From 43bd7a0742417f477f49e818ee6b17413bab2291 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Ates?= Date: Thu, 3 Dec 2015 18:41:02 +0100 Subject: [PATCH] Handle logout by redirection from plugins. A new plugin method called redirect_logout_list is used to collect urls of logout endpoints. The local logout is done before processing redirections. Urls are collected when the user is logged in and put in session after is logged out. --- src/authentic2/views.py | 61 +++++++++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 22 deletions(-) diff --git a/src/authentic2/views.py b/src/authentic2/views.py index 0c71b43..ed348a2 100644 --- a/src/authentic2/views.py +++ b/src/authentic2/views.py @@ -424,6 +424,10 @@ def logout_list(request): '''Return logout links from idp backends''' return utils.accumulate_from_backends(request, 'logout_list') +def redirect_logout_list(request): + '''Return redirect logout links from idp backends''' + return utils.accumulate_from_backends(request, 'redirect_logout_list') + def logout(request, next_url=None, default_next_url='auth_homepage', redirect_field_name=REDIRECT_FIELD_NAME, template='authentic2/logout.html', do_local=True, check_referer=True): @@ -441,31 +445,44 @@ def logout(request, next_url=None, default_next_url='auth_homepage', ctx = {} ctx['next_url'] = next_url ctx['redir_timeout'] = 60 - # Shortcut ! - if not request.user.is_authenticated(): - return utils.redirect(request, next_url) - if check_referer and not utils.check_referer(request): - return render(request, 'authentic2/logout_confirm.html', ctx) - do_local = do_local and 'local' in request.REQUEST - if not do_local: - l = logout_list(request) - if l: - # Full logout - next_url = utils.make_url('auth_logout', params={ - 'local': 'ok', - REDIRECT_FIELD_NAME: next_url}) - ctx['next_url'] = next_url - ctx['logout_list'] = l - ctx['message'] = _('Logging out from all your services') - return render(request, template, ctx) - # Local logout - logger.info('logged out') - auth_logout(request) - messages.info(request, _('You have been logged out')) + local_logout_done = False + if request.user.is_authenticated(): + if check_referer and not utils.check_referer(request): + return render(request, 'authentic2/logout_confirm.html', ctx) + do_local = do_local and 'local' in request.REQUEST + if not do_local: + l = logout_list(request) + if l: + # Full logout with iframes + next_url = utils.make_url('auth_logout', params={ + 'local': 'ok', + REDIRECT_FIELD_NAME: next_url}) + ctx['next_url'] = next_url + ctx['logout_list'] = l + ctx['message'] = _('Logging out from all your services') + return render(request, template, ctx) + logger.info('logged out') + # Get redirection targets for full logout with redirections + targets = redirect_logout_list(request) + # Local logout + auth_logout(request) + local_logout_done = True + # Put redirection targets in session (after logout) + if targets: + request.session['logout_redirections'] = targets + # Full logout by redirections if any + targets = request.session.pop('logout_redirections', None) + if targets: + # Full logout with redirections + next_url = targets.pop(0) + request.session['logout_redirections'] = targets response = utils.redirect(request, next_url) - response.set_cookie('a2_just_logged_out', 1, max_age=60) + if local_logout_done: + response.set_cookie('a2_just_logged_out', 1, max_age=60) + messages.info(request, _('You have been logged out')) return response + def login_password_profile(request, *args, **kwargs): context_instance = kwargs.pop('context_instance', None) or RequestContext(request) can_change_password = (app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD -- 2.1.4