def logout_view(request):
"""Log out view.
"""
defaults = {
'next_page': reverse(settings.LOGIN_REDIRECT_URL)
}
return auth_logout_view(request, **defaults)
def get(self, request):
if request.user.profile.is_participant():
url = request.user.profile.last_location_url()
return HttpResponseRedirect(url)
elif hasattr(settings, 'WIND_BASE'):
return wind_logout_view(request, next_page="/")
else:
return auth_logout_view(request, "/")
def logout(request, next_page=None):
if not "op" in request.session.keys():
return auth_logout_view(request, next_page)
client = CLIENTS[request.session["op"]]
# User is by default NOT redirected to the app - it stays on an OP page after logout.
# Here we determine if a redirection to the app was asked for and is possible.
if next_page is None and "next" in request.GET.keys():
next_page = request.GET['next']
if next_page is None and "next" in request.session.keys():
next_page = request.session['next']
extra_args = {}
if "post_logout_redirect_uris" in client.registration_response.keys() and len(
client.registration_response["post_logout_redirect_uris"]) > 0:
if next_page is not None:
# First attempt a direct redirection from OP to next_page
next_page_url = resolve_url(next_page)
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# It is not possible to directly redirect from the OP to the page that was asked for.
# We will try to use the redirection point - if the redirection point URL is registered that is.
next_page_url = resolve_url('openid_logout_cb')
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if
next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# Just take the first registered URL as a desperate attempt to come back to the application
extra_args["post_logout_redirect_uri"] = client.registration_response["post_logout_redirect_uris"][
0]
else:
# No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway
pass
# Redirect client to the OP logout page
try:
request_args = None
if 'id_token' in request.session.keys():
request_args = {'id_token': IdToken(**request.session['id_token'])}
res = client.do_end_session_request(state=request.session["state"],
extra_args=extra_args, request_args=request_args)
resp = HttpResponse(content_type=res.headers["content-type"], status=res.status_code, content=res._content)
for key, val in res.headers.items():
resp[key] = val
return resp
finally:
# Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come.
auth_logout(request)
if next_page:
request.session['next'] = next_page
def logout(request, next_page=None):
if not "op" in request.session.keys():
return auth_logout_view(request, next_page)
client = CLIENTS[request.session["op"]]
# User is by default NOT redirected to the app - it stays on an OP page after logout.
# Here we determine if a redirection to the app was asked for and is possible.
if next_page is None and "next" in request.GET.keys():
next_page = request.GET['next']
if next_page is None and "next" in request.session.keys():
next_page = request.session['next']
extra_args = {}
if "post_logout_redirect_uris" in client.registration_response.keys() and len(
client.registration_response["post_logout_redirect_uris"]) > 0:
if next_page is not None:
# First attempt a direct redirection from OP to next_page
next_page_url = resolve_url(next_page)
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# It is not possible to directly redirect from the OP to the page that was asked for.
# We will try to use the redirection point - if the redirection point URL is registered that is.
next_page_url = resolve_url('openid_logout_cb')
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if
next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# Just take the first registered URL as a desperate attempt to come back to the application
extra_args["post_logout_redirect_uri"] = client.registration_response["post_logout_redirect_uris"][
0]
else:
# No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway
pass
# Redirect client to the OP logout page
try:
request_args = None
if 'id_token' in request.session.keys():
request_args = {'id_token': IdToken(**request.session['id_token'])}
res = client.do_end_session_request(state=request.session["state"],
extra_args=extra_args, request_args=request_args)
resp = HttpResponse(content_type=res.headers["content-type"], status=res.status_code, content=res._content)
for key, val in res.headers.items():
resp[key] = val
return resp
finally:
# Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come.
auth_logout(request)
if next_page:
request.session['next'] = next_page
def logout(request, next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME):
was_wind_login = SESSION_KEY in request.session
django_logout(request)
statsd.incr('djangowind.logout')
if was_wind_login and hasattr(settings, 'WIND_BASE'):
return HttpResponseRedirect('%slogout' % settings.WIND_BASE)
elif was_wind_login and hasattr(settings, 'CAS_BASE'):
return HttpResponseRedirect('%scas/logout' % settings.CAS_BASE)
else:
return auth_logout_view(request, next_page, template_name,
redirect_field_name)
def logout(request, next_page=None, **kwargs):
