Skip to content

Commit

Permalink
feat: tpa automatic logout with a single redirect (#657)
Browse files Browse the repository at this point in the history
(cherry picked from commit b42f6b8875080e263eec9e24913292e3414b88ce)

Co-authored-by: Moncef Abboud <[email protected]>
  • Loading branch information
kaustavb12 and CefBoud authored May 21, 2024
1 parent cc6e48d commit 97c79ff
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 13 deletions.
17 changes: 6 additions & 11 deletions openedx/core/djangoapps/user_authn/views/logout.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
import bleach
from django.conf import settings
from django.contrib.auth import logout
from django.shortcuts import redirect
from django.utils.http import urlencode
from django.views.generic import TemplateView
from oauth2_provider.models import Application
Expand Down Expand Up @@ -47,7 +46,13 @@ def target(self):
If a redirect_url is specified in the querystring for this request, and the value is a safe
url for redirect, the view will redirect to this page after rendering the template.
If it is not specified, we will use the default target url.
Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
tpa_logout_url is configured.
"""

if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url:
return self.tpa_logout_url

target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next')

# Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting
Expand Down Expand Up @@ -85,16 +90,6 @@ def dispatch(self, request, *args, **kwargs):

mark_user_change_as_expected(None)

# Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
# tpa_logout_url is configured.
#
# NOTE: This step skips rendering logout.html, which is used to log the user out from the
# different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect
# back to <LMS>/logout after logging out of the TPA.
if settings.TPA_AUTOMATIC_LOGOUT_ENABLED:
if self.tpa_logout_url:
return redirect(self.tpa_logout_url)

return response

def _build_logout_url(self, url):
Expand Down
6 changes: 4 additions & 2 deletions openedx/core/djangoapps/user_authn/views/tests/test_logout.py
Original file line number Diff line number Diff line change
Expand Up @@ -211,8 +211,10 @@ def test_automatic_tpa_logout_url_redirect(self):
mock_idp_logout_url.return_value = idp_logout_url
self._authenticate_with_oauth(client)
response = self.client.get(reverse('logout'))
assert response.status_code == 302
assert response.url == idp_logout_url
expected = {
'target': idp_logout_url,
}
self.assertDictContainsSubset(expected, response.context_data)

@mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True)
def test_no_automatic_tpa_logout_without_logout_url(self):
Expand Down

0 comments on commit 97c79ff

Please sign in to comment.