From 97c79ffdb6fe50fe1bdc8205df12b2b2f3324ca4 Mon Sep 17 00:00:00 2001 From: Kaustav Banerjee Date: Tue, 21 May 2024 13:05:35 +0530 Subject: [PATCH] feat: tpa automatic logout with a single redirect (#657) (cherry picked from commit b42f6b8875080e263eec9e24913292e3414b88ce) Co-authored-by: Moncef Abboud --- .../core/djangoapps/user_authn/views/logout.py | 17 ++++++----------- .../user_authn/views/tests/test_logout.py | 6 ++++-- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/openedx/core/djangoapps/user_authn/views/logout.py b/openedx/core/djangoapps/user_authn/views/logout.py index 1fd9a3e47e8c..2b5cddb5ac72 100644 --- a/openedx/core/djangoapps/user_authn/views/logout.py +++ b/openedx/core/djangoapps/user_authn/views/logout.py @@ -8,7 +8,6 @@ import bleach from django.conf import settings from django.contrib.auth import logout -from django.shortcuts import redirect from django.utils.http import urlencode from django.views.generic import TemplateView from oauth2_provider.models import Application @@ -47,7 +46,13 @@ def target(self): If a redirect_url is specified in the querystring for this request, and the value is a safe url for redirect, the view will redirect to this page after rendering the template. If it is not specified, we will use the default target url. + Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if + tpa_logout_url is configured. """ + + if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url: + return self.tpa_logout_url + target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next') # Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting @@ -85,16 +90,6 @@ def dispatch(self, request, *args, **kwargs): mark_user_change_as_expected(None) - # Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if - # tpa_logout_url is configured. - # - # NOTE: This step skips rendering logout.html, which is used to log the user out from the - # different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect - # back to /logout after logging out of the TPA. - if settings.TPA_AUTOMATIC_LOGOUT_ENABLED: - if self.tpa_logout_url: - return redirect(self.tpa_logout_url) - return response def _build_logout_url(self, url): diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py index 7d10fe1021ef..5de084d108e6 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py @@ -211,8 +211,10 @@ def test_automatic_tpa_logout_url_redirect(self): mock_idp_logout_url.return_value = idp_logout_url self._authenticate_with_oauth(client) response = self.client.get(reverse('logout')) - assert response.status_code == 302 - assert response.url == idp_logout_url + expected = { + 'target': idp_logout_url, + } + self.assertDictContainsSubset(expected, response.context_data) @mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True) def test_no_automatic_tpa_logout_without_logout_url(self):