# backend = request.session.get("_auth_user_backend", "").split(".")[-1]
# if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend":
# cas_logout(request, next_page, **kwargs)
# next_page = next_page or get_redirect_url(request)
# if settings.CAS_LOGOUT_COMPLETELY:
# protocol = get_protocol(request)
# host = request.get_host()
# redirect_url = urllib_parse.urlunparse(
# (protocol, host, next_page, "", "", "")
# )
# client = get_cas_client()
# client.server_url = settings.CAS_SERVER_URL[:-3]
# return HttpResponseRedirect(client.get_logout_url(redirect_url))
# else:
# # This is in most cases pointless if not CAS_RENEW is set. The user will
# # simply be logged in again on next request requiring authorization.
# return HttpResponseRedirect(next_page)
# else:
next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login"
return auth_logout_view(request, next_page=next_page, **kwargs)
def logout(request, next_page=None, **kwargs):
backend = request.session.get("_auth_user_backend", "").split(".")[-1]
if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend":
cas_logout(request, next_page, **kwargs)
next_page = next_page or get_redirect_url(request)
if settings.CAS_LOGOUT_COMPLETELY:
protocol = get_protocol(request)
host = request.get_host()
redirect_url = urllib_parse.urlunparse(
(protocol, host, next_page, "", "", "")
)
client = get_cas_client()
client.server_url = settings.CAS_SERVER_URL[:-3]
return HttpResponseRedirect(client.get_logout_url(redirect_url))
else:
# This is in most cases pointless if not CAS_RENEW is set. The user will
# simply be logged in again on next request requiring authorization.
return HttpResponseRedirect(next_page)
else:
next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login"
return auth_logout_view(request, next_page=next_page, **kwargs)
def logout(request, next_page=None):
if not "op" in request.session.keys():
return auth_logout_view(request, next_page)
client = CLIENTS[request.session["op"]]
# User is by default NOT redirected to the app - it stays on an OP page after logout.
# Here we determine if a redirection to the app was asked for and is possible.
if next_page is None and "next" in request.GET.keys():
next_page = request.GET['next']
if next_page is None and "next" in request.session.keys():
next_page = request.session['next']
extra_args = {}
if "post_logout_redirect_uris" in client.registration_response.keys(
) and len(client.registration_response["post_logout_redirect_uris"]) > 0:
if next_page is not None:
# First attempt a direct redirection from OP to next_page
next_page_url = resolve_url(next_page)
urls = [
url for url in
client.registration_response["post_logout_redirect_uris"]
if next_page_url in url
]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# It is not possible to directly redirect from the OP to the page that was asked for.
# We will try to use the redirection point - if the redirection point URL is registered that is.
next_page_url = resolve_url('openid_logout_cb')
urls = [
url for url in
client.registration_response["post_logout_redirect_uris"]
if next_page_url in url
]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# Just take the first registered URL as a desperate attempt to come back to the application
extra_args[
"post_logout_redirect_uri"] = client.registration_response[
"post_logout_redirect_uris"][0]
else:
# No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway
pass
# Redirect client to the OP logout page
try:
# DP HACK: Needed to get logout to actually logout from the OIDC Provider
# According to ODIC session spec (http://openid.net/specs/openid-connect-session-1_0.html#RPLogout)
# the user should be directed to the OIDC provider to logout after being
# logged out here.
request_args = {
'id_token_hint': request.session['access_token'],
'state': request.session['state'],
}
request_args.update(
extra_args) # should include the post_logout_redirect_uri
# id_token iss is the token issuer, the url of the issuing server
# the full url works for the BOSS OIDC Provider, not tested on any other provider
url = request.session['id_token'][
'iss'] + "/protocol/openid-connect/logout"
url += "?" + urlencode(request_args)
return HttpResponseRedirect(url)
# Looks like they are implementing back channel logout, without checking for
# support?
# http://openid.net/specs/openid-connect-backchannel-1_0.html#Backchannel
"""
request_args = None
if 'id_token' in request.session.keys():
request_args = {'id_token': IdToken(**request.session['id_token'])}
res = client.do_end_session_request(state=request.session["state"],
extra_args=extra_args, request_args=request_args)
content_type = res.headers.get("content-type", "text/html") # In case the logout response doesn't set content-type (Seen with Keycloak)
resp = HttpResponse(content_type=content_type, status=res.status_code, content=res._content)
for key, val in res.headers.items():
resp[key] = val
return resp
"""
finally:
# Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come.
auth_logout(request)
if next_page:
request.session['next'] = next_page
def logout(request):
messages.info(request, _('You have been logged out. We will miss you!'))
return auth_logout_view(request)
def hx_logout(request):
""" 登录完成后,马上跳转到主页 """
return auth_logout_view(request, next_page='/')
def logout(request, next_page=None):
if not "op" in request.session.keys():
return auth_logout_view(request, next_page)
client = CLIENTS[request.session["op"]]
# User is by default NOT redirected to the app - it stays on an OP page after logout.
# Here we determine if a redirection to the app was asked for and is possible.
if next_page is None and "next" in request.GET.keys():
next_page = request.GET['next']
if next_page is None and "next" in request.session.keys():
next_page = request.session['next']
extra_args = {}
if "post_logout_redirect_uris" in client.registration_response.keys() and len(
client.registration_response["post_logout_redirect_uris"]) > 0:
if next_page is not None:
# First attempt a direct redirection from OP to next_page
next_page_url = resolve_url(next_page)
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# It is not possible to directly redirect from the OP to the page that was asked for.
