Commit 86f454a0 authored by Lukas Burgey's avatar Lukas Burgey

Fix logout

Closes #14
parent c947ca09
......@@ -6,8 +6,8 @@ from .views import webpage, clients
URLPATTERNS = [
url(r'^info', webpage.AuthInfo.as_view()),
url(r'^request', webpage.Auth.as_view()),
url(r'^callback', webpage.AuthCallback.as_view()),
url(r'^request', webpage.Auth.as_view(), name='login'),
url(r'^callback', webpage.AuthCallback.as_view(), name='callback'),
url(r'^logout', webpage.LogoutView.as_view()),
url(r'^client/user', csrf_exempt(clients.user_endpoint)),
......
......@@ -12,12 +12,10 @@ from oic.oic.message import AuthorizationResponse
from oic.oauth2.exception import HttpError
from rest_framework import generics, views
from rest_framework.permissions import AllowAny
from rest_framework.response import Response
from .. import utils
from ..models import OIDCConfig, default_idp
from ..models.serializers import AuthInfoSerializer
from ....views.webpage import state_view_data
LOGGER = logging.getLogger(__name__)
......@@ -90,6 +88,9 @@ class AuthCallback(View):
def get(self, request):
try:
state = utils.get_session(request, 'state', None)
if state is None:
return redirect('login')
idp_id = utils.get_session(request, 'idp_id', None)
if idp_id is None:
LOGGER.error("Session for %s does not contain an idp_id. Hence we don't now which idp authenticated the user", state)
......@@ -164,10 +165,12 @@ class AuthCallback(View):
class LogoutView(views.APIView):
permission_classes = (AllowAny,)
def post(self, request):
LOGGER.info('Logging out %s', request.user)
logout(request)
return Response(state_view_data(request))
return redirect('/')
class AuthInfo(generics.RetrieveAPIView):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment