Skip to content
Snippets Groups Projects
Commit daf11a8c authored by Art's avatar Art :lizard:
Browse files

Implement proper redirects after log in and log out.

parent 1bd589d6
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ssoauth/templates/ssoauth/dev.html
+ 2
2
View file @ daf11a8c
...@@ -34,8 +34,8 @@ ...@@ -34,8 +34,8 @@
</div> </div>
<div class="column"> <div class="column">
<h4 class="title">Production Actions</h4> <h4 class="title">Production Actions</h4>
<a class="button button-outline button-black" href="{% url "sso-login" %}">SSO Log in</a> <a class="button button-outline button-black" href="{% url "sso-login" %}?next={% url "sso-dev" %}">SSO Log in</a>
<a class="button button-outline button-black" href="{% url "sso-logout" %}">Log out</a> <a class="button button-outline button-black" href="{% url "sso-logout" %}?next={% url "sso-dev" %}">Log out</a>
<p><i>These actions are used in production</i></p> <p><i>These actions are used in production</i></p>
</div> </div>
</div> </div>
......
ssoauth/urls.py
+ 1
1
View file @ daf11a8c
...@@ -6,6 +6,6 @@ urlpatterns = ( ...@@ -6,6 +6,6 @@ urlpatterns = (
url(r"^logout/?$", views.LogOutView.as_view(), name="sso-logout"), url(r"^logout/?$", views.LogOutView.as_view(), name="sso-logout"),
url(r"^saml2/acs/?$", views.ACSAuthNView.as_view(), name="sso-saml2-acs"), url(r"^saml2/acs/?$", views.ACSAuthNView.as_view(), name="sso-saml2-acs"),
url(r"^saml2/meta/?$", views.MetadataView.as_view(), name="sso-saml2-meta"), url(r"^saml2/meta/?$", views.MetadataView.as_view(), name="sso-saml2-meta"),
url(r"^d(?:ev)?/?$", views.DevView.as_view(), name="sso-dev"), url(r"^dev/?$", views.DevView.as_view(), name="sso-dev"),
) )
ssoauth/views.py
+ 23
9
View file @ daf11a8c
...@@ -5,13 +5,14 @@ from django.utils.decorators import method_decorator ...@@ -5,13 +5,14 @@ from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.contrib import auth as contrib_auth from django.contrib import auth as contrib_auth
from django.contrib.auth import models as contrib_auth_models from django.contrib.auth import models as contrib_auth_models
from django.contrib.auth import REDIRECT_FIELD_NAME
from django import conf from django import conf
from django.core import exceptions from django.core import exceptions
from django import forms from django import forms
from django.views.decorators.cache import never_cache
from . import logger from . import logger
from . import app_settings from . import app_settings
from . import auth_utils from . import auth_utils
from onelogin.saml2.utils import OneLogin_Saml2_Utils
from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.auth import OneLogin_Saml2_Auth
from collections import OrderedDict from collections import OrderedDict
...@@ -50,26 +51,30 @@ class SAMLMixin: ...@@ -50,26 +51,30 @@ class SAMLMixin:
) )
@method_decorator(never_cache, "dispatch")
class LogInView(SAMLMixin, View): class LogInView(SAMLMixin, View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
next_url = "{host}{relative}".format(
host=OneLogin_Saml2_Utils.get_self_url(self.get_onelogin_request_data(request)),
relative=urls.reverse("sso-saml2-meta"),
)
auth = self.get_onelogin_auth(request) auth = self.get_onelogin_auth(request)
login = auth.login(return_to=next_url) login = auth.login(return_to=self.get_next_url(request))
return http.HttpResponseRedirect(login) return http.HttpResponseRedirect(login)
@staticmethod
def get_next_url(request):
next_url = request.GET.get(REDIRECT_FIELD_NAME, None) or conf.settings.LOGIN_REDIRECT_URL or "/"
logger.debug("Will ask IDP to redirect after login to: {}".format(next_url))
return next_url
class LogOutView(View): class LogOutView(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
contrib_auth.logout(request) contrib_auth.logout(request)
logger.warning("Don't know what to do after logging out in Django.") next_url = request.GET.get(REDIRECT_FIELD_NAME, None) or conf.settings.LOGOUT_REDIRECT_URL or "/"
return http.HttpResponseRedirect(urls.reverse("sso-dev")) return http.HttpResponseRedirect(next_url)
@method_decorator(never_cache, "dispatch")
@method_decorator(csrf_exempt, "dispatch") @method_decorator(csrf_exempt, "dispatch")
class ACSAuthNView(SAMLMixin, View): class ACSAuthNView(SAMLMixin, View):
""" """
...@@ -84,11 +89,20 @@ class ACSAuthNView(SAMLMixin, View): ...@@ -84,11 +89,20 @@ class ACSAuthNView(SAMLMixin, View):
self.log_in_user(request, auth) self.log_in_user(request, auth)
if conf.settings.DEBUG: if conf.settings.DEBUG:
request.session["DEBUG_SAML2_ATTRS"] = auth.get_attributes() request.session["DEBUG_SAML2_ATTRS"] = auth.get_attributes()
return http.HttpResponseRedirect(urls.reverse("sso-dev")) return http.HttpResponseRedirect(self.get_next_url(request))
else: else:
logger.error("Not authenticated. Errors: {0}".format(auth.get_errors())) logger.error("Not authenticated. Errors: {0}".format(auth.get_errors()))
raise exceptions.PermissionDenied() raise exceptions.PermissionDenied()
@staticmethod
def get_next_url(request):
next_url = request.POST.get("RelayState", None)
if not next_url:
logger.warning("Did not receive RelayState (redirect target) from the IDP.")
next_url = conf.settings.LOGOUT_REDIRECT_URL or "/"
logger.debug("From ACS redirecting to {}".format(next_url))
return next_url
def log_in_user(self, request, auth): def log_in_user(self, request, auth):
def get_attr(attribute_name, nullable=False, multivalued=False): def get_attr(attribute_name, nullable=False, multivalued=False):
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment