From d942e0412d7d55ae3ffc73341c293a2d9839516a Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 5 Oct 2018 14:14:35 +0200 Subject: [PATCH 2/2] implement FranceConnect logout (#25696) --- tests/test_fc_auth.py | 4 ++++ wcs/qommon/ident/franceconnect.py | 16 +++++++++++++++- wcs/root.py | 5 +++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/test_fc_auth.py b/tests/test_fc_auth.py index db11ec8a..22b26d13 100644 --- a/tests/test_fc_auth.py +++ b/tests/test_fc_auth.py @@ -168,6 +168,10 @@ def test_fc_login_page(caplog): assert session.extra_user_variables['fc_sub'] == 'ymca' resp = app.get('/logout') + assert resp['Location'].endswith('/ident/fc/logout') + resp = resp.follow() + assert resp['Location'] == 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?post_logout_redirect_uri=http%3A%2F%2Fexample.net' + assert not get_session(app) # Test error handling path resp = app.get('/ident/fc/callback?%s' % urllib.urlencode({ diff --git a/wcs/qommon/ident/franceconnect.py b/wcs/qommon/ident/franceconnect.py index fffe2768..416cbd28 100644 --- a/wcs/qommon/ident/franceconnect.py +++ b/wcs/qommon/ident/franceconnect.py @@ -100,11 +100,14 @@ class UserFieldMappingTableWidget(WidgetListAsTable): class MethodDirectory(Directory): - _q_exports = ['login', 'callback'] + _q_exports = ['login', 'logout', 'callback'] def login(self): return FCAuthMethod().login() + def logout(self): + return FCAuthMethod().logout() + def callback(self): return FCAuthMethod().callback() @@ -222,6 +225,9 @@ class MethodAdminDirectory(Directory): r += _('Callback URL is %s.') % fc_callback r += htmltext('

') r += htmltext('

') + r += _('Logout callback URL is %s.') % get_publisher().get_frontoffice_url() + r += htmltext('

') + r += htmltext('

') r += htmltext(_('See ' 'FranceConnect partners\'site for getting a client_id and ' 'a client_secret.')) @@ -463,3 +469,11 @@ class FCAuthMethod(AuthMethod): session.set_user(user.id) session.extra_user_variables = session_var_fc_user return redirect(next_url) + + def logout(self): + logout_url = self.get_logout_url() + post_logout_redirect_uri = get_publisher().get_frontoffice_url() + logout_url += '?' + urllib.urlencode({ + 'post_logout_redirect_uri': post_logout_redirect_uri, + }) + return redirect(logout_url) diff --git a/wcs/root.py b/wcs/root.py index 586dcdbe..75684868 100644 --- a/wcs/root.py +++ b/wcs/root.py @@ -264,6 +264,11 @@ class RootDirectory(Directory): if not session: return redirect(get_publisher().get_root_url()) ident_methods = get_cfg('identification', {}).get('methods', []) + + if session.extra_user_variables and 'fc_sub' in session.extra_user_variables: + get_session_manager().expire_session() + return redirect(get_publisher().get_root_url() + 'ident/fc/logout') + if not 'idp' in ident_methods: get_session_manager().expire_session() return redirect(get_publisher().get_root_url()) -- 2.18.0