franceconnect: return HTTP 400 error on bad calls to logout URL (#40896)
This commit is contained in:
parent
b41cc0fff9
commit
3ab9b50587
|
@ -343,3 +343,10 @@ def test_fc_settings_no_user_profile():
|
|||
|
||||
resp = resp.forms[0].submit('submit').follow()
|
||||
assert pub.cfg['fc'] == FC_CONFIG
|
||||
|
||||
|
||||
def test_fc_logout_error():
|
||||
setup_user_profile(pub)
|
||||
setup_fc_environment(pub)
|
||||
app = get_app(pub)
|
||||
app.get('/ident/fc/logout', status=400)
|
||||
|
|
|
@ -25,6 +25,7 @@ from django.utils.six.moves.urllib import parse as urllib
|
|||
from quixote import redirect, get_session, get_publisher, get_request, get_session_manager
|
||||
from quixote.directory import Directory
|
||||
from quixote.html import htmltext, TemplateIO
|
||||
from quixote.errors import QueryError
|
||||
|
||||
from .. import _, N_
|
||||
from ..backoffice.menu import html_top
|
||||
|
@ -476,6 +477,8 @@ class FCAuthMethod(AuthMethod):
|
|||
|
||||
def logout(self):
|
||||
session = get_session()
|
||||
if not session or not session.extra_user_variables or not session.extra_user_variables.get('fc_id_token'):
|
||||
raise QueryError()
|
||||
id_token = session.extra_user_variables['fc_id_token']
|
||||
get_session_manager().expire_session()
|
||||
logout_url = self.get_logout_url()
|
||||
|
|
Loading…
Reference in New Issue