def test_delete_and_is_logged_in_cookie_set(self): response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue(cookies_api.is_logged_in_cookie_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse(cookies_api.is_logged_in_cookie_set(self.request))
def test_delete_and_are_logged_in_cookies_set(self): setup_login_oauth_client() response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue(cookies_api.are_logged_in_cookies_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse(cookies_api.are_logged_in_cookies_set(self.request))
def dispatch(self, request, *args, **kwargs): # We do not log here, because we have a handler registered to perform logging on successful logouts. request.is_from_logout = True # Get the list of authorized clients before we clear the session. self.oauth_client_ids = request.session.get( edx_oauth2_provider.constants.AUTHORIZED_CLIENTS_SESSION_KEY, []) logout(request) response = super(LogoutView, self).dispatch(request, *args, **kwargs) # Clear the cookie used by the edx.org marketing site delete_logged_in_cookies(response) return response
def dispatch(self, request, *args, **kwargs): # We do not log here, because we have a handler registered to perform logging on successful logouts. request.is_from_logout = True # Get third party auth provider's logout url self.tpa_logout_url = tpa_pipeline.get_idp_logout_url_from_running_pipeline( request) logout(request) response = super().dispatch(request, *args, **kwargs) # Clear the cookie used by the edx.org marketing site delete_logged_in_cookies(response) return response
def _delete_cookie(request, response): """ Delete session cookie, as well as related login cookies. """ response.delete_cookie( settings.SESSION_COOKIE_NAME, path='/', domain=settings.SESSION_COOKIE_DOMAIN, ) # Keep JWT cookies and others in sync with session cookie # (meaning, in this case, delete them too). delete_logged_in_cookies(response) # Note, there is no request.user attribute at this point. if hasattr(request, 'session') and hasattr(request.session, 'session_key'): log.warning("SafeCookieData deleted session cookie for session %s", request.session.session_key)
def dispatch(self, request, *args, **kwargs): # We do not log here, because we have a handler registered to perform logging on successful logouts. request.is_from_logout = True # Get the list of authorized clients before we clear the session. self.oauth_client_ids = request.session.get(edx_oauth2_provider.constants.AUTHORIZED_CLIENTS_SESSION_KEY, []) logout(request) # If we are using studio logout directly and there is not OIDC logouts we can just redirect the user if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False) and not self.oauth_client_ids: response = redirect(self.target) else: response = super(LogoutView, self).dispatch(request, *args, **kwargs) # Clear the cookie used by the edx.org marketing site delete_logged_in_cookies(response) return response
def test_delete_and_are_logged_in_cookies_set(self, jwt_cookies_disabled, jwk_is_set): jwt_private_signing_jwk = settings.JWT_AUTH[ 'JWT_PRIVATE_SIGNING_JWK'] if jwk_is_set else None with patch.dict( "django.conf.settings.FEATURES", {"DISABLE_SET_JWT_COOKIES_FOR_TESTS": jwt_cookies_disabled}): with patch.dict( "django.conf.settings.JWT_AUTH", {"JWT_PRIVATE_SIGNING_JWK": jwt_private_signing_jwk}): setup_login_oauth_client() response = cookies_api.set_logged_in_cookies( self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue( cookies_api.are_logged_in_cookies_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse( cookies_api.are_logged_in_cookies_set(self.request))