cst1/kpsul
1
0
Fork 0
forked from DGNum/gestioCOF
Code Pull requests Activity

Force CAS logout redirection parameter name

Browse source 
'service' instead of 'url'
This commit is contained in:
Antonin Reitz 2019-11-25 23:03:27 +01:00
parent 14164ec4a5
commit 316f6b1041
1 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
kfet/auth/views.py
View file

@ -1,3 +1,4 @@
from django.conf import settings as django_settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth import authenticate, login from django.contrib.auth import authenticate, login
from django.contrib.auth.decorators import permission_required from django.contrib.auth.decorators import permission_required
@ -42,7 +43,7 @@ class GenericLoginView(View):
if request.method == "POST": if request.method == "POST":
# Step 1: set token and logout user. # Step 1: set token and logout user.
return self.prepare_auth() return self.prepare_auth(request)
else: else:
# GET request should not change server/client states. Send a # GET request should not change server/client states. Send a
# confirmation template to emit a POST request. # confirmation template to emit a POST request.
@ -61,7 +62,7 @@ class GenericLoginView(View):
# Step 2: validate token. # Step 2: validate token.
return self.validate_auth(token) return self.validate_auth(token)
def prepare_auth(self): def prepare_auth(self, request):
# Issue token. # Issue token.
token = GenericTeamToken.objects.create_token() token = GenericTeamToken.objects.create_token()
@ -73,10 +74,23 @@ class GenericLoginView(View):
here_qd["next"] = self.request.GET["next"] here_qd["next"] = self.request.GET["next"]
here_url += "?{}".format(here_qd.urlencode()) here_url += "?{}".format(here_qd.urlencode())
logout_url = reverse("cof-logout") # When CAS logs the user out, the generic login has to be called back.
logout_qd = QueryDict(mutable=True) # The corresponding callback URL is provided as a GET parameter.
logout_qd["next"] = here_url # The renaming of the CAS logout "url" parameter to "service" is being forced,
logout_url += "?{}".format(logout_qd.urlencode(safe="/")) # which is why the CAS logout URL with callback is constructed ad hoc,
# without relying on Django redirection to Django CAS.
# An HTTP absolute URL as callback seems to be required for the K-Psul link
# to work.
generic_login_url = "http://" + request.get_host() + here_url
generic_login_qd = QueryDict(mutable=True)
generic_login_qd["service"] = generic_login_url
cas_server_url = django_settings.CAS_SERVER_URL
cas_logout_url = cas_server_url+"logout"
cas_callback_url = cas_logout_url + "?{}".format(generic_login_qd.urlencode())
logout_url = cas_callback_url
resp = redirect(logout_url) resp = redirect(logout_url)
resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True) resp.set_signed_cookie(self.TOKEN_COOKIE_NAME, token.token, httponly=True)