authsaml2: remove logout view made to be called directly from the UI.
This commit is contained in:
parent
f0bcfffca3
commit
c7b7600295
|
@ -979,124 +979,6 @@ def process_logout_response(request, logout, soap_response, next):
|
|||
return redirect_next(request, next) or ok_icon(request)
|
||||
|
||||
|
||||
def logout(request):
|
||||
'''
|
||||
To call from a UI
|
||||
'''
|
||||
if request.user.is_anonymous():
|
||||
return error_page(request,
|
||||
_('logout: not a logged in user'),
|
||||
logger=logger)
|
||||
server = build_service_provider(request)
|
||||
if not server:
|
||||
return error_page(request,
|
||||
_('logout: Service provider not configured'),
|
||||
logger=logger)
|
||||
logout = lasso.Logout(server)
|
||||
if not logout:
|
||||
return error_page(request,
|
||||
_('logout: Unable to create Login object'),
|
||||
logger=logger)
|
||||
load_session(request, logout, kind=LIBERTY_SESSION_DUMP_KIND_SP)
|
||||
# Lookup for the Identity provider from session
|
||||
q = LibertySessionDump. \
|
||||
objects.filter(django_session_key=request.session.session_key)
|
||||
if not q:
|
||||
return error_page(request,
|
||||
_('logout: No session for global logout.'),
|
||||
logger=logger)
|
||||
try:
|
||||
pid = lasso.Session().newFromDump(q[0].session_dump). \
|
||||
get_assertions().keys()[0]
|
||||
LibertyProvider.objects.get(entity_id=pid)
|
||||
except:
|
||||
return error_page(request,
|
||||
_('logout: Session malformed.'),
|
||||
logger=logger)
|
||||
|
||||
provider = load_provider(request, pid, server=server, sp_or_idp='idp')
|
||||
if not provider:
|
||||
return error_page(request,
|
||||
_('logout: Error loading provider.'),
|
||||
logger=logger)
|
||||
|
||||
policy = get_idp_options_policy(provider)
|
||||
if policy and policy.enable_http_method_for_slo_request \
|
||||
and policy.http_method_for_slo_request:
|
||||
if policy.http_method_for_slo_request == lasso.HTTP_METHOD_SOAP:
|
||||
try:
|
||||
logout.initRequest(None, lasso.HTTP_METHOD_SOAP)
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
try:
|
||||
logout.buildRequestMsg()
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
# TODO: Client cert
|
||||
client_cert = None
|
||||
soap_answer = None
|
||||
try:
|
||||
soap_answer = soap_call(logout.msgUrl,
|
||||
logout.msgBody, client_cert=client_cert)
|
||||
except SOAPException, error:
|
||||
return localLogout(request, error)
|
||||
if not soap_answer:
|
||||
remove_liberty_session_sp(request)
|
||||
signals.auth_logout.send(sender=None, user=request.user)
|
||||
auth_logout(request)
|
||||
return error_page(request,
|
||||
_('logout: SOAP error - \
|
||||
Only local logout performed.'),
|
||||
logger=logger)
|
||||
return slo_return(request, logout, soap_answer)
|
||||
else:
|
||||
try:
|
||||
logout.initRequest(None, lasso.HTTP_METHOD_REDIRECT)
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
session_index = get_session_index(request)
|
||||
if session_index:
|
||||
logout.request.sessionIndex = session_index
|
||||
try:
|
||||
logout.buildRequestMsg()
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
return HttpResponseRedirect(logout.msgUrl)
|
||||
|
||||
# If not defined in the metadata,
|
||||
# put ANY to let lasso do its job from metadata
|
||||
try:
|
||||
logout.initRequest(pid)
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
if not logout.msgBody:
|
||||
try:
|
||||
logout.buildRequestMsg()
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
# TODO: Client cert
|
||||
client_cert = None
|
||||
try:
|
||||
soap_answer = soap_call(logout.msgUrl,
|
||||
logout.msgBody, client_cert=client_cert)
|
||||
except SOAPException:
|
||||
return localLogout(request, error)
|
||||
return slo_return(request, logout, soap_answer)
|
||||
else:
|
||||
session_index = get_session_index(request)
|
||||
if session_index:
|
||||
logout.request.sessionIndex = session_index
|
||||
try:
|
||||
logout.buildRequestMsg()
|
||||
except lasso.Error, error:
|
||||
return localLogout(request, error)
|
||||
return HttpResponseRedirect(logout.msgUrl)
|
||||
|
||||
return error_page(request,
|
||||
_('logout: Unknown HTTP method.'),
|
||||
logger=logger)
|
||||
|
||||
|
||||
def localLogout(request, error):
|
||||
remove_liberty_session_sp(request)
|
||||
signals.auth_logout.send(sender=None, user=request.user)
|
||||
|
|
|
@ -3,7 +3,7 @@ from django.conf import settings
|
|||
from django.conf.urls import patterns, url
|
||||
|
||||
from authentic2.authsaml2.saml2_endpoints import metadata, sso, finish_federation, \
|
||||
singleSignOnArtifact, singleSignOnPost, sp_slo, logout, singleLogoutReturn, \
|
||||
singleSignOnArtifact, singleSignOnPost, sp_slo, singleLogoutReturn, \
|
||||
singleLogoutSOAP, singleLogout, federationTermination, manageNameIdReturn, \
|
||||
manageNameIdSOAP, manageNameId, delete_federation, redirect_to_disco, \
|
||||
disco_response
|
||||
|
@ -17,8 +17,6 @@ urlpatterns = patterns('',
|
|||
(r'^singleSignOnPost$', singleSignOnPost),
|
||||
# Receive request from functions
|
||||
(r'^sp_slo/(.*)$', sp_slo),
|
||||
# Receive request from user interface
|
||||
(r'^logout$', logout),
|
||||
# Receive response from Redirect SP initiated
|
||||
(r'^singleLogoutReturn$', singleLogoutReturn),
|
||||
# Receive request from SOAP IdP initiated
|
||||
|
|
Loading…
Reference in New Issue