always return to /logout/ after FC logout (fixes #15223)
This commit is contained in:
parent
a141b520a7
commit
5d422c2296
|
@ -19,8 +19,8 @@ class Plugin(object):
|
|||
def get_auth_frontends(self):
|
||||
return ['authentic2_auth_fc.auth_frontends.FcFrontend']
|
||||
|
||||
def redirect_logout_list(self, request, next=None):
|
||||
url = utils.build_logout_url(request, next)
|
||||
def redirect_logout_list(self, request, **kwargs):
|
||||
url = utils.build_logout_url(request)
|
||||
# url is assumed empty if no active session on the OP.
|
||||
if url:
|
||||
return [url]
|
||||
|
|
|
@ -43,10 +43,6 @@ class AppSettings(object):
|
|||
def about_url(self):
|
||||
return self._setting('ABOUT_URL', 'https://app.franceconnect.gouv.fr/en-savoir-plus')
|
||||
|
||||
@property
|
||||
def logout_return_url(self):
|
||||
return self._setting('LOGOUT_RETURN_URL', '/')
|
||||
|
||||
@property
|
||||
def logout_when_unlink(self):
|
||||
return self._setting('LOGOUT_WHEN_UNLINK', True)
|
||||
|
|
|
@ -5,7 +5,7 @@ from django.core.urlresolvers import reverse
|
|||
from . import app_settings
|
||||
|
||||
|
||||
def build_logout_url(request, next=None):
|
||||
def build_logout_url(request):
|
||||
"""
|
||||
For now fc-id_token in request.session is used as the flag of an
|
||||
active session on the OP. It is set in the login view and deleted in the
|
||||
|
@ -13,10 +13,10 @@ def build_logout_url(request, next=None):
|
|||
"""
|
||||
if 'fc-id_token' in request.session:
|
||||
callback = request.build_absolute_uri(reverse('fc-logout'))
|
||||
if next:
|
||||
callback += '?' + urllib.urlencode({app_settings.next_field_name: next})
|
||||
qs = {'id_token_hint' : request.session.get('fc-id_token_raw'),
|
||||
'post_logout_redirect_uri': callback}
|
||||
qs = {
|
||||
'id_token_hint': request.session.get('fc-id_token_raw'),
|
||||
'post_logout_redirect_uri': callback
|
||||
}
|
||||
return app_settings.logout_url + '?' + urllib.urlencode(qs)
|
||||
return None
|
||||
|
||||
|
|
|
@ -447,11 +447,6 @@ class LogoutReturnView(View):
|
|||
request.session.pop('fc-id_token_raw', None)
|
||||
request.session.pop('fc-user_info', None)
|
||||
request.session.pop('fc-data', None)
|
||||
|
||||
# The next url may be in the query
|
||||
if app_settings.next_field_name in request.GET:
|
||||
return HttpResponseRedirect(request.GET[app_settings.next_field_name])
|
||||
return HttpResponseRedirect(app_settings.logout_return_url)
|
||||
|
||||
return HttpResponseRedirect(reverse('auth_logout'))
|
||||
|
||||
logout = LogoutReturnView.as_view()
|
||||
|
|
Loading…
Reference in New Issue