def get(self, request, *args, **kwargs):
# store the 'next' parameter in the session so we can
# redirect the user afterwards
next = get_next(request)
request.session['sso_after_logout_next'] = next
payload = {
# JWT standard items.
'iss': settings.SSO_KEY,
'exp': datetime.datetime.utcnow() + JWT_EXPIRATION,
# Our items.
'logout_url': abs_reverse(
request, 'lizard_auth_client.sso_local_logout'),
}
signed_message = jwt.encode(payload, settings.SSO_SECRET,
algorithm=settings.SSO_JWT_ALGORITHM)
query_string = urlencode({
'message': signed_message,
'key': settings.SSO_KEY
})
url = sso_server_url('logout')
url = '%s?%s' % (url, query_string)
# send the redirect response
return HttpResponseRedirect(url)
def _sso_post(viewname, payload):
"""Send a payload to the named URL at the SSO server.
Args:
viewname (str): The name of the URL (a bit like Django's reverse).
See https://sso.lizard.net/api2/.
payload (dict): A Python dictionary with key-value pairs to send.
Returns:
dict: The decoded JSON response.
Raises:
HTTPError, if one occured.
"""
url = sso_server_url(viewname)
# Add required fields to the payload. These cannot/should not
# be set by the caller (will be overwritten if set).
payload['iss'] = settings.SSO_KEY
payload['exp'] = datetime.datetime.utcnow() + JWT_EXPIRATION
# Sign the message.
signed_message = jwt.encode(
payload,
settings.SSO_SECRET,
algorithm=settings.SSO_JWT_ALGORITHM,
)
# Send the key along with the signed message. This is a
# peculiarity of the SSO server: the signed message
# already contains the key.
r = requests.post(
url, data={
'message': signed_message,
'key': settings.SSO_KEY,
}
)
# Check that the request is succesful.
r.raise_for_status()
# Return the decoded JSON response.
return r.json()
def get(self, request, *args, **kwargs):
next = get_next(request)
request.session['sso_after_login_next'] = next
payload = {
# JWT standard items.
'iss': settings.SSO_KEY,
'exp': datetime.datetime.utcnow() + JWT_EXPIRATION,
# Our items.
'login_success_url': abs_reverse(
request, 'lizard_auth_client.sso_local_login'),
}
if request.GET.get('attempt_login_only', 'false').lower() == 'true':
# We don't force the user to log in. To signal that, we pass our
# 'the user is not logged in' url, too.
payload['unauthenticated_is_ok_url'] = abs_reverse(
request,
'lizard_auth_client.sso_local_not_logged_in')
signed_message = jwt.encode(payload, settings.SSO_SECRET,
algorithm=settings.SSO_JWT_ALGORITHM)
query_string = urlencode({
'message': signed_message,
'key': settings.SSO_KEY
})
# Build an absolute URL pointing to the SSO server out of it.
url = sso_server_url('login')
url_with_params = '%s?%s' % (url, query_string)
return HttpResponseRedirect(url_with_params)
