def get(self, request, *args, **kwargs):
id_token_hint = request.GET.get('id_token_hint', '')
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri', '')
state = request.GET.get('state', '')
client = None
next_page = settings.get('OIDC_LOGIN_URL')
after_end_session_hook = settings.get('OIDC_AFTER_END_SESSION_HOOK', import_str=True)
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if post_logout_redirect_uri in client.post_logout_redirect_uris:
if state:
uri = urlsplit(post_logout_redirect_uri)
query_params = parse_qs(uri.query)
query_params['state'] = state
uri = uri._replace(query=urlencode(query_params, doseq=True))
next_page = urlunsplit(uri)
else:
next_page = post_logout_redirect_uri
except Client.DoesNotExist:
pass
after_end_session_hook(
request=request,
id_token=id_token_hint,
post_logout_redirect_uri=post_logout_redirect_uri,
state=state,
client=client,
next_page=next_page
)
return logout(request, next_page=next_page)
def _create_suomifi_logout_response(social_user, user, request,
redirect_url):
"""Creates Suomi.fi logout redirect response for given social_user
and removes all related OIDC tokens. The user is directed to redirect_url
after succesful Suomi.fi logout.
"""
token = ''
saml_backend = load_backend(load_strategy(request),
'suomifi',
redirect_uri=getattr(
settings, 'LOGIN_URL'))
id_token_hint = request.GET.get('id_token_hint')
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if redirect_url in client.post_logout_redirect_uris:
token = saml_backend.create_return_token(
client_id,
client.post_logout_redirect_uris.index(redirect_url))
except Client.DoesNotExist:
pass
response = saml_backend.create_logout_redirect(social_user, token)
for token in Token.objects.filter(user=user):
if token.id_token.get('aud') == client_id:
token.delete()
return response
def _create_suomifi_logout_response(social_user, user, request, redirect_url):
"""Creates Suomi.fi logout redirect response for given social_user
and removes all related OIDC tokens. The user is directed to redirect_url
after succesful Suomi.fi logout.
"""
token = ''
saml_backend = load_backend(
load_strategy(request),
'suomifi',
redirect_uri=getattr(settings, 'LOGIN_URL')
)
id_token_hint = request.GET.get('id_token_hint')
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if redirect_url in client.post_logout_redirect_uris:
token = saml_backend.create_return_token(
client_id,
client.post_logout_redirect_uris.index(redirect_url))
except Client.DoesNotExist:
pass
response = saml_backend.create_logout_redirect(social_user, token)
for token in Token.objects.filter(user=user):
if token.id_token.get('aud') == client_id:
token.delete()
return response
def get(self, request, *args, **kwargs):
id_token_hint = request.GET.get('id_token_hint', '')
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri',
'')
state = request.GET.get('state', '')
next_page = settings.get('LOGIN_URL')
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if post_logout_redirect_uri in client.post_logout_redirect_uris:
if state:
uri = urlsplit(post_logout_redirect_uri)
query_params = parse_qs(uri.query)
query_params['state'] = state
uri = uri._replace(
query=urlencode(query_params, doseq=True))
next_page = urlunsplit(uri)
else:
next_page = post_logout_redirect_uri
except Client.DoesNotExist:
pass
return logout(request, next_page=next_page)
def create_logout_response(self, social_user, redirect_uri):
"""Creates Suomi.fi logout redirect response for given social_user
and removes all related OIDC tokens. The user is directed to redirect_url
after succesful Suomi.fi logout.
"""
request = self.strategy.request
id_token_hint = request.GET.get('id_token_hint')
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if redirect_uri in client.post_logout_redirect_uris:
token = self.create_return_token(
client_id,
client.post_logout_redirect_uris.index(redirect_uri))
except Client.DoesNotExist:
pass
response = self.create_logout_redirect(social_user, token)
for token in Token.objects.filter(user=social_user.user):
if client_id and token.id_token.get('aud') == client_id:
token.delete()
return response
def _get_client(self) -> typing.Optional[Client]:
client = None
if self._id_token_hint:
client_id = client_id_from_id_token(self._id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
except Client.DoesNotExist:
pass
return client
def get(self, request, *args, **kwargs):
id_token_hint = request.GET.get('id_token_hint', '')
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri',
'')
state = request.GET.get('state', '')
next_page = settings.get('LOGIN_URL')
if id_token_hint:
client = None
if '.' in id_token_hint:
# looks like JWT
try:
client = Client.objects.get(
client_id=client_id_from_id_token(id_token_hint))
except Client.DoesNotExist:
pass
else:
# in hope it's access_token
try:
client = Token.objects.select_related('client').get(
access_token=id_token_hint).client
except Token.DoesNotExist:
pass
if client is not None:
if post_logout_redirect_uri in client.post_logout_redirect_uris:
if state:
uri = urlsplit(post_logout_redirect_uri)
query_params = parse_qs(uri.query)
query_params['state'] = state
uri = uri._replace(
query=urlencode(query_params, doseq=True))
next_page = urlunsplit(uri)
else:
next_page = post_logout_redirect_uri
return logout(request, next_page=next_page)
def get(self, request, *args, **kwargs):
id_token_hint = request.GET.get('id_token_hint', '')
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri', '')
state = request.GET.get('state', '')
next_page = settings.get('LOGIN_URL')
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if post_logout_redirect_uri in client.post_logout_redirect_uris:
if state:
uri = urlsplit(post_logout_redirect_uri)
query_params = parse_qs(uri.query)
query_params['state'] = state
uri = uri._replace(query=urlencode(query_params, doseq=True))
next_page = urlunsplit(uri)
else:
next_page = post_logout_redirect_uri
except Client.DoesNotExist:
pass
return logout(request, next_page=next_page)
def dispatch(self, request, *args, **kwargs):
id_token_hint = request.GET.get('id_token_hint', '')
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri', '')
state = request.GET.get('state', '')
client = None
next_page = settings.get('OIDC_LOGIN_URL')
after_end_session_hook = settings.get('OIDC_AFTER_END_SESSION_HOOK', import_str=True)
if id_token_hint:
client_id = client_id_from_id_token(id_token_hint)
try:
client = Client.objects.get(client_id=client_id)
if post_logout_redirect_uri in client.post_logout_redirect_uris:
if state:
uri = urlsplit(post_logout_redirect_uri)
query_params = parse_qs(uri.query)
query_params['state'] = state
uri = uri._replace(query=urlencode(query_params, doseq=True))
next_page = urlunsplit(uri)
else:
next_page = post_logout_redirect_uri
except Client.DoesNotExist:
pass
after_end_session_hook(
request=request,
id_token=id_token_hint,
post_logout_redirect_uri=post_logout_redirect_uri,
state=state,
client=client,
next_page=next_page
)
self.next_page = next_page
return super(EndSessionView, self).dispatch(request, *args, **kwargs)
