| 612 |
612 |
|
| 613 |
613 |
|
| 614 |
614 |
class LogoutView(ProfileMixin, LogMixin, View):
|
| 615 |
|
def get(self, request, *args, **kwargs):
|
|
615 |
def get(self, request, *args, logout_next_url='/', **kwargs):
|
| 616 |
616 |
if 'SAMLRequest' in request.GET:
|
| 617 |
617 |
return self.idp_logout(request, request.META['QUERY_STRING'], 'redirect')
|
| 618 |
618 |
elif 'SAMLResponse' in request.GET:
|
| 619 |
|
return self.sp_logout_response(request)
|
|
619 |
return self.sp_logout_response(request, logout_next_url=logout_next_url)
|
| 620 |
620 |
else:
|
| 621 |
|
return self.sp_logout_request(request)
|
|
621 |
return self.sp_logout_request(request, logout_next_url=logout_next_url)
|
| 622 |
622 |
|
| 623 |
623 |
def post(self, request, *args, **kwargs):
|
| 624 |
624 |
return self.idp_logout(request, force_str(request.body), 'soap')
|
| ... | ... | |
| 721 |
721 |
else:
|
| 722 |
722 |
return HttpResponseRedirect(logout.msgUrl)
|
| 723 |
723 |
|
| 724 |
|
def sp_logout_request(self, request):
|
|
724 |
def sp_logout_request(self, request, logout_next_url=None):
|
| 725 |
725 |
'''Launch a logout request to the identity provider'''
|
| 726 |
726 |
referer = request.headers.get('Referer')
|
| 727 |
727 |
field_next_url = request.GET.get(REDIRECT_FIELD_NAME)
|
| 728 |
728 |
next_url = None
|
| 729 |
729 |
if field_next_url and utils.same_origin(request.build_absolute_uri(), field_next_url):
|
| 730 |
730 |
next_url = field_next_url
|
| 731 |
|
next_url = next_url or '/'
|
|
731 |
next_url = next_url or logout_next_url
|
| 732 |
732 |
if not referer or utils.same_origin(request.build_absolute_uri(), referer):
|
| 733 |
733 |
if hasattr(request, 'user') and request.user.is_authenticated:
|
| 734 |
734 |
logout = None
|
| ... | ... | |
| 763 |
763 |
self.log.warning('logout refused referer %r is not of the same origin', referer)
|
| 764 |
764 |
return HttpResponseRedirect(next_url)
|
| 765 |
765 |
|
| 766 |
|
def sp_logout_response(self, request):
|
|
766 |
def sp_logout_response(self, request, logout_next_url='/'):
|
| 767 |
767 |
'''Launch a logout request to the identity provider'''
|
| 768 |
768 |
self.profile = logout = utils.create_logout(request)
|
| 769 |
769 |
logout.msgRelayState = request.GET.get('RelayState')
|
| ... | ... | |
| 778 |
778 |
self.log.warning('partial logout')
|
| 779 |
779 |
except lasso.Error as e:
|
| 780 |
780 |
self.log.warning('unable to process a logout response: %s', e)
|
| 781 |
|
return HttpResponseRedirect(self.get_next_url() or '/')
|
|
781 |
return HttpResponseRedirect(self.get_next_url() or logout_next_url)
|
| 782 |
782 |
|
| 783 |
783 |
|
| 784 |
784 |
logout = csrf_exempt(LogoutView.as_view())
|