def get(self, request, *args, **kwargs): # store the 'next' parameter in the session so we can # redirect the user afterwards next = get_next(request) request.session['sso_after_logout_next'] = next payload = { # JWT standard items. 'iss': settings.SSO_KEY, 'exp': datetime.datetime.utcnow() + JWT_EXPIRATION, # Our items. 'logout_url': abs_reverse( request, 'lizard_auth_client.sso_local_logout'), } signed_message = jwt.encode(payload, settings.SSO_SECRET, algorithm=settings.SSO_JWT_ALGORITHM) query_string = urlencode({ 'message': signed_message, 'key': settings.SSO_KEY }) url = sso_server_url('logout') url = '%s?%s' % (url, query_string) # send the redirect response return HttpResponseRedirect(url)
def _sso_post(viewname, payload): """Send a payload to the named URL at the SSO server. Args: viewname (str): The name of the URL (a bit like Django's reverse). See https://sso.lizard.net/api2/. payload (dict): A Python dictionary with key-value pairs to send. Returns: dict: The decoded JSON response. Raises: HTTPError, if one occured. """ url = sso_server_url(viewname) # Add required fields to the payload. These cannot/should not # be set by the caller (will be overwritten if set). payload['iss'] = settings.SSO_KEY payload['exp'] = datetime.datetime.utcnow() + JWT_EXPIRATION # Sign the message. signed_message = jwt.encode( payload, settings.SSO_SECRET, algorithm=settings.SSO_JWT_ALGORITHM, ) # Send the key along with the signed message. This is a # peculiarity of the SSO server: the signed message # already contains the key. r = requests.post( url, data={ 'message': signed_message, 'key': settings.SSO_KEY, } ) # Check that the request is succesful. r.raise_for_status() # Return the decoded JSON response. return r.json()
def get(self, request, *args, **kwargs): next = get_next(request) request.session['sso_after_login_next'] = next payload = { # JWT standard items. 'iss': settings.SSO_KEY, 'exp': datetime.datetime.utcnow() + JWT_EXPIRATION, # Our items. 'login_success_url': abs_reverse( request, 'lizard_auth_client.sso_local_login'), } if request.GET.get('attempt_login_only', 'false').lower() == 'true': # We don't force the user to log in. To signal that, we pass our # 'the user is not logged in' url, too. payload['unauthenticated_is_ok_url'] = abs_reverse( request, 'lizard_auth_client.sso_local_not_logged_in') signed_message = jwt.encode(payload, settings.SSO_SECRET, algorithm=settings.SSO_JWT_ALGORITHM) query_string = urlencode({ 'message': signed_message, 'key': settings.SSO_KEY }) # Build an absolute URL pointing to the SSO server out of it. url = sso_server_url('login') url_with_params = '%s?%s' % (url, query_string) return HttpResponseRedirect(url_with_params)