From 7cd78e96ab8faeb276e2bb89ed6c57386fe6af2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laur=C3=A9line=20Gu=C3=A9rin?= Date: Fri, 15 Jan 2021 10:27:51 +0100 Subject: [PATCH] views: fix logout is user is already logged out (#50155) --- mellon/views.py | 3 +++ tests/test_sso_slo.py | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/mellon/views.py b/mellon/views.py index 39aec16..7dfa785 100644 --- a/mellon/views.py +++ b/mellon/views.py @@ -659,6 +659,9 @@ class LogoutView(ProfileMixin, LogMixin, View): if logout: self.set_next_url(next_url) self.log.info('user logged out, SLO request sent to IdP') + else: + # anonymous user: if next_url is None redirect to referer + return HttpResponseRedirect(next_url or referer) else: self.log.warning('logout refused referer %r is not of the same origin', referer) return HttpResponseRedirect(next_url) diff --git a/tests/test_sso_slo.py b/tests/test_sso_slo.py index d7f07b4..77532ab 100644 --- a/tests/test_sso_slo.py +++ b/tests/test_sso_slo.py @@ -233,8 +233,11 @@ def test_sso_slo(db, app, idp, caplog, sp_settings): assert 'created new user' in caplog.text assert 'logged in using SAML' in caplog.text assert urlparse.urlparse(response['Location']).path == '/whatever/' - response = app.get(reverse('mellon_logout')) + response = app.get(reverse('mellon_logout'), extra_environ={'HTTP_REFERER': str('/some/path')}) assert urlparse.urlparse(response['Location']).path == '/singleLogout' + # again, user is already logged out + response = app.get(reverse('mellon_logout'), extra_environ={'HTTP_REFERER': str('/some/path')}) + assert urlparse.urlparse(response['Location']).path == '/some/path' def test_sso_idp_slo(db, app, idp, caplog, sp_settings):