Changeset 7474 for TI12-security/branches

Timestamp:

10/09/10 16:46:22 (10 years ago)

Author:

pjkersha

Message:

Incomplete - task 13: OpenID Provider doesn't validate OpenID against username

• Include fix from trunk enabling a return to URL to be specified as a query argument to the logout action. This is useful in cases where HTTP_REFERER is not set in environ.

File:

• TI12-security/branches/ndg-security-1.5.x/ndg_security_server/ndg/security/server/wsgi/session.py (modified) (4 diffs)

TI12-security/branches/ndg-security-1.5.x/ndg_security_server/ndg/security/server/wsgi/session.py

@@ -14 +14 @@
 log = logging.getLogger(__name__)
 
+import urllib
+from paste.request import parse_querystring
+
 from ndg.security.server.wsgi import (NDGSecurityMiddlewareBase,
                                       NDGSecurityMiddlewareError)
@@ -83 +86 @@
     SIGNOUT_PATH_PARAMNAME = 'signoutPath'
     SESSION_KEY_PARAMNAME = 'sessionKey'
+    DEFAULT_LOGOUT_RETURN2URI_PARAMNAME = 'defaultLogoutReturnToURI'
     propertyDefaults = {
         SIGNOUT_PATH_PARAMNAME: None,
-        SESSION_KEY_PARAMNAME: 'beaker.session.ndg.security'
+        SESSION_KEY_PARAMNAME: 'beaker.session.ndg.security',
+        DEFAULT_LOGOUT_RETURN2URI_PARAMNAME: '/'
     }
     
     AUTH_TKT_SET_USER_ENVIRON_KEYNAME = 'paste.auth_tkt.set_user'
+    
+    LOGOUT_RETURN2URI_ARGNAME = 'ndg.security.logout.r'
+    LOGOUT_REDIRECT_STATUS_CODE = 302
     
     PARAM_PREFIX = 'sessionHandler.'
@@ -120 +128 @@
                 raise SessionHandlerMiddlewareConfigError(
                                         '"signoutPath" parameter is not set')
-            
+                
+        defaultLogoutReturnToURIParamName = prefix + \
+                                        cls.DEFAULT_LOGOUT_RETURN2URI_PARAMNAME
+        
+        self.__defaultLogoutReturnToURI = app_conf.get(
+                defaultLogoutReturnToURIParamName,
+                cls.propertyDefaults[cls.DEFAULT_LOGOUT_RETURN2URI_PARAMNAME])
+                    
         super(SessionHandlerMiddleware, self).__init__(app,
                                                        global_conf,
@@ -178 +193 @@
             session.pop(keyName, None)
         session.save()
-        
-        referrer = environ.get('HTTP_REFERER')
-        if referrer is not None:
-            def _start_response(status, header, exc_info=None):
-                """Alter the header to send a redirect to the logout
-                referrer address"""
-                filteredHeader = [(field, val) for field, val in header 
-                                  if field.lower() != 'location']        
-                filteredHeader.extend([('Location', referrer)])
-                return start_response(self.getStatusMessage(302), 
-                                      filteredHeader,
-                                      exc_info)
-                
-            return _start_response        
+               
+        if self.__class__.LOGOUT_RETURN2URI_ARGNAME in environ['QUERY_STRING']:
+            params = dict(parse_querystring(environ))
+        
+            # Store the return URI query argument in a beaker session
+            quotedReferrer = params.get(
+                                self.__class__.LOGOUT_RETURN2URI_ARGNAME, '')
+            referrer = urllib.unquote(quotedReferrer)
+            
+            log.debug('Set redirect URI following logout based on %r URI query '
+                      'string = %r', 
+                      self.__class__.LOGOUT_RETURN2URI_ARGNAME,
+                      referrer)
         else:
-            log.error('No referrer set for redirect following logout')
-            return start_response
+            referrer = environ.get('HTTP_REFERER')
+            if referrer is None:
+                log.warning('No HTTP return to URI set for redirect following '
+                            'logout, either via the return to query string %r '
+                            'or the "HTTP_REFERER" environment variable: '
+                            'redirecting based on the %r config file option = '
+                            '%r', 
+                            self.__class__.LOGOUT_RETURN2URI_ARGNAME,
+                            self.__class__.DEFAULT_LOGOUT_RETURN2URI_PARAMNAME,
+                            self.__defaultLogoutReturnToURI)
+                
+                referrer = self.__defaultLogoutReturnToURI
+            else:
+                log.debug('Set redirect URI following logout based on '
+                          '"HTTP_REFERER" environment variable = %r',
+                          referrer)
+                
+        def _start_response(status, header, exc_info=None):
+            """Alter the header to send a redirect to the logout referrer 
+            address"""
+            
+            # Filter out any existing location field setting
+            filteredHeader = [(field, val) for field, val in header 
+                              if field.lower() != 'location']  
+            
+            # Add redirect destination to new location field setting      
+            filteredHeader.extend([('Location', referrer)])
+            
+            statusMsg = self.getStatusMessage(
+                                    self.__class__.LOGOUT_REDIRECT_STATUS_CODE)
+            
+            return start_response(statusMsg, filteredHeader, exc_info)
+                
+        return _start_response
         
     def _setSession(self, environ, session):