelayState')
|
... | ... | |
774 |
778 |
self.log.warning('partial logout')
|
775 |
779 |
except lasso.Error as e:
|
776 |
780 |
self.log.warning('unable to process a logout response: %s', e)
|
777 |
|
return HttpResponseRedirect(resolve_url(settings.LOGIN_REDIRECT_URL))
|
778 |
|
next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL))
|
779 |
|
return HttpResponseRedirect(next_url)
|
|
781 |
return HttpResponseRedirect(self.get_next_url() or next_url)
|
780 |
782 |
|
781 |
783 |
|
782 |
784 |
logout = csrf_exempt(LogoutView.as_view())
|