middleware: disable automatic passive authentication if ?no-passive-auth (#55854)
You can add ?no-passive-auth to an URL do disable passive authentication based on an IdP set common domain cookie.
This commit is contained in:
parent
472ce61844
commit
74e6f5a93d
|
@ -37,6 +37,9 @@ class PassiveAuthenticationMiddleware(MiddlewareMixin):
|
|||
return response
|
||||
|
||||
def process_view(self, request, view_func, view_args, view_kwargs):
|
||||
# skip if explicitely asked in the query string
|
||||
if 'no-passive-auth' in request.GET:
|
||||
return
|
||||
# Skip AJAX requests
|
||||
if request.is_ajax():
|
||||
return
|
||||
|
|
|
@ -656,7 +656,7 @@ def test_sso_slo_pass_login_hints_backoffice(db, app, idp, caplog, sp_settings):
|
|||
assert login_hints[0].text == 'backoffice', 'login hint is not backoffice'
|
||||
|
||||
|
||||
def test_middleware_mixin_first_time(db, app, idp, caplog, settings):
|
||||
def test_passive_auth_middleware_ok(db, app, idp, caplog, settings):
|
||||
settings.MELLON_OPENED_SESSION_COOKIE_NAME = 'IDP_SESSION'
|
||||
assert 'MELLON_PASSIVE_TRIED' not in app.cookies
|
||||
# webtest-lint is against unicode
|
||||
|
@ -688,6 +688,14 @@ def test_middleware_mixin_first_time(db, app, idp, caplog, settings):
|
|||
assert 'MELLON_PASSIVE_TRIED' in app.cookies
|
||||
|
||||
|
||||
def test_passive_auth_middleware_no_passive_auth_parameter(db, app, idp, caplog, settings):
|
||||
settings.MELLON_OPENED_SESSION_COOKIE_NAME = 'IDP_SESSION'
|
||||
assert 'MELLON_PASSIVE_TRIED' not in app.cookies
|
||||
# webtest-lint is against unicode
|
||||
app.set_cookie(str('IDP_SESSION'), str('1'))
|
||||
app.get('/?no-passive-auth', headers={'Accept': force_str('text/html')}, status=200)
|
||||
|
||||
|
||||
def test_sso_user_change(db, app, idp, caplog, sp_settings):
|
||||
response = app.get(reverse('mellon_login') + '?next=/whatever/')
|
||||
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
||||
|
|
Loading…
Reference in New Issue