views: fix logout is user is already logged out (#50155)

2021-01-15 10:27:51 +01:00 · 2021-01-15 10:27:51 +01:00 · 7cd78e96ab
parent 956a8651c2
commit 7cd78e96ab
2 changed files with 7 additions and 1 deletions
--- a/mellon/views.py
+++ b/mellon/views.py
@ -659,6 +659,9 @@ class LogoutView(ProfileMixin, LogMixin, View):
                    if logout:
                        self.set_next_url(next_url)
                    self.log.info('user logged out, SLO request sent to IdP')
+            else:
+                # anonymous user: if next_url is None redirect to referer
+                return HttpResponseRedirect(next_url or referer)
        else:
            self.log.warning('logout refused referer %r is not of the same origin', referer)
        return HttpResponseRedirect(next_url)
--- a/tests/test_sso_slo.py
+++ b/tests/test_sso_slo.py
@ -233,8 +233,11 @@ def test_sso_slo(db, app, idp, caplog, sp_settings):
    assert 'created new user' in caplog.text
    assert 'logged in using SAML' in caplog.text
    assert urlparse.urlparse(response['Location']).path == '/whatever/'
-    response = app.get(reverse('mellon_logout'))
+    response = app.get(reverse('mellon_logout'), extra_environ={'HTTP_REFERER': str('/some/path')})
    assert urlparse.urlparse(response['Location']).path == '/singleLogout'
+    # again, user is already logged out
+    response = app.get(reverse('mellon_logout'), extra_environ={'HTTP_REFERER': str('/some/path')})
+    assert urlparse.urlparse(response['Location']).path == '/some/path'


 def test_sso_idp_slo(db, app, idp, caplog, sp_settings):