views: clean FranceConnect session variable on unlink (#32953)
This commit is contained in:
parent
beca608c97
commit
2da033c409
|
@ -149,6 +149,13 @@ def access_token_from_request(request, logger):
|
|||
ACCESS_GRANT_CODE = 'accessgrantcode'
|
||||
|
||||
|
||||
def clean_fc_session(session):
|
||||
session.pop('fc_id_token', None)
|
||||
session.pop('fc_id_token_raw', None)
|
||||
session.pop('fc_user_info', None)
|
||||
session.pop('fc_data', None)
|
||||
|
||||
|
||||
class FcOAuthSessionViewMixin(LoggerMixin):
|
||||
'''Add the OAuth2 dance to a view'''
|
||||
scopes = ['openid', 'profile', 'birth', 'email']
|
||||
|
@ -510,6 +517,7 @@ class UnlinkView(LoggerMixin, FormView):
|
|||
if app_settings.logout_when_unlink:
|
||||
# logout URL can be None if not session exists with FC
|
||||
url = utils.build_logout_url(self.request, next_url=url) or url
|
||||
clean_fc_session(self.request.session)
|
||||
return url
|
||||
|
||||
def get_form_class(self):
|
||||
|
@ -574,10 +582,7 @@ unlink = UnlinkView.as_view()
|
|||
class LogoutReturnView(View):
|
||||
def get(self, request, *args, **kwargs):
|
||||
state = request.GET.get('state')
|
||||
request.session.pop('fc_id_token', None)
|
||||
request.session.pop('fc_id_token_raw', None)
|
||||
request.session.pop('fc_user_info', None)
|
||||
request.session.pop('fc_data', None)
|
||||
clean_fc_session(request.session)
|
||||
states = request.session.pop('fc_states', None)
|
||||
next_url = None
|
||||
if states and state in states:
|
||||
|
|
Reference in New Issue