middleware: clear PASSIVE_TRIED_COOKIE when logged in (#67084)
This commit is contained in:
parent
1fa1541c02
commit
437d1a3063
|
@ -31,7 +31,10 @@ class PassiveAuthenticationMiddleware(MiddlewareMixin):
|
|||
if (
|
||||
app_settings.OPENED_SESSION_COOKIE_NAME
|
||||
and PASSIVE_TRIED_COOKIE in request.COOKIES
|
||||
and app_settings.OPENED_SESSION_COOKIE_NAME not in request.COOKIES
|
||||
and (
|
||||
app_settings.OPENED_SESSION_COOKIE_NAME not in request.COOKIES
|
||||
or (hasattr(request, 'user') and request.user.is_authenticated)
|
||||
)
|
||||
):
|
||||
response.delete_cookie(PASSIVE_TRIED_COOKIE)
|
||||
return response
|
||||
|
|
|
@ -717,12 +717,14 @@ def test_passive_auth_middleware_ok(db, app, idp, caplog, settings):
|
|||
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
||||
response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
|
||||
assert app.session['mellon_opened_session_cookie'] == '5678'
|
||||
assert 'MELLON_PASSIVE_TRIED' not in app.cookies
|
||||
assert '_auth_user_id' in app.session
|
||||
# ok change the idp session id
|
||||
app.set_cookie('IDP_SESSION', '1234')
|
||||
# if we try a request, we are logged out and redirected to try a new passive login
|
||||
response = app.get('/', headers={'Accept': 'text/html'}, status=302)
|
||||
assert '_auth_user_id' not in app.session
|
||||
assert 'MELLON_PASSIVE_TRIED' in app.cookies
|
||||
|
||||
|
||||
def test_passive_auth_middleware_no_passive_auth_parameter(db, app, idp, caplog, settings):
|
||||
|
|
Loading…
Reference in New Issue