0001-misc-do-not-send-logout-requests-if-SingleLogout-pro.patch
mellon/utils.py | ||
---|---|---|
68 | 68 |
return render_to_string('mellon/metadata.xml', ctx) |
69 | 69 | |
70 | 70 | |
71 |
def create_server(request): |
|
71 |
def create_server(request, remote_provider_id=None):
|
|
72 | 72 |
root = request.build_absolute_uri('/') |
73 | 73 |
cache = getattr(settings, '_MELLON_SERVER_CACHE', {}) |
74 | 74 |
if root not in cache: |
... | ... | |
109 | 109 |
key = key[0] |
110 | 110 |
server.setEncryptionPrivateKeyWithPassword(key, password) |
111 | 111 |
for idp in get_idps(): |
112 |
if remote_provider_id and idp.get('ENTITY_ID') != remote_provider_id: |
|
113 |
continue |
|
112 | 114 |
if idp and idp.get('METADATA'): |
113 | 115 |
try: |
114 | 116 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp['METADATA']) |
... | ... | |
215 | 217 |
return render_to_string('mellon/session_dump.xml', {'session_indexes': session_indexes}) |
216 | 218 | |
217 | 219 | |
218 |
def create_logout(request): |
|
219 |
server = create_server(request) |
|
220 |
def create_logout(request, remote_provider_id=None):
|
|
221 |
server = create_server(request, remote_provider_id=remote_provider_id)
|
|
220 | 222 |
logout = lasso.Logout(server) |
221 | 223 |
if not app_settings.PRIVATE_KEY and not app_settings.PRIVATE_KEYS: |
222 | 224 |
logout.setSignatureHint(lasso.PROFILE_SIGNATURE_HINT_FORBID) |
... | ... | |
344 | 346 |
if request.META.get('SCRIPT_NAME'): |
345 | 347 |
path = path[len(request.META['SCRIPT_NAME']) :] |
346 | 348 |
return path |
349 | ||
350 | ||
351 |
def is_slo_supported(request, issuer): |
|
352 |
server = create_server(request, remote_provider_id=issuer) |
|
353 |
# verify that at least one logout method is supported |
|
354 |
return ( |
|
355 |
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_SIGN_ON) |
|
356 |
!= lasso.HTTP_METHOD_NONE |
|
357 |
) |
mellon/views.py | ||
---|---|---|
748 | 748 |
logout = None |
749 | 749 |
try: |
750 | 750 |
issuer = request.session.get('mellon_session', {}).get('issuer') |
751 |
if issuer: |
|
751 |
if issuer and utils.is_slo_supported(request, issuer=issuer):
|
|
752 | 752 |
self.profile = logout = utils.create_logout(request) |
753 | 753 |
self.get_relay_state(create=True) |
754 | 754 |
try: |
... | ... | |
851 | 851 |
issuer = request.session.get('mellon_session', {}).get('issuer') |
852 | 852 |
if not issuer: |
853 | 853 |
return None |
854 |
# verify that at least one binding the logout profile is supported |
|
855 |
if not utils.is_slo_supported(request, issuer=issuer): |
|
856 |
return None |
|
854 | 857 |
session_indexes = models.SessionIndex.objects.filter( |
855 | 858 |
saml_identifier__user=request.user, saml_identifier__issuer__entity_id=issuer |
856 | 859 |
).order_by('-id') |
857 |
- |