Logout next url can be local or absolute
This commit is contained in:
parent
8e95a01647
commit
352fedb8b2
1 changed files with 11 additions and 5 deletions
|
@ -1,4 +1,4 @@
|
|||
from urllib.parse import urlunparse
|
||||
from urllib.parse import urlparse, urlunparse
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import auth
|
||||
|
@ -98,8 +98,14 @@ class LogoutView(auth_views.LogoutView):
|
|||
next_page = super().get_next_page()
|
||||
if self.cas_connected:
|
||||
cas_client = get_cas_client(self.request)
|
||||
redirect_url = urlunparse(
|
||||
(self.request.scheme, self.request.get_host(), next_page, "", "", "")
|
||||
)
|
||||
next_page = cas_client.get_logout_url(redirect_url=redirect_url)
|
||||
|
||||
# If the next_url is local (no hostname), make it absolute so that the user
|
||||
# is correctly redirected from CAS.
|
||||
if not urlparse(next_page).netloc:
|
||||
request = self.request
|
||||
next_page = urlunparse(
|
||||
(request.scheme, request.get_host(), next_page, "", "", "")
|
||||
)
|
||||
|
||||
next_page = cas_client.get_logout_url(redirect_url=next_page)
|
||||
return next_page
|
||||
|
|
Loading…
Reference in a new issue