Added logut logic

Author: minhajuddin2510

ckanext/sso/ssoclient.py

@@ -18,6 +18,8 @@ def __init__(self):
         self.scope = tk.config.get("ckanext.sso.scope")
         self.token_url = tk.config.get("ckanext.sso.access_token_url")
         self.user_info_url = tk.config.get("ckanext.sso.user_info")
+        self.logout_url = tk.config.get('ckanext.sso.logout_url') 
+        self.logout_redirect_url = tk.config.get('ckanext.sso.logout_redirect_url')
 
     def get_authorize_url(self):
         log.debug("get_authorize_url")
@@ -42,3 +44,11 @@ def get_user_info(self, token):
         oauth = OAuth2Session(self.client_id, token=token)
         user_info = oauth.get(self.user_info_url)
         return user_info.json()
+
+    def get_logout_url(self, return_to=self.logout_redirect_url):
+        """Get Auth0 logout URL"""
+        params = {'client_id': self.client_id}
+        if return_to:
+            params['returnTo'] = return_to
+        from urllib.parse import urlencode
+        return f"{self.logout_url}?{urlencode(params)}"

ckanext/sso/views.py

@@ -7,11 +7,14 @@
 from ckan.plugins import toolkit as tk
 from ckan.views.user import RequestResetView, set_repoze_user
 from flask import Blueprint
+import ckan.plugins as plugins
 
 import ckanext.sso.helpers as helpers
 from ckanext.sso.ssoclient import SSOClient
 from ckanext.sso.ldap_client import LDAPClient
-
+from ckan.common import (
+    _, config, g, request, current_user, logout_user, session, login_user
+)
 g = tk.g
 
 log = logging.getLogger(__name__)
@@ -24,7 +27,8 @@ def before_app_request():
     bp, action = tk.get_endpoint()
     if bp == "user" and action == "login" and helpers.check_default_login():
         return tk.redirect_to(h.url_for("sso.sso"))
-
+    if bp == "user" and action == "logout":
+        return tk.redirect_to(h.url_for('sso.sso_logout'))
 
 
 
@@ -88,6 +92,12 @@ def dashboard():
             "fullname": userinfo["name"],
             "plugin_extras": {"idp": userinfo["sub"]},
         }
+        picture_url = (userinfo.get('picture') or 
+                      userinfo.get('avatar') or 
+                      userinfo.get('image'))
+        if picture_url:
+            user_dict['image_url'] = picture_url
+
         log.debug(f"User Info: {user_dict}")
         #ldap info
         ldap_department_num=None
@@ -178,10 +188,33 @@ def reset_password():
         return tk.redirect_to(tk.url_for("user.login"))
     return RequestResetView().post()
 
+def sso_logout():
+    for item in plugins.PluginImplementations(plugins.IAuthenticator):
+        response = item.logout()
+        if response:
+            return response
+    user = current_user.name
+    if not user:
+        return h.redirect_to('user.login')
+
+    came_from = request.args.get('came_from', '')
+    logout_user()
+
+    field_name = config.get("WTF_CSRF_FIELD_NAME")
+    if session.get(field_name):
+        session.pop(field_name)
+
+    if h.url_is_local(came_from):
+        return h.redirect_to(str(came_from))
+    
+    logout_url = sso_client.get_logout_url()
+    return tk.redirect_to(logout_url)
+
 
 blueprint.add_url_rule("/sso", view_func=sso)
 blueprint.add_url_rule("/dashboard", view_func=dashboard)
 blueprint.add_url_rule("/reset_password", view_func=reset_password, methods=["POST"])
+blueprint.add_url_rule('/sso_logout', view_func=sso_logout)
 
 
 def get_blueprint():