def test_delete_and_is_logged_in_cookie_set(self):
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
self._copy_cookies_to_request(response, self.request)
self.assertTrue(cookies_api.is_logged_in_cookie_set(self.request))
cookies_api.delete_logged_in_cookies(response)
self._copy_cookies_to_request(response, self.request)
self.assertFalse(cookies_api.is_logged_in_cookie_set(self.request))
def test_delete_and_are_logged_in_cookies_set(self):
setup_login_oauth_client()
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
self._copy_cookies_to_request(response, self.request)
self.assertTrue(cookies_api.are_logged_in_cookies_set(self.request))
cookies_api.delete_logged_in_cookies(response)
self._copy_cookies_to_request(response, self.request)
self.assertFalse(cookies_api.are_logged_in_cookies_set(self.request))
def test_delete_and_are_logged_in_cookies_set(self):
setup_login_oauth_client()
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
self._copy_cookies_to_request(response, self.request)
self.assertTrue(cookies_api.are_logged_in_cookies_set(self.request))
cookies_api.delete_logged_in_cookies(response)
self._copy_cookies_to_request(response, self.request)
self.assertFalse(cookies_api.are_logged_in_cookies_set(self.request))
def test_delete_and_is_logged_in_cookie_set(self):
response = cookies_api.set_logged_in_cookies(self.request,
HttpResponse(), self.user)
self._copy_cookies_to_request(response, self.request)
self.assertTrue(cookies_api.is_logged_in_cookie_set(self.request))
cookies_api.delete_logged_in_cookies(response)
self._copy_cookies_to_request(response, self.request)
self.assertFalse(cookies_api.is_logged_in_cookie_set(self.request))
def dispatch(self, request, *args, **kwargs):
# We do not log here, because we have a handler registered to perform logging on successful logouts.
request.is_from_logout = True
# Get the list of authorized clients before we clear the session.
self.oauth_client_ids = request.session.get(
edx_oauth2_provider.constants.AUTHORIZED_CLIENTS_SESSION_KEY, [])
logout(request)
response = super(LogoutView, self).dispatch(request, *args, **kwargs)
# Clear the cookie used by the edx.org marketing site
delete_logged_in_cookies(response)
return response
def dispatch(self, request, *args, **kwargs):
# We do not log here, because we have a handler registered to perform logging on successful logouts.
request.is_from_logout = True
# Get third party auth provider's logout url
self.tpa_logout_url = tpa_pipeline.get_idp_logout_url_from_running_pipeline(
request)
logout(request)
response = super().dispatch(request, *args, **kwargs)
# Clear the cookie used by the edx.org marketing site
delete_logged_in_cookies(response)
return response
def _delete_cookie(request, response):
"""
Delete session cookie, as well as related login cookies.
"""
response.delete_cookie(
settings.SESSION_COOKIE_NAME,
path='/',
domain=settings.SESSION_COOKIE_DOMAIN,
)
# Keep JWT cookies and others in sync with session cookie
# (meaning, in this case, delete them too).
delete_logged_in_cookies(response)
# Note, there is no request.user attribute at this point.
if hasattr(request, 'session') and hasattr(request.session, 'session_key'):
log.warning("SafeCookieData deleted session cookie for session %s",
request.session.session_key)
def dispatch(self, request, *args, **kwargs):
# We do not log here, because we have a handler registered to perform logging on successful logouts.
request.is_from_logout = True
# Get the list of authorized clients before we clear the session.
self.oauth_client_ids = request.session.get(edx_oauth2_provider.constants.AUTHORIZED_CLIENTS_SESSION_KEY, [])
logout(request)
# If we are using studio logout directly and there is not OIDC logouts we can just redirect the user
if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False) and not self.oauth_client_ids:
response = redirect(self.target)
else:
response = super(LogoutView, self).dispatch(request, *args, **kwargs)
# Clear the cookie used by the edx.org marketing site
delete_logged_in_cookies(response)
return response
def dispatch(self, request, *args, **kwargs):
# We do not log here, because we have a handler registered to perform logging on successful logouts.
request.is_from_logout = True
# Get the list of authorized clients before we clear the session.
self.oauth_client_ids = request.session.get(edx_oauth2_provider.constants.AUTHORIZED_CLIENTS_SESSION_KEY, [])
logout(request)
# If we are using studio logout directly and there is not OIDC logouts we can just redirect the user
if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False) and not self.oauth_client_ids:
response = redirect(self.target)
else:
response = super(LogoutView, self).dispatch(request, *args, **kwargs)
# Clear the cookie used by the edx.org marketing site
delete_logged_in_cookies(response)
return response
def test_delete_and_are_logged_in_cookies_set(self, jwt_cookies_disabled,
jwk_is_set):
jwt_private_signing_jwk = settings.JWT_AUTH[
'JWT_PRIVATE_SIGNING_JWK'] if jwk_is_set else None
with patch.dict(
"django.conf.settings.FEATURES",
{"DISABLE_SET_JWT_COOKIES_FOR_TESTS": jwt_cookies_disabled}):
with patch.dict(
"django.conf.settings.JWT_AUTH",
{"JWT_PRIVATE_SIGNING_JWK": jwt_private_signing_jwk}):
setup_login_oauth_client()
response = cookies_api.set_logged_in_cookies(
self.request, HttpResponse(), self.user)
self._copy_cookies_to_request(response, self.request)
self.assertTrue(
cookies_api.are_logged_in_cookies_set(self.request))
cookies_api.delete_logged_in_cookies(response)
self._copy_cookies_to_request(response, self.request)
self.assertFalse(
cookies_api.are_logged_in_cookies_set(self.request))
