CAS logout handling when misconfigured
This commit is contained in:
parent
1699febab8
commit
20407be7ee
@ -8,7 +8,7 @@ from urllib.error import URLError
|
|||||||
from urllib.request import urlopen
|
from urllib.request import urlopen
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
from flask import current_app
|
from flask import current_app, request
|
||||||
from xmltodict import parse
|
from xmltodict import parse
|
||||||
|
|
||||||
from .cas_urls import create_cas_login_url
|
from .cas_urls import create_cas_login_url
|
||||||
@ -86,23 +86,27 @@ def logout():
|
|||||||
flask.session.pop(cas_attributes_session_key, None)
|
flask.session.pop(cas_attributes_session_key, None)
|
||||||
flask.session.pop(cas_token_session_key, None) # added by EV
|
flask.session.pop(cas_token_session_key, None) # added by EV
|
||||||
flask.session.pop("CAS_EDT_ID", None) # added by EV
|
flask.session.pop("CAS_EDT_ID", None) # added by EV
|
||||||
|
|
||||||
cas_after_logout = current_app.config.get("CAS_AFTER_LOGOUT")
|
cas_after_logout = current_app.config.get("CAS_AFTER_LOGOUT")
|
||||||
if cas_after_logout:
|
cas_logout_route = current_app.config.get("CAS_LOGOUT_ROUTE")
|
||||||
# If config starts with http, use it as dest URL.
|
cas_server = current_app.config.get("CAS_SERVER")
|
||||||
# Else, build Flask URL
|
if cas_server:
|
||||||
dest_url = (
|
if cas_after_logout and cas_logout_route:
|
||||||
cas_after_logout
|
# If config starts with http, use it as dest URL.
|
||||||
if cas_after_logout.startswith("http")
|
# Else, build Flask URL
|
||||||
else flask.url_for(cas_after_logout, _external=True)
|
dest_url = (
|
||||||
)
|
cas_after_logout
|
||||||
redirect_url = create_cas_logout_url(
|
if cas_after_logout.startswith("http")
|
||||||
current_app.config["CAS_SERVER"],
|
else flask.url_for(cas_after_logout, _external=True)
|
||||||
current_app.config["CAS_LOGOUT_ROUTE"],
|
)
|
||||||
dest_url,
|
redirect_url = create_cas_logout_url(
|
||||||
)
|
cas_server,
|
||||||
|
cas_logout_route,
|
||||||
|
dest_url,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
redirect_url = create_cas_logout_url(cas_server, None)
|
||||||
else:
|
else:
|
||||||
redirect_url = create_cas_logout_url(current_app.config["CAS_SERVER"], None)
|
redirect_url = request.root_url
|
||||||
|
|
||||||
current_app.logger.debug(f"cas.logout: redirecting to {redirect_url}")
|
current_app.logger.debug(f"cas.logout: redirecting to {redirect_url}")
|
||||||
return flask.redirect(redirect_url)
|
return flask.redirect(redirect_url)
|
||||||
@ -134,10 +138,10 @@ def validate(ticket):
|
|||||||
ticket,
|
ticket,
|
||||||
)
|
)
|
||||||
|
|
||||||
current_app.logger.debug("Making GET request to {0}".format(cas_validate_url))
|
current_app.logger.debug(f"Making GET request to {cas_validate_url}")
|
||||||
|
|
||||||
xml_from_dict = {}
|
xml_from_dict = {}
|
||||||
isValid = False
|
is_valid = False
|
||||||
|
|
||||||
if current_app.config.get("CAS_SSL_VERIFY"):
|
if current_app.config.get("CAS_SSL_VERIFY"):
|
||||||
ssl_context = ssl.SSLContext()
|
ssl_context = ssl.SSLContext()
|
||||||
@ -161,7 +165,7 @@ def validate(ticket):
|
|||||||
.decode("utf8", "ignore")
|
.decode("utf8", "ignore")
|
||||||
)
|
)
|
||||||
xml_from_dict = parse(xmldump)
|
xml_from_dict = parse(xmldump)
|
||||||
isValid = (
|
is_valid = (
|
||||||
True
|
True
|
||||||
if "cas:authenticationSuccess" in xml_from_dict["cas:serviceResponse"]
|
if "cas:authenticationSuccess" in xml_from_dict["cas:serviceResponse"]
|
||||||
else False
|
else False
|
||||||
@ -176,7 +180,7 @@ def validate(ticket):
|
|||||||
"erreur connexion au serveur CAS: vérifiez le certificat SSL"
|
"erreur connexion au serveur CAS: vérifiez le certificat SSL"
|
||||||
)
|
)
|
||||||
|
|
||||||
if isValid:
|
if is_valid:
|
||||||
current_app.logger.debug("valid")
|
current_app.logger.debug("valid")
|
||||||
xml_from_dict = xml_from_dict["cas:serviceResponse"][
|
xml_from_dict = xml_from_dict["cas:serviceResponse"][
|
||||||
"cas:authenticationSuccess"
|
"cas:authenticationSuccess"
|
||||||
@ -207,4 +211,4 @@ def validate(ticket):
|
|||||||
else:
|
else:
|
||||||
current_app.logger.debug("invalid")
|
current_app.logger.debug("invalid")
|
||||||
|
|
||||||
return isValid
|
return is_valid
|
||||||
|
Loading…
Reference in New Issue
Block a user