def logout_view(request): """Log out view. """ defaults = { 'next_page': reverse(settings.LOGIN_REDIRECT_URL) } return auth_logout_view(request, **defaults)
def get(self, request): if request.user.profile.is_participant(): url = request.user.profile.last_location_url() return HttpResponseRedirect(url) elif hasattr(settings, 'WIND_BASE'): return wind_logout_view(request, next_page="/") else: return auth_logout_view(request, "/")
def logout(request, next_page=None): if not "op" in request.session.keys(): return auth_logout_view(request, next_page) client = CLIENTS[request.session["op"]] # User is by default NOT redirected to the app - it stays on an OP page after logout. # Here we determine if a redirection to the app was asked for and is possible. if next_page is None and "next" in request.GET.keys(): next_page = request.GET['next'] if next_page is None and "next" in request.session.keys(): next_page = request.session['next'] extra_args = {} if "post_logout_redirect_uris" in client.registration_response.keys() and len( client.registration_response["post_logout_redirect_uris"]) > 0: if next_page is not None: # First attempt a direct redirection from OP to next_page next_page_url = resolve_url(next_page) urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # It is not possible to directly redirect from the OP to the page that was asked for. # We will try to use the redirection point - if the redirection point URL is registered that is. next_page_url = resolve_url('openid_logout_cb') urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # Just take the first registered URL as a desperate attempt to come back to the application extra_args["post_logout_redirect_uri"] = client.registration_response["post_logout_redirect_uris"][ 0] else: # No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway pass # Redirect client to the OP logout page try: request_args = None if 'id_token' in request.session.keys(): request_args = {'id_token': IdToken(**request.session['id_token'])} res = client.do_end_session_request(state=request.session["state"], extra_args=extra_args, request_args=request_args) resp = HttpResponse(content_type=res.headers["content-type"], status=res.status_code, content=res._content) for key, val in res.headers.items(): resp[key] = val return resp finally: # Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come. auth_logout(request) if next_page: request.session['next'] = next_page
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): was_wind_login = SESSION_KEY in request.session django_logout(request) statsd.incr('djangowind.logout') if was_wind_login and hasattr(settings, 'WIND_BASE'): return HttpResponseRedirect('%slogout' % settings.WIND_BASE) elif was_wind_login and hasattr(settings, 'CAS_BASE'): return HttpResponseRedirect('%scas/logout' % settings.CAS_BASE) else: return auth_logout_view(request, next_page, template_name, redirect_field_name)
def logout(request, next_page=None, **kwargs): # backend = request.session.get("_auth_user_backend", "").split(".")[-1] # if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend": # cas_logout(request, next_page, **kwargs) # next_page = next_page or get_redirect_url(request) # if settings.CAS_LOGOUT_COMPLETELY: # protocol = get_protocol(request) # host = request.get_host() # redirect_url = urllib_parse.urlunparse( # (protocol, host, next_page, "", "", "") # ) # client = get_cas_client() # client.server_url = settings.CAS_SERVER_URL[:-3] # return HttpResponseRedirect(client.get_logout_url(redirect_url)) # else: # # This is in most cases pointless if not CAS_RENEW is set. The user will # # simply be logged in again on next request requiring authorization. # return HttpResponseRedirect(next_page) # else: next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login" return auth_logout_view(request, next_page=next_page, **kwargs)
def logout(request, next_page=None, **kwargs): backend = request.session.get("_auth_user_backend", "").split(".")[-1] if CONFIG.get("CAS_LOGIN") and backend == "IPAMCASBackend": cas_logout(request, next_page, **kwargs) next_page = next_page or get_redirect_url(request) if settings.CAS_LOGOUT_COMPLETELY: protocol = get_protocol(request) host = request.get_host() redirect_url = urllib_parse.urlunparse( (protocol, host, next_page, "", "", "") ) client = get_cas_client() client.server_url = settings.CAS_SERVER_URL[:-3] return HttpResponseRedirect(client.get_logout_url(redirect_url)) else: # This is in most cases pointless if not CAS_RENEW is set. The user will # simply be logged in again on next request requiring authorization. return HttpResponseRedirect(next_page) else: next_page = "internal_login" if CONFIG.get("CAS_LOGIN") else "login" return auth_logout_view(request, next_page=next_page, **kwargs)
