entrouvert
/
django-mellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity

views: send all related SessionIndex in LogoutRequest (#69955) 

As we do not known which one the IdP remember, we must send them all.
This commit is contained in:
Benjamin Dauvergne 2022-10-06 16:21:25 +02:00
parent cce77e82e5
commit 817314b8ee
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
mellon/views.py
View File

@ -753,12 +753,14 @@ class LogoutView(ProfileMixin, LogMixin, View):
self.get_relay_state(create=True)
try:
session_indexes = models.SessionIndex.objects.filter(
saml_identifier__user=request.user, saml_identifier__issuer__entity_id=issuer
).order_by('-id')
saml_identifier__user=request.user,
saml_identifier__issuer__entity_id=issuer,
session_key=request.session.session_key,
)
if not session_indexes:
self.log.error('unable to find lasso session dump')
else:
session_dump = utils.make_session_dump(session_indexes[:1])
session_dump = utils.make_session_dump(session_indexes)
logout.setSessionFromDump(session_dump)
session_indexes.update(logout_timestamp=now())
logout.initRequest(issuer, lasso.HTTP_METHOD_REDIRECT)
@ -812,7 +814,10 @@ class LogoutView(ProfileMixin, LogMixin, View):
token_content = signing.loads(token, salt=self.TOKEN_SALT)
next_url = token_content['next_url'] or logout_next_url
session_index_pk = token_content['session_index_pk']
session_indexes = models.SessionIndex.objects.filter(pk=session_index_pk)
session_index = models.SessionIndex.objects.filter(pk=session_index_pk).first()
session_indexes = models.SessionIndex.objects.filter(
saml_identifier=session_index.saml_identifier, session_key=session_index.session_key
)
if session_indexes:
session_dump = utils.make_session_dump(session_indexes)
logout = utils.create_logout(request)