Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: tpa automatic logout with a single redirect #655

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 6 additions & 11 deletions openedx/core/djangoapps/user_authn/views/logout.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
import bleach
from django.conf import settings
from django.contrib.auth import logout
from django.shortcuts import redirect
from django.utils.http import urlencode
from django.views.generic import TemplateView
from oauth2_provider.models import Application
Expand Down Expand Up @@ -47,7 +46,13 @@ def target(self):
If a redirect_url is specified in the querystring for this request, and the value is a safe
url for redirect, the view will redirect to this page after rendering the template.
If it is not specified, we will use the default target url.
Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
tpa_logout_url is configured.
"""

if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url:
return self.tpa_logout_url

target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next')

# Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting
Expand Down Expand Up @@ -85,16 +90,6 @@ def dispatch(self, request, *args, **kwargs):

mark_user_change_as_expected(None)

# Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
# tpa_logout_url is configured.
#
# NOTE: This step skips rendering logout.html, which is used to log the user out from the
# different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect
# back to <LMS>/logout after logging out of the TPA.
if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False):
if self.tpa_logout_url:
return redirect(self.tpa_logout_url)

return response

def _build_logout_url(self, url):
Expand Down
6 changes: 4 additions & 2 deletions openedx/core/djangoapps/user_authn/views/tests/test_logout.py
Original file line number Diff line number Diff line change
Expand Up @@ -211,8 +211,10 @@ def test_automatic_tpa_logout_url_redirect(self):
mock_idp_logout_url.return_value = idp_logout_url
self._authenticate_with_oauth(client)
response = self.client.get(reverse('logout'))
assert response.status_code == 302
assert response.url == idp_logout_url
expected = {
'target': idp_logout_url,
}
self.assertDictContainsSubset(expected, response.context_data)

@mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True)
def test_no_automatic_tpa_logout_without_logout_url(self):
Expand Down
Loading