Merge pull request #67 from akatsoulas/post-logout

akatsoulas · web-flow · commit 5c0585c9161d · 2017-01-11T12:51:20.000+02:00
Logout user from OP.
diff --git a/mozilla_django_oidc/contrib/auth0/utils.py b/mozilla_django_oidc/contrib/auth0/utils.py
@@ -1,4 +1,10 @@
 import requests
+try:
+    from urllib import urlencode
+except ImportError:
+    from urllib.parse import urlencode
+
+from django.http import HttpResponseRedirect
 
 from mozilla_django_oidc.utils import import_from_settings
 
@@ -18,3 +24,13 @@ def refresh_id_token(id_token):
     if response.status_code == requests.codes.ok:
         return response.json().get('id_token')
     return None
+
+
+def logout(request):
+    """Log out the user from Auth0."""
+    url = 'https//' + import_from_settings('OIDC_OP_DOMAIN') + '/v2/logout'
+    url += '?' + urlencode({
+        'returnTo': import_from_settings('OIDC_OP_LOGOUT_URL', '/'),
+        'client_id': import_from_settings('OIDC_RP_CLIENT_ID')
+    })
+    return HttpResponseRedirect(url)
diff --git a/mozilla_django_oidc/views.py b/mozilla_django_oidc/views.py
@@ -8,6 +8,7 @@
 from django.contrib import auth
 from django.http import HttpResponseRedirect
 from django.utils.crypto import get_random_string
+from django.utils.module_loading import import_string
 from django.views.generic import View
 
 from mozilla_django_oidc.utils import absolutify, import_from_settings
@@ -104,14 +105,21 @@ def get(self, request):
 class OIDCLogoutView(View):
     """Logout helper view"""
 
-    http_method_names = ['get']
+    http_method_names = ['get', 'post']
 
     @property
     def redirect_url(self):
         """Return the logout url defined in settings."""
         return import_from_settings('LOGOUT_REDIRECT_URL', '/')
 
-    def get(self, request):
-        """Log the user out"""
-        auth.logout(request)
+    def dispatch(self, request, *args, **kwargs):
+        """Log out the user."""
+
+        if request.user.is_authenticated():
+            auth.logout(request)
+
+            logout_view_path = import_from_settings('OIDC_OP_LOGOUT_VIEW', '')
+            if logout_view_path:
+                logout_view = import_string(logout_view_path)
+                return logout_view(request)
         return HttpResponseRedirect(self.redirect_url)
diff --git a/tests/auth0_tests/test_utils.py b/tests/auth0_tests/test_utils.py
@@ -12,7 +12,7 @@ class Auth0UtilsTestCase(TestCase):
     @override_settings(OIDC_RP_CLIENT_ID='client_id')
     @override_settings(OIDC_OP_DOMAIN='op_domain')
     @patch('mozilla_django_oidc.contrib.auth0.utils.requests.post')
-    def test_successful_refresh_token(self, mock_post):
+    def test_successful_attempt_to_refresh_token(self, mock_post):
         """Test a successful attempt for a refresh id_token."""
         mock_response = Mock()
         mock_response.status_code = 200
@@ -25,7 +25,7 @@ def test_successful_refresh_token(self, mock_post):
     @override_settings(OIDC_RP_CLIENT_ID='client_id')
     @override_settings(OIDC_OP_DOMAIN='op_domain')
     @patch('mozilla_django_oidc.contrib.auth0.utils.requests.post')
-    def test_unsuccessful_attempt(self, mock_post):
+    def test_unsuccessful_attempt_to_refresh_token(self, mock_post):
         """Test an attempt to get a refresh token that raises an error."""
         mock_response = Mock()
         mock_response.status_code = 401
diff --git a/tests/test_views.py b/tests/test_views.py
@@ -290,8 +290,25 @@ def setUp(self):
 
     @override_settings(LOGOUT_REDIRECT_URL='/example-logout')
     def test_get(self):
+        user = User.objects.create_user('example_username')
         url = reverse('oidc_logout')
         request = self.factory.get(url)
+        request.user = user
+        logout_view = views.OIDCLogoutView.as_view()
+
+        with patch('mozilla_django_oidc.views.auth.logout') as mock_logout:
+            response = logout_view(request)
+            mock_logout.assert_called_once_with(request)
+
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response.url, '/example-logout')
+
+    @override_settings(LOGOUT_REDIRECT_URL='/example-logout')
+    def test_post(self):
+        user = User.objects.create_user('example_username')
+        url = reverse('oidc_logout')
+        request = self.factory.post(url)
+        request.user = user
         logout_view = views.OIDCLogoutView.as_view()
 
         with patch('mozilla_django_oidc.views.auth.logout') as mock_logout:
