Project

General

Profile

Bug #9195

Modify logout view to take in account redirections.

Added by Mikaël Ates over 3 years ago. Updated over 1 year ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
03 Dec 2015
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

views.logout make a full logout with iframes and then a local logout.

It may be necessary to make logout by redirections before local logout.

Logout fragments are collected from plugins calling logout_list functions. Those currently return iframe html fragments. So they could also return a uri.
To dinstinguish them and keep compatibility, the patch propose to pass the uri in a dict.

0001-Handle-logout-by-redirection-from-plugins.patch View (4.18 KB) Mikaël Ates, 07 Jan 2016 06:10 PM

0001-Handle-logout-by-redirection-from-plugins.patch View (4.55 KB) Mikaël Ates, 19 Jan 2016 04:32 PM

Associated revisions

Revision 9ae46032 (diff)
Added by Mikaël Ates over 3 years ago

Handle logout by redirection from plugins (fixes #9195).

A new plugin method called redirect_logout_list is used to collect
urls of logout endpoints.
The local logout is done before processing redirections. Urls are collected
when the user is logged in and put in session after is logged out.

History

#1 Updated by Mikaël Ates over 3 years ago

  • File deleted (0001-Allow-redirections-in-logout-from-plugins.patch)

#2 Updated by Mikaël Ates over 3 years ago

  • File 0001-Allow-redirections-in-logout-from-plugins.patch added

#3 Updated by Benjamin Dauvergne over 3 years ago

I would like the local logout to happen before the last redirection, so this patch is not acceptable currently.

#4 Updated by Benjamin Dauvergne over 3 years ago

  • Target version set to 2.2.0

#5 Updated by Mikaël Ates over 3 years ago

  • File 0001-Handle-logout-by-redirection-from-plugins.patch added

Local logout is now done before handling redirections.

The session dict is saved only when it's modified (https://docs.djangoproject.com/fr/1.9/topics/http/sessions/). That is not the case when I pop a value of a list recorded in the session. One solution is to use SESSION_SAVE_EVERY_REQUEST / request.session.modified. I prefered to pop the list from the dict, pop a value from it and record the list updated in the session.

#6 Updated by Mikaël Ates over 3 years ago

  • File deleted (0001-Allow-redirections-in-logout-from-plugins.patch)

#7 Updated by Mikaël Ates over 3 years ago

  • File 0001-Handle-logout-by-redirection-from-plugins.patch added

#8 Updated by Mikaël Ates over 3 years ago

  • File deleted (0001-Handle-logout-by-redirection-from-plugins.patch)

#9 Updated by Benjamin Dauvergne over 3 years ago

C'est là qu'un test autour du logout aurait-été bien... Est-ce que tu ne pourrais pas modifier un peu moins la structure de contrôle ? La fonction est déjà complexe, et le changement ne la simplifiant pas j'aurai préféré que le changement soit moins intrusif.

#10 Updated by Mikaël Ates over 3 years ago

Patch revised to set the info message and do the set cookie only at the local logout.

#11 Updated by Mikaël Ates over 3 years ago

  • File deleted (0001-Handle-logout-by-redirection-from-plugins.patch)

#12 Updated by Mikaël Ates over 3 years ago

La structure de contrôle sort de la fonction si l'utilisateur n'est pas loggué localement. Or la vue gère désormais les logouts par redirections après le logout local, ce qui m'a conduit à revoir la structure de contrôle. Si tu vois quelque chose de plus léger, dis moi.

#13 Updated by Benjamin Dauvergne over 3 years ago

  • Assignee changed from Benjamin Dauvergne to Mikaël Ates

#14 Updated by Benjamin Dauvergne over 3 years ago

Avec le code actuel le next_url d'origine est perdu quand targets n'est pas vide, j'ajouterai le patch suivant;

diff --git a/src/authentic2/views.py b/src/authentic2/views.py
index ed348a2..13699bc 100644
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@@ -469,7 +469,7 @@ def logout(request, next_url=None, default_next_url='auth_homepage',
         local_logout_done = True
         # Put redirection targets in session (after logout)
         if targets:
-            request.session['logout_redirections'] = targets
+            request.session['logout_redirections'] = [next_url] + targets
     # Full logout by redirections if any
     targets = request.session.pop('logout_redirections', None)
     if targets:

Sinon on peut pousser je pense.

#15 Updated by Mikaël Ates over 3 years ago

J'ai ajouté next_url en fin de liste, car celle-ci est traitée avec pop(0), quelques commentaires et messages de debug.

#16 Updated by Benjamin Dauvergne over 3 years ago

Ack.

#17 Updated by Mikaël Ates over 3 years ago

  • % Done changed from 0 to 100
  • Status changed from Nouveau to Résolu (à déployer)

#18 Updated by Benjamin Dauvergne over 3 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#19 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF