always return to /logout/ after FC logout (fixes #15223)

2017-03-03 14:28:27 +01:00 · 2017-03-03 14:28:27 +01:00 · 5d422c2296
parent a141b520a7
commit 5d422c2296
4 changed files with 8 additions and 17 deletions
--- a/src/authentic2_auth_fc/init.py
+++ b/src/authentic2_auth_fc/init.py
@ -19,8 +19,8 @@ class Plugin(object):
    def get_auth_frontends(self):
        return ['authentic2_auth_fc.auth_frontends.FcFrontend']

-    def redirect_logout_list(self, request, next=None):
-        url = utils.build_logout_url(request, next)
+    def redirect_logout_list(self, request, **kwargs):
+        url = utils.build_logout_url(request)
        # url is assumed empty if no active session on the OP.
        if url:
            return [url]
--- a/src/authentic2_auth_fc/app_settings.py
+++ b/src/authentic2_auth_fc/app_settings.py
@ -43,10 +43,6 @@ class AppSettings(object):
    def about_url(self):
        return self._setting('ABOUT_URL', 'https://app.franceconnect.gouv.fr/en-savoir-plus')

-    @property
-    def logout_return_url(self):
-        return self._setting('LOGOUT_RETURN_URL', '/')
-
    @property
    def logout_when_unlink(self):
        return self._setting('LOGOUT_WHEN_UNLINK', True)
--- a/src/authentic2_auth_fc/utils.py
+++ b/src/authentic2_auth_fc/utils.py
@ -5,7 +5,7 @@ from django.core.urlresolvers import reverse
 from . import app_settings


-def build_logout_url(request, next=None):
+def build_logout_url(request):
    """
    For now fc-id_token in request.session is used as the flag of an
    active session on the OP. It is set in the login view and deleted in the
@ -13,10 +13,10 @@ def build_logout_url(request, next=None):
    """
    if 'fc-id_token' in request.session:
        callback = request.build_absolute_uri(reverse('fc-logout'))
-        if next:
-            callback += '?' + urllib.urlencode({app_settings.next_field_name: next})
-        qs = {'id_token_hint' : request.session.get('fc-id_token_raw'),
-            'post_logout_redirect_uri': callback}
+        qs = {
+            'id_token_hint': request.session.get('fc-id_token_raw'),
+            'post_logout_redirect_uri': callback
+        }
        return app_settings.logout_url + '?' + urllib.urlencode(qs)
    return None

--- a/src/authentic2_auth_fc/views.py
+++ b/src/authentic2_auth_fc/views.py
@ -447,11 +447,6 @@ class LogoutReturnView(View):
        request.session.pop('fc-id_token_raw', None)
        request.session.pop('fc-user_info', None)
        request.session.pop('fc-data', None)
-
-        # The next url may be in the query
-        if app_settings.next_field_name in request.GET:
-            return HttpResponseRedirect(request.GET[app_settings.next_field_name])
-        return HttpResponseRedirect(app_settings.logout_return_url)
-
+        return HttpResponseRedirect(reverse('auth_logout'))

 logout = LogoutReturnView.as_view()