|
15 | 15 |
|
16 | 16 | import base64 |
17 | 17 | import logging |
| 18 | +from typing import Optional |
18 | 19 | from urllib.parse import quote |
19 | 20 |
|
20 | 21 | from django.conf import settings |
@@ -89,6 +90,18 @@ def _get_subject_id(session): |
89 | 90 | return None |
90 | 91 |
|
91 | 92 |
|
| 93 | +def _get_next_path(request: HttpRequest) -> Optional[str]: |
| 94 | + if "next" in request.GET: |
| 95 | + next_path = request.GET["next"] |
| 96 | + elif "RelayState" in request.GET: |
| 97 | + next_path = request.GET["RelayState"] |
| 98 | + else: |
| 99 | + return None |
| 100 | + |
| 101 | + next_path = validate_referral_url(request, next_path) |
| 102 | + return next_path |
| 103 | + |
| 104 | + |
92 | 105 | class SPConfigMixin: |
93 | 106 | """Mixin for some of the SAML views with re-usable methods.""" |
94 | 107 |
|
@@ -138,20 +151,6 @@ class LoginView(SPConfigMixin, View): |
138 | 151 | "djangosaml2/post_binding_form.html", |
139 | 152 | ) |
140 | 153 |
|
141 | | - def get_next_path(self, request: HttpRequest) -> str: |
142 | | - """Returns the path to put in the RelayState to redirect the user to after having logged in. |
143 | | - If the user is already logged in (and if allowed), he will redirect to there immediately. |
144 | | - """ |
145 | | - |
146 | | - next_path = get_fallback_login_redirect_url() |
147 | | - if "next" in request.GET: |
148 | | - next_path = request.GET["next"] |
149 | | - elif "RelayState" in request.GET: |
150 | | - next_path = request.GET["RelayState"] |
151 | | - |
152 | | - next_path = validate_referral_url(request, next_path) |
153 | | - return next_path |
154 | | - |
155 | 154 | def unknown_idp(self, request, idp): |
156 | 155 | msg = f"Error: IdP EntityID {escape(idp)} was not found in metadata" |
157 | 156 | logger.error(msg) |
@@ -185,7 +184,9 @@ def should_prevent_auth(self, request) -> bool: |
185 | 184 |
|
186 | 185 | def get(self, request, *args, **kwargs): |
187 | 186 | logger.debug("Login process started") |
188 | | - next_path = self.get_next_path(request) |
| 187 | + next_path = _get_next_path(request) |
| 188 | + if next_path is None: |
| 189 | + next_path = get_fallback_login_redirect_url() |
189 | 190 |
|
190 | 191 | if self.should_prevent_auth(request): |
191 | 192 | # If the SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting is True |
@@ -822,8 +823,12 @@ def finish_logout(request, response): |
822 | 823 |
|
823 | 824 | auth.logout(request) |
824 | 825 |
|
825 | | - if settings.LOGOUT_REDIRECT_URL is not None: |
826 | | - return HttpResponseRedirect(resolve_url(settings.LOGOUT_REDIRECT_URL)) |
| 826 | + next_path = _get_next_path(request) |
| 827 | + if next_path is not None: |
| 828 | + return HttpResponseRedirect(next_path) |
| 829 | + elif settings.LOGOUT_REDIRECT_URL is not None: |
| 830 | + fallback_url = resolve_url(settings.LOGOUT_REDIRECT_URL) |
| 831 | + return HttpResponseRedirect(fallback_url) |
827 | 832 | else: |
828 | 833 | current_site = get_current_site(request) |
829 | 834 | return render( |
|
0 commit comments