implement FranceConnect logout (#25696)
This commit is contained in:
parent
b5581a5ab6
commit
1b9092b1d0
|
@ -168,6 +168,10 @@ def test_fc_login_page(caplog):
|
|||
assert session.extra_user_variables['fc_sub'] == 'ymca'
|
||||
|
||||
resp = app.get('/logout')
|
||||
assert resp.location.endswith('/ident/fc/logout')
|
||||
resp = resp.follow()
|
||||
assert resp.location == 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout?post_logout_redirect_uri=http%3A%2F%2Fexample.net'
|
||||
assert not get_session(app)
|
||||
|
||||
# Test error handling path
|
||||
resp = app.get('/ident/fc/callback?%s' % urllib.urlencode({
|
||||
|
|
|
@ -100,11 +100,14 @@ class UserFieldMappingTableWidget(WidgetListAsTable):
|
|||
|
||||
|
||||
class MethodDirectory(Directory):
|
||||
_q_exports = ['login', 'callback']
|
||||
_q_exports = ['login', 'logout', 'callback']
|
||||
|
||||
def login(self):
|
||||
return FCAuthMethod().login()
|
||||
|
||||
def logout(self):
|
||||
return FCAuthMethod().logout()
|
||||
|
||||
def callback(self):
|
||||
return FCAuthMethod().callback()
|
||||
|
||||
|
@ -222,6 +225,9 @@ class MethodAdminDirectory(Directory):
|
|||
r += _('Callback URL is %s.') % fc_callback
|
||||
r += htmltext('</p>')
|
||||
r += htmltext('<p>')
|
||||
r += _('Logout callback URL is %s.') % get_publisher().get_frontoffice_url()
|
||||
r += htmltext('</p>')
|
||||
r += htmltext('<p>')
|
||||
r += htmltext(_('See <a href="https://franceconnect.gouv.fr/fournisseur-service">'
|
||||
'FranceConnect partners\'site</a> for getting a client_id and '
|
||||
'a client_secret.'))
|
||||
|
@ -463,3 +469,11 @@ class FCAuthMethod(AuthMethod):
|
|||
session.set_user(user.id)
|
||||
session.extra_user_variables = session_var_fc_user
|
||||
return redirect(next_url)
|
||||
|
||||
def logout(self):
|
||||
logout_url = self.get_logout_url()
|
||||
post_logout_redirect_uri = get_publisher().get_frontoffice_url()
|
||||
logout_url += '?' + urllib.urlencode({
|
||||
'post_logout_redirect_uri': post_logout_redirect_uri,
|
||||
})
|
||||
return redirect(logout_url)
|
||||
|
|
|
@ -264,6 +264,11 @@ class RootDirectory(Directory):
|
|||
if not session:
|
||||
return redirect(get_publisher().get_root_url())
|
||||
ident_methods = get_cfg('identification', {}).get('methods', [])
|
||||
|
||||
if 'fc' in ident_methods and session.extra_user_variables and 'fc_sub' in session.extra_user_variables:
|
||||
get_session_manager().expire_session()
|
||||
return redirect(get_publisher().get_root_url() + 'ident/fc/logout')
|
||||
|
||||
if not 'idp' in ident_methods:
|
||||
get_session_manager().expire_session()
|
||||
return redirect(get_publisher().get_root_url())
|
||||
|
|
Loading…
Reference in New Issue