From d942e0412d7d55ae3ffc73341c293a2d9839516a Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne
Date: Fri, 5 Oct 2018 14:14:35 +0200
Subject: [PATCH 2/2] implement FranceConnect logout (#25696)
---
tests/test_fc_auth.py | 4 ++++
wcs/qommon/ident/franceconnect.py | 16 +++++++++++++++-
wcs/root.py | 5 +++++
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/tests/test_fc_auth.py b/tests/test_fc_auth.py
index db11ec8a..22b26d13 100644
--- a/tests/test_fc_auth.py
+++ b/tests/test_fc_auth.py
@@ -168,6 +168,10 @@ def test_fc_login_page(caplog):
assert session.extra_user_variables['fc_sub'] == 'ymca'
resp = app.get('/logout')
+ assert resp['Location'].endswith('/ident/fc/logout')
+ resp = resp.follow()
+ assert resp['Location'] == 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?post_logout_redirect_uri=http%3A%2F%2Fexample.net'
+ assert not get_session(app)
# Test error handling path
resp = app.get('/ident/fc/callback?%s' % urllib.urlencode({
diff --git a/wcs/qommon/ident/franceconnect.py b/wcs/qommon/ident/franceconnect.py
index fffe2768..416cbd28 100644
--- a/wcs/qommon/ident/franceconnect.py
+++ b/wcs/qommon/ident/franceconnect.py
@@ -100,11 +100,14 @@ class UserFieldMappingTableWidget(WidgetListAsTable):
class MethodDirectory(Directory):
- _q_exports = ['login', 'callback']
+ _q_exports = ['login', 'logout', 'callback']
def login(self):
return FCAuthMethod().login()
+ def logout(self):
+ return FCAuthMethod().logout()
+
def callback(self):
return FCAuthMethod().callback()
@@ -222,6 +225,9 @@ class MethodAdminDirectory(Directory):
r += _('Callback URL is %s.') % fc_callback
r += htmltext('
')
r += htmltext('')
+ r += _('Logout callback URL is %s.') % get_publisher().get_frontoffice_url()
+ r += htmltext('
')
+ r += htmltext('')
r += htmltext(_('See '
'FranceConnect partners\'site for getting a client_id and '
'a client_secret.'))
@@ -463,3 +469,11 @@ class FCAuthMethod(AuthMethod):
session.set_user(user.id)
session.extra_user_variables = session_var_fc_user
return redirect(next_url)
+
+ def logout(self):
+ logout_url = self.get_logout_url()
+ post_logout_redirect_uri = get_publisher().get_frontoffice_url()
+ logout_url += '?' + urllib.urlencode({
+ 'post_logout_redirect_uri': post_logout_redirect_uri,
+ })
+ return redirect(logout_url)
diff --git a/wcs/root.py b/wcs/root.py
index 586dcdbe..75684868 100644
--- a/wcs/root.py
+++ b/wcs/root.py
@@ -264,6 +264,11 @@ class RootDirectory(Directory):
if not session:
return redirect(get_publisher().get_root_url())
ident_methods = get_cfg('identification', {}).get('methods', [])
+
+ if session.extra_user_variables and 'fc_sub' in session.extra_user_variables:
+ get_session_manager().expire_session()
+ return redirect(get_publisher().get_root_url() + 'ident/fc/logout')
+
if not 'idp' in ident_methods:
get_session_manager().expire_session()
return redirect(get_publisher().get_root_url())
--
2.18.0