Projet

Général

Profil

0002-auth_fc-close-FranceConnect-session-when-linking-fai.patch

Benjamin Dauvergne, 23 novembre 2022 13:20

Télécharger (4,38 ko)

Voir les différences: 

Subject: [PATCH 2/2] auth_fc: close FranceConnect session when linking fails
 (#71607)


 src/authentic2_auth_fc/views.py | 25 +++++++++++++++----------
 tests/auth_fc/test_auth_fc.py   |  6 ++++++
 2 files changed, 21 insertions(+), 10 deletions(-)
src/authentic2_auth_fc/views.py
124 124 
    def redirect(self):
125 125 
        return utils_misc.redirect(self.request, self.next_url)
126 126 

  		




  
  127
  
    
    def logout_and_redirect(self):

  		




  
  128
  
    
        url = utils.build_logout_url(self.request, self.authenticator.logout_url, next_url=self.next_url)

  		




  
  129
  
    
        if url:

  		




  
  130
  
    
            clean_fc_session(self.request.session)

  		




  
  131
  
    
            response = utils_misc.redirect(self.request, url, resolve=False)

  		




  
  132
  
    
            response.display_message = False

  		




  
  133
  
    
            return response

  		




  
  134
  
    
        return self.redirect()

  		




  
  135
  
    

  		




  127
  136
  
    
    @property

  		




  128
  137
  
    
    def fc_display_name(self):

  		




  129
  138
  
    
        '''Human representation of the current FC account'''

  		




  ......




  228
  237
  
    
        # clear FranceConnect down status

  		




  229
  238
  
    
        cache.delete('fc_is_down')

  		




  230
  239
  
    

  		




  
  240
  
    
        # keep id_token around for logout

  		




  
  241
  
    
        request.session['fc_id_token'] = self.id_token

  		




  
  242
  
    
        request.session['fc_id_token_raw'] = self.token['id_token']

  		




  
  243
  
    

  		




  231
  244
  
    
        if request.user.is_authenticated:

  		




  232
  245
  
    
            return self.link(request)

  		




  233
  246
  
    
        else:

  		




  ......




  334
  347
  
    

  		




  335
  348
  
    
    def link(self, request):

  		




  336
  349
  
    
        '''Request an access grant code and associate it to the current user'''

  		




  337
  
  
    
        # keep id_token around for logout

  		




  338
  
  
    
        request.session['fc_id_token'] = self.id_token

  		




  339
  
  
    
        request.session['fc_id_token_raw'] = self.token['id_token']

  		




  340
  
  
    

  		




  341
  350
  
    
        try:

  		




  342
  351
  
    
            self.fc_account, created = models.FcAccount.objects.get_or_create(

  		




  343
  352
  
    
                sub=self.sub,

  		




  ......




  377
  386
  
    
            created = False

  		




  378
  387
  
    

  		




  379
  388
  
    
        if not user:

  		




  380
  
  
    
            return self.redirect()

  		




  
  389
  
    
            return self.logout_and_redirect()

  		




  381
  390
  
    

  		




  382
  391
  
    
        return self.finish_login(request, user, self.user_info, created)

  		




  383
  392
  
    

  		




  ......




  386
  395
  
    
        utils_views.check_cookie_works(request)

  		




  387
  396
  
    
        utils_misc.login(request, user, 'france-connect')

  		




  388
  397
  
    

  		




  389
  
  
    
        # keep id_token around for logout

  		




  390
  
  
    
        request.session['fc_id_token'] = self.id_token

  		




  391
  
  
    
        request.session['fc_id_token_raw'] = self.token['id_token']

  		




  392
  
  
    

  		




  393
  398
  
    
        # set session expiration policy to EXPIRE_AT_BROWSER_CLOSE

  		




  394
  399
  
    
        request.session.set_expiry(0)

  		




  395
  400
  
    

  		




  ......




  517
  522
  
    
                    self.fc_display_name

  		




  518
  523
  
    
                ),

  		




  519
  524
  
    
            )

  		




  520
  
  
    
        return self.redirect()

  		




  
  525
  
    
        return self.logout_and_redirect()

  		




  521
  526
  
    

  		




  522
  527
  
    
    def update_user_info(self, user, user_info):

  		




  523
  528
  
    
        # always handle given_name and family_name

  		












  

    
      tests/auth_fc/test_auth_fc.py
    
  





  262
  262
  
    
        cookie = cookie[0].message

  		




  263
  263
  
    
    assert 'is already used' in cookie

  		




  264
  264
  
    
    assert '_auth_user_id' not in app.session

  		




  
  265
  
    
    response = franceconnect.handle_logout(app, response.location)

  		




  
  266
  
    
    assert response.location == '/idp/'

  		




  265
  267
  
    

  		




  266
  268
  
    

  		




  267
  269
  
    
def test_requests_proxies_support(settings, app, monkeypatch):

  		




  ......




  466
  468
  
    
    User.objects.create(email=franceconnect.user_info['email'], ou=ou)

  		




  467
  469
  
    

  		




  468
  470
  
    
    response = franceconnect.login_with_fc(app, path='/accounts/')

  		




  
  471
  
    
    response = franceconnect.handle_logout(app, response.location)

  		




  
  472
  
    
    assert response.location == '/accounts/'

  		




  469
  473
  
    

  		




  470
  474
  
    
    response = response.maybe_follow()

  		




  471
  475
  
    
    assert 'is already used by another' in response

  		




  ......




  657
  661
  
    

  		




  658
  662
  
    
    resp = franceconnect.login_with_fc_fixed_params(app)

  		




  659
  663
  
    

  		




  
  664
  
    
    resp = franceconnect.handle_logout(app, resp.location)

  		




  
  665
  
    

  		




  660
  666
  
    
    resp = resp.maybe_follow()

  		




  661
  667
  
    
    # email collision, sub is different, no new user created

  		




  662
  668
  
    
    assert User.objects.count() == 1

  		




  663
  
  
    
-