From 97ed1d97e66f40781f237f3c061e5cceb3b71642 Mon Sep 17 00:00:00 2001 From: Roger Steve Ruiz Date: Wed, 13 Jun 2018 13:38:12 -0400 Subject: [PATCH 1/3] Implement UAA client logout and Django logout --- tock/tock/settings/base.py | 1 + tock/tock/signals.py | 2 +- tock/tock/views.py | 18 +++++++++++++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/tock/tock/settings/base.py b/tock/tock/settings/base.py index 057f12e21..ba144d7d6 100644 --- a/tock/tock/settings/base.py +++ b/tock/tock/settings/base.py @@ -121,5 +121,6 @@ UAA_CLIENT_SECRET = env.get_credential('UAA_CLIENT_SECRET', None) UAA_AUTH_URL = 'https://login.fr.cloud.gov/oauth/authorize' UAA_TOKEN_URL = 'https://uaa.fr.cloud.gov/oauth/token' +UAA_LOGOUT_URL = 'https://login.fr.cloud.gov/logout.do' TOCK_CHANGE_REQUEST_FORM = 'https://docs.google.com/a/gsa.gov/forms/d/1EpVTxXgRNgYfoSA2J8Oi-csjhFKqFm5DT542vIlahpU/viewform?edit_requested=true' diff --git a/tock/tock/signals.py b/tock/tock/signals.py index 4e4ef7ea5..8ce95d69b 100644 --- a/tock/tock/signals.py +++ b/tock/tock/signals.py @@ -12,7 +12,7 @@ def successful_login(sender, request, user, **kwargs): def successful_logout(sender, request, user, **kwargs): - logger.info(f'Successful logout event for {user.username}.') + logger.info(f'Successful logout event for {user}.') def failed_login(sender, credentials, request, **kwargs): diff --git a/tock/tock/views.py b/tock/tock/views.py index 59f47e8ff..ef669f6e6 100644 --- a/tock/tock/views.py +++ b/tock/tock/views.py @@ -1,6 +1,8 @@ import logging +import urllib.parse -from django.shortcuts import render +from django.shortcuts import render, redirect +from django.conf import settings import django.contrib.auth logger = logging.getLogger('tock') @@ -18,8 +20,18 @@ def csrf_failure(request, reason=""): def logout(request): - django.contrib.auth.logout(request) - return render(request, 'logout.html') + if request.user.is_authenticated(): + django.contrib.auth.logout(request) + tock_logout_url = request.build_absolute_uri('logout') + params = urllib.parse.urlencode({ + 'redirect': tock_logout_url, + 'client_id': settings.UAA_CLIENT_ID, + }) + return redirect( + f'{settings.UAA_LOGOUT_URL}?{params}' + ) + else: + return render(request, 'logout.html') # TODO: new function signature for Django 2.0 From 30d43c325922fb355d1bec224c4bcd055196d018 Mon Sep 17 00:00:00 2001 From: Roger Steve Ruiz Date: Wed, 13 Jun 2018 13:54:41 -0400 Subject: [PATCH 2/3] Logout now causes a redirect to UAA --- tock/tock/tests/test_views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tock/tock/tests/test_views.py b/tock/tock/tests/test_views.py index 81a8da98b..a3d1063e7 100644 --- a/tock/tock/tests/test_views.py +++ b/tock/tock/tests/test_views.py @@ -8,5 +8,5 @@ def test_logout_logs_user_out(self): self.client.force_login(user) response = self.client.get('/logout') - self.assertEqual(response.status_code, 200) + self.assertEqual(response.status_code, 302) self.assertFalse(response.context['user'].is_authenticated()) From a555071488ae1de287010cbffad69e7f04f26277 Mon Sep 17 00:00:00 2001 From: Roger Steve Ruiz Date: Thu, 14 Jun 2018 08:58:32 -0400 Subject: [PATCH 3/3] Fix the borked test around new logout redirect --- tock/tock/tests/test_views.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tock/tock/tests/test_views.py b/tock/tock/tests/test_views.py index a3d1063e7..3ee5ccce9 100644 --- a/tock/tock/tests/test_views.py +++ b/tock/tock/tests/test_views.py @@ -1,3 +1,5 @@ +import urllib.parse +from django.conf import settings from django.test import TestCase from django.contrib.auth.models import User @@ -7,6 +9,18 @@ def test_logout_logs_user_out(self): user = User.objects.create_user(username='foo') self.client.force_login(user) + uaa_redirect_url = settings.UAA_LOGOUT_URL + uaa_redirect_url += '?' + uaa_redirect_url += urllib.parse.urlencode({ + 'redirect': 'http://testserver/logout', + 'client_id': settings.UAA_CLIENT_ID, + }) + + self.assertFalse(self.client.session.is_empty()) response = self.client.get('/logout') - self.assertEqual(response.status_code, 302) - self.assertFalse(response.context['user'].is_authenticated()) + self.assertRedirects( + response, + uaa_redirect_url, + fetch_redirect_response=False + ) + self.assertTrue(self.client.session.is_empty())