From 9f9b30b2ec63604c04f776c391dd1e35931da422 Mon Sep 17 00:00:00 2001 From: vincent porte Date: Tue, 17 Oct 2023 16:16:58 +0200 Subject: [PATCH 1/2] (inclusion_connect) make logout compliant with new django Inclusion Connect --- .../inclusion_connect/tests/tests_views.py | 20 +++++++------------ lacommunaute/inclusion_connect/views.py | 14 +++---------- 2 files changed, 10 insertions(+), 24 deletions(-) diff --git a/lacommunaute/inclusion_connect/tests/tests_views.py b/lacommunaute/inclusion_connect/tests/tests_views.py index 8e84a2bd8..e82c9dc2b 100644 --- a/lacommunaute/inclusion_connect/tests/tests_views.py +++ b/lacommunaute/inclusion_connect/tests/tests_views.py @@ -189,21 +189,15 @@ def test_normal_signin(self): class InclusionConnectLogoutTest(InclusionConnectBaseTestCase): @respx.mock - def test_simple_logout(self): + def test_logout_with_redirection(self): mock_oauth_dance(self) + params = { + "id_token_hint": 123456, + "post_logout_redirect_uri": f'http://testserver{reverse("pages:home")}', + } + expected_redirection = f"{constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT}?{urlencode(params)}" respx.get(constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT).respond(200) logout_url = reverse("inclusion_connect:logout") response = self.client.get(logout_url) - self.assertRedirects(response, reverse("pages:home")) self.assertFalse(auth.get_user(self.client).is_authenticated) - - @respx.mock - def test_logout_with_redirection(self): - mock_oauth_dance(self) - expected_redirection = reverse("pages:home") - respx.get(constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT).respond(200) - - params = {"redirect_url": expected_redirection} - logout_url = f"{reverse('inclusion_connect:logout')}?{urlencode(params)}" - response = self.client.get(logout_url) - self.assertRedirects(response, expected_redirection) + self.assertRedirects(response, expected_redirection, fetch_redirect_response=False) diff --git a/lacommunaute/inclusion_connect/views.py b/lacommunaute/inclusion_connect/views.py index 2064b4fc9..70e62e763 100644 --- a/lacommunaute/inclusion_connect/views.py +++ b/lacommunaute/inclusion_connect/views.py @@ -151,8 +151,7 @@ def inclusion_connect_callback(request): # pylint: disable=too-many-return-stat def inclusion_connect_logout(request): token = request.GET.get("token") - state = request.GET.get("state") - post_logout_redirect_url = request.GET.get("redirect_url", reverse("pages:home")) + post_logout_redirect_uri = request.GET.get("redirect_url", reverse("pages:home")) # Fallback on session data. if not token: @@ -160,20 +159,13 @@ def inclusion_connect_logout(request): if not ic_session: raise KeyError("Missing session key.") token = ic_session["token"] - state = ic_session["state"] params = { "id_token_hint": token, - "state": state, + "post_logout_redirect_uri": request.build_absolute_uri(post_logout_redirect_uri), } complete_url = f"{constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT}?{urlencode(params)}" - # Logout user from IC with HTTPX to benefit from respx in tests - # and to handle post logout redirection more easily. - response = httpx.get(complete_url) - if response.status_code != 200: - logger.error("Error during IC logout. Status code: %s", response.status_code) - # Logout user from Django logout(request) - return HttpResponseRedirect(post_logout_redirect_url) + return HttpResponseRedirect(complete_url) From 5f9058c4eb7ee8847cf1e8b1c19e0d7e49a1e852 Mon Sep 17 00:00:00 2001 From: vincent porte Date: Tue, 17 Oct 2023 16:17:39 +0200 Subject: [PATCH 2/2] =?UTF-8?q?(inclusion=5Fconnect)=20set=20IC=C2=A0clien?= =?UTF-8?q?t=20secret=20to=20default=20Inclusion=20Connect=20value?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.template b/.env.template index 986476aa7..a32ace438 100644 --- a/.env.template +++ b/.env.template @@ -25,7 +25,7 @@ SIB_API_KEY=__key_to_be_set__ # for Inclusion Connect INCLUSION_CONNECT_BASE_URL=http://127.0.0.1:8080 INCLUSION_CONNECT_CLIENT_ID=local_inclusion_connect -INCLUSION_CONNECT_CLIENT_SECRET=__key_to_be_set__ +INCLUSION_CONNECT_CLIENT_SECRET=password # Path to the itou-backup project repository. PATH_TO_BACKUPS=~/path/to/backups