feat: tpa automatic logout with a single redirect

2024-04-16 17:04:12 +02:00
parent 515ce7f791
commit 9c90fa0dd1
2 changed files with 10 additions and 13 deletions
--- a/openedx/core/djangoapps/user_authn/views/logout.py
+++ b/openedx/core/djangoapps/user_authn/views/logout.py
@@ -8,7 +8,6 @@ from urllib.parse import parse_qs, urlsplit, urlunsplit  # pylint: disable=impor
 import nh3
 from django.conf import settings
 from django.contrib.auth import logout
-from django.shortcuts import redirect
 from django.utils.http import urlencode
 from django.views.generic import TemplateView
 from oauth2_provider.models import Application
@@ -47,7 +46,13 @@ class LogoutView(TemplateView):
        If a redirect_url is specified in the querystring for this request, and the value is a safe
        url for redirect, the view will redirect to this page after rendering the template.
        If it is not specified, we will use the default target url.
+        Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
+        tpa_logout_url is configured.
        """
+
+        if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False) and self.tpa_logout_url:
+            return self.tpa_logout_url
+
        target_url = self.request.GET.get('redirect_url') or self.request.GET.get('next')

        #  Some third party apps do not build URLs correctly and send next query param without URL-encoding, resulting
@@ -85,16 +90,6 @@ class LogoutView(TemplateView):

        mark_user_change_as_expected(None)

-        # Redirect to tpa_logout_url if TPA_AUTOMATIC_LOGOUT_ENABLED is set to True and if
-        # tpa_logout_url is configured.
-        #
-        # NOTE: This step skips rendering logout.html, which is used to log the user out from the
-        # different IDAs. To ensure the user is logged out of all the IDAs be sure to redirect
-        # back to <LMS>/logout after logging out of the TPA.
-        if getattr(settings, 'TPA_AUTOMATIC_LOGOUT_ENABLED', False):
-            if self.tpa_logout_url:
-                return redirect(self.tpa_logout_url)
-
        return response

    def _build_logout_url(self, url):
--- a/openedx/core/djangoapps/user_authn/views/tests/test_logout.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_logout.py
@@ -211,8 +211,10 @@ class LogoutTests(TestCase):
            mock_idp_logout_url.return_value = idp_logout_url
            self._authenticate_with_oauth(client)
            response = self.client.get(reverse('logout'))
-            assert response.status_code == 302
-            assert response.url == idp_logout_url
+            expected = {
+                'target': idp_logout_url,
+            }
+            self.assertDictContainsSubset(expected, response.context_data)

    @mock.patch('django.conf.settings.TPA_AUTOMATIC_LOGOUT_ENABLED', True)
    def test_no_automatic_tpa_logout_without_logout_url(self):