views,middleware: do not ever cache responses containing an LTPA cookie
This commit is contained in:
parent
ae7ba50a19
commit
5527a4c9a6
|
@ -1,8 +1,13 @@
|
||||||
|
from django.utils.cache import patch_cache_control
|
||||||
|
|
||||||
from . import views
|
from . import views
|
||||||
|
|
||||||
class LTPAMiddleware(object):
|
class LTPAMiddleware(object):
|
||||||
def process_response(self, request, response):
|
def process_response(self, request, response):
|
||||||
if request.path == '/' or request.path == '/login/':
|
if request.path == '/' or request.path == '/login/':
|
||||||
views.add_ltpa_token_to_response(request, response)
|
views.add_ltpa_token_to_response(request, response)
|
||||||
|
# prevent client side caching
|
||||||
|
patch_cache_control(response, no_cache=True, no_store=True,
|
||||||
|
must_revalidate=True)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ import urlparse
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.views.decorators.cache import cache_control
|
||||||
|
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||||
|
@ -28,6 +29,7 @@ def add_ltpa_token_to_response(request, response):
|
||||||
request.session['ltpa'] = True
|
request.session['ltpa'] = True
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@cache_control(no_cache=True, not_store=True, must_revalidate=True)
|
||||||
def ltpa(request):
|
def ltpa(request):
|
||||||
'''Ask for authentication then generate a cookie'''
|
'''Ask for authentication then generate a cookie'''
|
||||||
next_url = request.REQUEST[REDIRECT_FIELD_NAME]
|
next_url = request.REQUEST[REDIRECT_FIELD_NAME]
|
||||||
|
@ -35,6 +37,7 @@ def ltpa(request):
|
||||||
add_ltpa_token_to_response(request, response)
|
add_ltpa_token_to_response(request, response)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
@cache_control(no_cache=True, not_store=True, must_revalidate=True)
|
||||||
def logout(request):
|
def logout(request):
|
||||||
next_url = urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png')
|
next_url = urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png')
|
||||||
response = HttpResponseRedirect(next_url)
|
response = HttpResponseRedirect(next_url)
|
||||||
|
|
Reference in New Issue