# We will try to use the redirection point - if the redirection point URL is registered that is.
next_page_url = resolve_url('openid_logout_cb')
urls = [url for url in client.registration_response["post_logout_redirect_uris"] if
next_page_url in url]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# Just take the first registered URL as a desperate attempt to come back to the application
extra_args["post_logout_redirect_uri"] = client.registration_response["post_logout_redirect_uris"][
0]
else:
# No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway
pass
# Redirect client to the OP logout page
try:
# DP HACK: Needed to get logout to actually logout from the OIDC Provider
# According to ODIC session spec (http://openid.net/specs/openid-connect-session-1_0.html#RPLogout)
# the user should be directed to the OIDC provider to logout after being
# logged out here.
request_args = {
'id_token_hint': request.session['access_token'],
'state': request.session['state'],
}
request_args.update(extra_args) # should include the post_logout_redirect_uri
# id_token iss is the token issuer, the url of the issuing server
# the full url works for the BOSS OIDC Provider, not tested on any other provider
url = request.session['id_token']['iss'] + "/protocol/openid-connect/logout"
url += "?" + urlencode(request_args)
return HttpResponseRedirect(url)
# Looks like they are implementing back channel logout, without checking for
# support?
# http://openid.net/specs/openid-connect-backchannel-1_0.html#Backchannel
"""
request_args = None
if 'id_token' in request.session.keys():
request_args = {'id_token': oic.oic.message.IdToken(**request.session['id_token'])}
res = client.do_end_session_request(state=request.session["state"],
extra_args=extra_args, request_args=request_args)
content_type = res.headers.get("content-type", "text/html") # In case the logout response doesn't set content-type (Seen with Keycloak)
resp = HttpResponse(content_type=content_type, status=res.status_code, content=res._content)
for key, val in res.headers.items():
resp[key] = val
return resp
"""
finally:
# Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come.
auth_logout(request)
if next_page:
request.session['next'] = next_page
def logout(request, next_page=None):
if not "op" in request.session.keys():
return auth_logout_view(request, next_page)
client = CLIENTS[request.session["op"]]
# User is by default NOT redirected to the app - it stays on an OP page after logout.
# Here we determine if a redirection to the app was asked for and is possible.
if next_page is None and "next" in request.GET.keys():
next_page = request.GET['next']
if next_page is None and "next" in request.session.keys():
next_page = request.session['next']
extra_args = {}
if "post_logout_redirect_uris" in client.registration_response.keys(
) and len(client.registration_response["post_logout_redirect_uris"]) > 0:
if next_page is not None:
# First attempt a direct redirection from OP to next_page
next_page_url = resolve_url(next_page)
urls = [
url for url in
client.registration_response["post_logout_redirect_uris"]
if next_page_url in url
]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# It is not possible to directly redirect from the OP to the page that was asked for.
# We will try to use the redirection point - if the redirection point URL is registered that is.
next_page_url = resolve_url('openid_logout_cb')
urls = [
url for url in
client.registration_response["post_logout_redirect_uris"]
if next_page_url in url
]
if len(urls) > 0:
extra_args["post_logout_redirect_uri"] = urls[0]
else:
# Just take the first registered URL as a desperate attempt to come back to the application
extra_args[
"post_logout_redirect_uri"] = client.registration_response[
"post_logout_redirect_uris"][0]
else:
# No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway
pass
# Redirect client to the OP logout page
try:
request_args = None
if 'id_token_raw' in request.session.keys():
logger.info('logout => found id_token_raw: %s' %
request.session['id_token_raw'])
request_args = {'id_token_hint': request.session['id_token_raw']}
res = client.do_end_session_request(state=request.session["state"],
extra_args=extra_args,
request_args=request_args)
logger.debug(
'******** do_end_session_request ********** status: %s, headers: %s'
% (str(res.status_code), str(res.headers)))
# a workaround to avoid an exception if 'content-type' header is absent
# (e.g. if the server is behind a reverse rpxoy)
if 'content-type' in res.headers:
content_type = res.headers['content-type']
else:
# TODO: what the default content-type should be?
content_type = 'text/plain'
resp = HttpResponse(content_type=content_type,
status=res.status_code,
content=res._content)
# Check for hop-by-hop headers to prevent WSGI application errors thrown later in the pipeline
for key, val in res.headers.items():
if is_hop_by_hop(key): continue
resp[key] = val
return resp
except:
# Handle the responses from the server that cannot be parsed by oic/oauth2 client, e.g. error responses
# the server generates if the session has expired
logger.debug('************ logout failed ***************: %s' %
sys.exc_info()[0])
resp = HttpResponse(content_type='text/plain', status=302)
resp['Location'] = '/'
return resp
finally:
# Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come.
auth_logout(request)
if next_page:
request.session['next'] = next_page
