feat: tpa automatic logout with a single redirect

(cherry picked from commit b42f6b8875080e263eec9e24913292e3414b88ce)
open-craft · May 7, 2024 · 4be6f70 · 4be6f70
1 parent 184d9b8
commit 4be6f70
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 13 deletions.
diff --git a/openedx/core/djangoapps/user_authn/views/logout.py b/openedx/core/djangoapps/user_authn/views/logout.py
@@ -8,7 +8,6 @@
 import bleach
 from django.conf import settings
 from django.contrib.auth import logout
-from django.shortcuts import redirect
 from django.utils.http import urlencode
 from django.views.generic import TemplateView
 from oauth2_provider.models import Application
@@ -47,7 +46,13 @@ def target(self):
         If a redirect_url is specified in the querystring for this request, and the value is a safe
         url for redirect, the view will redirect to this page after rendering the template.
         If it is not specified, we will use the default target url.
+        Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
+        tpa_logout_url is configured.
         """
+
+        if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url:
+            return self.tpa_logout_url
+
         target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next')
 
         #  Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting
@@ -85,16 +90,6 @@ def dispatch(self, request, *args, **kwargs):
 
         mark_user_change_as_expected(None)
 
-        # Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
-        # tpa_logout_url is configured.
-        #
-        # NOTE: This step skips rendering logout.html, which is used to log the user out from the
-        # different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect
-        # back to <LMS>/logout after logging out of the TPA.
-        if settings.TPA_AUTOMATIC_LOGOUT_ENABLED:
-            if self.tpa_logout_url:
-                return redirect(self.tpa_logout_url)
-
         return response
 
     def _build_logout_url(self, url):

diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py
@@ -211,8 +211,10 @@ def test_automatic_tpa_logout_url_redirect(self):
             mock_idp_logout_url.return_value = idp_logout_url
             self._authenticate_with_oauth(client)
             response = self.client.get(reverse('logout'))
-            assert response.status_code == 302
-            assert response.url == idp_logout_url
+            expected = {
+                'target': idp_logout_url,
+            }
+            self.assertDictContainsSubset(expected, response.context_data)
 
     @mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True)
     def test_no_automatic_tpa_logout_without_logout_url(self):