CAS logout handling when misconfigured

This commit is contained in:
Emmanuel Viennet 2023-12-17 12:45:32 +01:00
parent 1699febab8
commit 20407be7ee

View File

@ -8,7 +8,7 @@ from urllib.error import URLError
from urllib.request import urlopen from urllib.request import urlopen
import flask import flask
from flask import current_app from flask import current_app, request
from xmltodict import parse from xmltodict import parse
from .cas_urls import create_cas_login_url from .cas_urls import create_cas_login_url
@ -86,9 +86,11 @@ def logout():
flask.session.pop(cas_attributes_session_key, None) flask.session.pop(cas_attributes_session_key, None)
flask.session.pop(cas_token_session_key, None) # added by EV flask.session.pop(cas_token_session_key, None) # added by EV
flask.session.pop("CAS_EDT_ID", None) # added by EV flask.session.pop("CAS_EDT_ID", None) # added by EV
cas_after_logout = current_app.config.get("CAS_AFTER_LOGOUT") cas_after_logout = current_app.config.get("CAS_AFTER_LOGOUT")
if cas_after_logout: cas_logout_route = current_app.config.get("CAS_LOGOUT_ROUTE")
cas_server = current_app.config.get("CAS_SERVER")
if cas_server:
if cas_after_logout and cas_logout_route:
# If config starts with http, use it as dest URL. # If config starts with http, use it as dest URL.
# Else, build Flask URL # Else, build Flask URL
dest_url = ( dest_url = (
@ -97,12 +99,14 @@ def logout():
else flask.url_for(cas_after_logout, _external=True) else flask.url_for(cas_after_logout, _external=True)
) )
redirect_url = create_cas_logout_url( redirect_url = create_cas_logout_url(
current_app.config["CAS_SERVER"], cas_server,
current_app.config["CAS_LOGOUT_ROUTE"], cas_logout_route,
dest_url, dest_url,
) )
else: else:
redirect_url = create_cas_logout_url(current_app.config["CAS_SERVER"], None) redirect_url = create_cas_logout_url(cas_server, None)
else:
redirect_url = request.root_url
current_app.logger.debug(f"cas.logout: redirecting to {redirect_url}") current_app.logger.debug(f"cas.logout: redirecting to {redirect_url}")
return flask.redirect(redirect_url) return flask.redirect(redirect_url)
@ -134,10 +138,10 @@ def validate(ticket):
ticket, ticket,
) )
current_app.logger.debug("Making GET request to {0}".format(cas_validate_url)) current_app.logger.debug(f"Making GET request to {cas_validate_url}")
xml_from_dict = {} xml_from_dict = {}
isValid = False is_valid = False
if current_app.config.get("CAS_SSL_VERIFY"): if current_app.config.get("CAS_SSL_VERIFY"):
ssl_context = ssl.SSLContext() ssl_context = ssl.SSLContext()
@ -161,7 +165,7 @@ def validate(ticket):
.decode("utf8", "ignore") .decode("utf8", "ignore")
) )
xml_from_dict = parse(xmldump) xml_from_dict = parse(xmldump)
isValid = ( is_valid = (
True True
if "cas:authenticationSuccess" in xml_from_dict["cas:serviceResponse"] if "cas:authenticationSuccess" in xml_from_dict["cas:serviceResponse"]
else False else False
@ -176,7 +180,7 @@ def validate(ticket):
"erreur connexion au serveur CAS: vérifiez le certificat SSL" "erreur connexion au serveur CAS: vérifiez le certificat SSL"
) )
if isValid: if is_valid:
current_app.logger.debug("valid") current_app.logger.debug("valid")
xml_from_dict = xml_from_dict["cas:serviceResponse"][ xml_from_dict = xml_from_dict["cas:serviceResponse"][
"cas:authenticationSuccess" "cas:authenticationSuccess"
@ -207,4 +211,4 @@ def validate(ticket):
else: else:
current_app.logger.debug("invalid") current_app.logger.debug("invalid")
return isValid return is_valid