accepter des login_hint dans l'URL de login (#76712) #5
|
@ -357,3 +357,13 @@ def is_slo_supported(request, issuer):
|
|||
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_LOGOUT)
|
||||
!= lasso.HTTP_METHOD_NONE
|
||||
)
|
||||
|
||||
|
||||
def get_login_hints_from_request(request):
|
||||
request_login_hints = request.GET.getlist('login_hint')
|
||||
login_hints = [
|
||||
login_hint.strip()
|
||||
for login_hint in request_login_hints
|
||||
if login_hint.isascii() and login_hint.isprintable()
|
||||
]
|
||||
return login_hints
|
||||
|
|
|
@ -591,13 +591,16 @@ class LoginView(ProfileMixin, LogMixin, View):
|
|||
|
||||
def add_login_hints(self, idp, authn_request, request, next_url=None):
|
||||
login_hints = utils.get_setting(idp, 'LOGIN_HINTS', [])
|
||||
hints = []
|
||||
hints = set()
|
||||
for login_hint in login_hints:
|
||||
if login_hint == 'backoffice':
|
||||
if next_url and self.is_in_backoffice(request, next_url):
|
||||
hints.append('backoffice')
|
||||
hints.add('backoffice')
|
||||
if login_hint == 'always_backoffice':
|
||||
hints.append('backoffice')
|
||||
hints.add('backoffice')
|
||||
|
||||
for login_hint in utils.get_login_hints_from_request(request):
|
||||
hints.add(login_hint)
|
||||
|
||||
for hint in hints:
|
||||
node = ET.Element(LOGIN_HINT)
|
||||
|
|
|
@ -922,3 +922,12 @@ def test_sso_slo_update_of_new_fields(db, app, idp, caplog, sp_settings):
|
|||
caplog.clear()
|
||||
response = app.get(url)
|
||||
assert len(caplog.records) == 0, 'logout failed'
|
||||
|
||||
|
||||
def test_sso_slo_pass_login_hints_from_request(db, app, idp, caplog, sp_settings):
|
||||
response = app.get(reverse('mellon_login') + '?next=/whatever/&login_hint=azure')
|
||||
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
||||
root = ET.fromstring(idp.request)
|
||||
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
||||
assert len(login_hints) == 1, 'missing login hint'
|
||||
assert login_hints[0].text == 'azure', 'login hint is not azure'
|
||||
|
|
Loading…
Reference in New Issue