From 622d891a5b036f416c270e1a1665991f1357cc87 Mon Sep 17 00:00:00 2001 From: Moncef Abboud Date: Tue, 16 Apr 2024 17:04:12 +0200 Subject: [PATCH] feat: tpa automatic logout with a single redirect (cherry picked from commit e8c942c77d46a5e5c4b7afc5904c130897cdffe2) --- .../core/djangoapps/user_authn/views/logout.py | 17 ++++++----------- .../user_authn/views/tests/test_logout.py | 6 ++++-- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/openedx/core/djangoapps/user_authn/views/logout.py b/openedx/core/djangoapps/user_authn/views/logout.py index 13301f5e3bb1..0e67857d91f1 100644 --- a/openedx/core/djangoapps/user_authn/views/logout.py +++ b/openedx/core/djangoapps/user_authn/views/logout.py @@ -8,7 +8,6 @@ import bleach from django.conf import settings from django.contrib.auth import logout -from django.shortcuts import redirect from django.utils.http import urlencode from django.views.generic import TemplateView from oauth2_provider.models import Application @@ -47,7 +46,13 @@ def target(self): If a redirect_url is specified in the querystring for this request, and the value is a safe url for redirect, the view will redirect to this page after rendering the template. If it is not specified, we will use the default target url. + Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if + tpa_logout_url is configured. """ + + if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url: + return self.tpa_logout_url + target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next') # Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting @@ -85,16 +90,6 @@ def dispatch(self, request, *args, **kwargs): mark_user_change_as_expected(None) - # Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if - # tpa_logout_url is configured. - # - # NOTE: This step skips rendering logout.html, which is used to log the user out from the - # different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect - # back to /logout after logging out of the TPA. - if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False): - if self.tpa_logout_url: - return redirect(self.tpa_logout_url) - return response def _build_logout_url(self, url): diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py index 7d10fe1021ef..5de084d108e6 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py @@ -211,8 +211,10 @@ def test_automatic_tpa_logout_url_redirect(self): mock_idp_logout_url.return_value = idp_logout_url self._authenticate_with_oauth(client) response = self.client.get(reverse('logout')) - assert response.status_code == 302 - assert response.url == idp_logout_url + expected = { + 'target': idp_logout_url, + } + self.assertDictContainsSubset(expected, response.context_data) @mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True) def test_no_automatic_tpa_logout_without_logout_url(self):