def logout(request, next_page=None): if not "op" in request.session.keys(): return auth_logout_view(request, next_page) client = CLIENTS[request.session["op"]] # User is by default NOT redirected to the app - it stays on an OP page after logout. # Here we determine if a redirection to the app was asked for and is possible. if next_page is None and "next" in request.GET.keys(): next_page = request.GET['next'] if next_page is None and "next" in request.session.keys(): next_page = request.session['next'] extra_args = {} if "post_logout_redirect_uris" in client.registration_response.keys( ) and len(client.registration_response["post_logout_redirect_uris"]) > 0: if next_page is not None: # First attempt a direct redirection from OP to next_page next_page_url = resolve_url(next_page) urls = [ url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url ] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # It is not possible to directly redirect from the OP to the page that was asked for. # We will try to use the redirection point - if the redirection point URL is registered that is. next_page_url = resolve_url('openid_logout_cb') urls = [ url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url ] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # Just take the first registered URL as a desperate attempt to come back to the application extra_args[ "post_logout_redirect_uri"] = client.registration_response[ "post_logout_redirect_uris"][0] else: # No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway pass # Redirect client to the OP logout page try: # DP HACK: Needed to get logout to actually logout from the OIDC Provider # According to ODIC session spec (http://openid.net/specs/openid-connect-session-1_0.html#RPLogout) # the user should be directed to the OIDC provider to logout after being # logged out here. request_args = { 'id_token_hint': request.session['access_token'], 'state': request.session['state'], } request_args.update( extra_args) # should include the post_logout_redirect_uri # id_token iss is the token issuer, the url of the issuing server # the full url works for the BOSS OIDC Provider, not tested on any other provider url = request.session['id_token'][ 'iss'] + "/protocol/openid-connect/logout" url += "?" + urlencode(request_args) return HttpResponseRedirect(url) # Looks like they are implementing back channel logout, without checking for # support? # http://openid.net/specs/openid-connect-backchannel-1_0.html#Backchannel """ request_args = None if 'id_token' in request.session.keys(): request_args = {'id_token': IdToken(**request.session['id_token'])} res = client.do_end_session_request(state=request.session["state"], extra_args=extra_args, request_args=request_args) content_type = res.headers.get("content-type", "text/html") # In case the logout response doesn't set content-type (Seen with Keycloak) resp = HttpResponse(content_type=content_type, status=res.status_code, content=res._content) for key, val in res.headers.items(): resp[key] = val return resp """ finally: # Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come. auth_logout(request) if next_page: request.session['next'] = next_page
def logout(request): messages.info(request, _('You have been logged out. We will miss you!')) return auth_logout_view(request)
def hx_logout(request): """ 登录完成后,马上跳转到主页 """ return auth_logout_view(request, next_page='/')
def logout(request, next_page=None): if not "op" in request.session.keys(): return auth_logout_view(request, next_page) client = CLIENTS[request.session["op"]] # User is by default NOT redirected to the app - it stays on an OP page after logout. # Here we determine if a redirection to the app was asked for and is possible. if next_page is None and "next" in request.GET.keys(): next_page = request.GET['next'] if next_page is None and "next" in request.session.keys(): next_page = request.session['next'] extra_args = {} if "post_logout_redirect_uris" in client.registration_response.keys() and len( client.registration_response["post_logout_redirect_uris"]) > 0: if next_page is not None: # First attempt a direct redirection from OP to next_page next_page_url = resolve_url(next_page) urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # It is not possible to directly redirect from the OP to the page that was asked for. # We will try to use the redirection point - if the redirection point URL is registered that is. next_page_url = resolve_url('openid_logout_cb') urls = [url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # Just take the first registered URL as a desperate attempt to come back to the application extra_args["post_logout_redirect_uri"] = client.registration_response["post_logout_redirect_uris"][ 0] else: # No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway pass # Redirect client to the OP logout page try: # DP HACK: Needed to get logout