DGNum/authens
13
0
Fork 0
Code Issues 2 Pull requests Projects Releases 2 Packages Wiki Activity

Logout next url can be local or absolute

Browse source
This commit is contained in:
Martin Pépin 2020-06-10 23:23:33 +02:00
parent 8e95a01647
commit 352fedb8b2
No known key found for this signature in database
GPG key ID: E7520278B1774448
1 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
authens/views.py
View file

@ -1,4 +1,4 @@
from urllib.parse import urlunparse
from urllib.parse import urlparse, urlunparse
from django.conf import settings
from django.contrib import auth
@ -98,8 +98,14 @@ class LogoutView(auth_views.LogoutView):
next_page = super().get_next_page()
if self.cas_connected:
cas_client = get_cas_client(self.request)
redirect_url = urlunparse(
(self.request.scheme, self.request.get_host(), next_page, "", "", "")
)
next_page = cas_client.get_logout_url(redirect_url=redirect_url)
# If the next_url is local (no hostname), make it absolute so that the user
# is correctly redirected from CAS.
if not urlparse(next_page).netloc:
request = self.request
next_page = urlunparse(
(request.scheme, request.get_host(), next_page, "", "", "")
)
next_page = cas_client.get_logout_url(redirect_url=next_page)
return next_page