From 60ad3b099d2638bd91da4fff6eca721fd1538a70 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 7 Mar 2014 17:39:50 +0100
Subject: [PATCH] add slo support

---
 authentic2_idp_oauth2/__init__.py | 30 +++++++++++++++++++++++++++++-
 authentic2_idp_oauth2/models.py   | 15 +++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/authentic2_idp_oauth2/__init__.py b/authentic2_idp_oauth2/__init__.py
index 5713c12..7760a5a 100644
--- a/authentic2_idp_oauth2/__init__.py
+++ b/authentic2_idp_oauth2/__init__.py
@@ -1,7 +1,35 @@
+from django.utils.timezone import now
+from django.template.loader import render_to_string
+
 class Plugin(object):
     def get_before_urls(self):
         from . import urls
         return urls.urlpatterns
 
     def get_apps(self):
-        return [__name__, 'rest_framework', 'provider', 'provider.oauth2']
+        return ['rest_framework', 'provider', 'provider.oauth2', __name__]
+
+    def logout_list(self, request):
+        from provider.oauth2.models import Client
+
+        if not request.user.is_authenticated():
+            return []
+
+        qs = Client.objects.filter(accesstoken__user=request.user,
+                accesstoken__expires__gt=now(), logout_url__isnull=False) \
+                .distinct()
+
+        l = []
+        for client in qs:
+            for logout_url in client.logout_url.all():
+                name = client.name
+                url = logout_url.get_url()
+                content = render_to_string('idp/saml/logout_fragment.html',
+                        {
+                            'needs_iframe': logout_url.use_iframe,
+                            'name': name,
+                            'url': url,
+                            'iframe_timeout': 2,
+                        })
+                l.append(content)
+        return l
diff --git a/authentic2_idp_oauth2/models.py b/authentic2_idp_oauth2/models.py
index e69de29..8575945 100644
--- a/authentic2_idp_oauth2/models.py
+++ b/authentic2_idp_oauth2/models.py
@@ -0,0 +1,15 @@
+try:
+    from django.contrib.contenttypes.fields import GenericRelation
+    django_17 = True
+except ImportError:
+    django_17 = False
+    from django.contrib.contenttypes.generic import GenericRelation
+
+from provider.oauth2.models import Client
+from authentic2.models import LogoutUrl
+
+if django_17:
+    GenericRelation(LogoutUrl, related_query_name='oauth2_clients')\
+            .contribute_to_class(Client, 'logout_url')
+else:
+    GenericRelation(LogoutUrl).contribute_to_class(Client, 'logout_url')