to actually logout from the OIDC Provider # According to ODIC session spec (http://openid.net/specs/openid-connect-session-1_0.html#RPLogout) # the user should be directed to the OIDC provider to logout after being # logged out here. request_args = { 'id_token_hint': request.session['access_token'], 'state': request.session['state'], } request_args.update(extra_args) # should include the post_logout_redirect_uri # id_token iss is the token issuer, the url of the issuing server # the full url works for the BOSS OIDC Provider, not tested on any other provider url = request.session['id_token']['iss'] + "/protocol/openid-connect/logout" url += "?" + urlencode(request_args) return HttpResponseRedirect(url) # Looks like they are implementing back channel logout, without checking for # support? # http://openid.net/specs/openid-connect-backchannel-1_0.html#Backchannel """ request_args = None if 'id_token' in request.session.keys(): request_args = {'id_token': oic.oic.message.IdToken(**request.session['id_token'])} res = client.do_end_session_request(state=request.session["state"], extra_args=extra_args, request_args=request_args) content_type = res.headers.get("content-type", "text/html") # In case the logout response doesn't set content-type (Seen with Keycloak) resp = HttpResponse(content_type=content_type, status=res.status_code, content=res._content) for key, val in res.headers.items(): resp[key] = val return resp """ finally: # Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come. auth_logout(request) if next_page: request.session['next'] = next_page
def logout(request, next_page=None): if not "op" in request.session.keys(): return auth_logout_view(request, next_page) client = CLIENTS[request.session["op"]] # User is by default NOT redirected to the app - it stays on an OP page after logout. # Here we determine if a redirection to the app was asked for and is possible. if next_page is None and "next" in request.GET.keys(): next_page = request.GET['next'] if next_page is None and "next" in request.session.keys(): next_page = request.session['next'] extra_args = {} if "post_logout_redirect_uris" in client.registration_response.keys( ) and len(client.registration_response["post_logout_redirect_uris"]) > 0: if next_page is not None: # First attempt a direct redirection from OP to next_page next_page_url = resolve_url(next_page) urls = [ url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url ] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # It is not possible to directly redirect from the OP to the page that was asked for. # We will try to use the redirection point - if the redirection point URL is registered that is. next_page_url = resolve_url('openid_logout_cb') urls = [ url for url in client.registration_response["post_logout_redirect_uris"] if next_page_url in url ] if len(urls) > 0: extra_args["post_logout_redirect_uri"] = urls[0] else: # Just take the first registered URL as a desperate attempt to come back to the application extra_args[ "post_logout_redirect_uri"] = client.registration_response[ "post_logout_redirect_uris"][0] else: # No post_logout_redirect_uris registered at the OP - no redirection to the application is possible anyway pass # Redirect client to the OP logout page try: request_args = None if 'id_token_raw' in request.session.keys(): logger.info('logout => found id_token_raw: %s' % request.session['id_token_raw']) request_args = {'id_token_hint': request.session['id_token_raw']} res = client.do_end_session_request(state=request.session["state"], extra_args=extra_args, request_args=request_args) logger.debug( '******** do_end_session_request ********** status: %s, headers: %s' % (str(res.status_code), str(res.headers))) # a workaround to avoid an exception if 'content-type' header is absent # (e.g. if the server is behind a reverse rpxoy) if 'content-type' in res.headers: content_type = res.headers['content-type'] else: # TODO: what the default content-type should be? content_type = 'text/plain' resp = HttpResponse(content_type=content_type, status=res.status_code, content=res._content) # Check for hop-by-hop headers to prevent WSGI application errors thrown later in the pipeline for key, val in res.headers.items(): if is_hop_by_hop(key): continue resp[key] = val return resp except: # Handle the responses from the server that cannot be parsed by oic/oauth2 client, e.g. error responses # the server generates if the session has expired logger.debug('************ logout failed ***************: %s' % sys.exc_info()[0]) resp = HttpResponse(content_type='text/plain', status=302) resp['Location'] = '/' return resp finally: # Always remove Django session stuff - even if not logged out from OP. Don't wait for the callback as it may never come. auth_logout(request) if next_page: request.session['next'] = next_page