source: TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py @ 3918

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py@3918
Revision 3918, 3.6 KB checked in by pjkersha, 12 years ago (diff)

Initial Integration of Single Sign On Service with OpenID and Pylons AuthKit?:

  • WAYF now contains an OpenID textbox for sign in
  • No role integration carried out yet - OpenID has no better privileges than an anonymous user(!)
  • Integrated into Authkit - requires lots of config settings in pylons ini file
  • HTTP 401 error get redirected automatically to WAYF
  • Need to create an AuthKit? egg from SVN 151 checkout - will put on NDG dist
Line 
1from ndg.security.client.ssoclient.ssoclient.lib.base import *
2
3log = logging.getLogger(__name__)
4
5from ndg.security.common.pylons.security_util import SecuritySession
6import logging
7log = logging.getLogger(__name__)
8
9import sys # include in case tracefile is set to sys.stderr
10import base64 # decode the return to address
11
12from ndg.security.common.SessionMgr import SessionMgrClient
13
14
15class LogoutController(BaseController):
16    '''Provides the pylons controller for logging out and removing security
17    session cookie content
18    '''
19 
20    def index(self):
21        '''Logout - remove session from Session Manager tidy up cookie'''
22
23        log.debug("LogoutController.index ...")
24       
25
26        if 'ndgSec' not in session:
27            # There's no handle to a security session
28            log.error("logout called but no 'ndgSec' key in session object")
29            return self._redirect()
30       
31        try:
32            smClnt = SessionMgrClient(uri=session['ndgSec']['h'],
33                    tracefile=g.ndg.security.common.sso.cfg.tracefile,
34                    **g.ndg.security.common.sso.cfg.wss)       
35        except Exception, e:
36            log.error("logout - creating Session Manager client: %s" % e)
37            return self._cleanupAndRedirect() 
38       
39        # Disconnect from Session Manager
40        log.info('Calling Session Manager "%s" disconnect for logout...' % \
41                 session['ndgSec']['h'])
42        try:
43            smClnt.disconnect(sessID=session['ndgSec']['sid'])
44        except Exception, e:
45            log.error("Error with Session Manager logout: %s" % e)
46            # don't exit here - instead proceed to delete session and
47            # redirect ...
48
49        return self._cleanupAndRedirect()
50
51
52    def _cleanupAndRedirect(self):
53        """Remove security session and call _redirect"""
54        log.debug("LogoutController._cleanupAndRedirect...")
55       
56        try:
57            # easy to kill our cookie
58            SecuritySession.delete()
59            if 'ndgCleared' in session: del session['ndgCleared']
60            session.save()
61           
62        except Exception, e:   
63            log.error("logout - clearing security session: %s" % e)
64
65        return self._redirect()
66   
67   
68    def _redirect(self):
69        """Handle redirect back to previous page"""
70       
71        # Redirect URL is held in 'r' URL arg of this request
72        b64encReturnTo = str(request.params.get('r', ''))
73
74        if b64encReturnTo:
75            # Decode the return to address
76            try:
77                b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo)
78            except Exception, e:
79                log.error("logout - decoding return URL: %s" % e) 
80                c.xml = "Error carrying out browser redirect following logout"
81                return render('ndg.security.error')
82           
83            # Check for 'getCredentials' - avoid in case username/password
84            # contained in the URL!
85            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
86            if getCredentialsIdx != -1:
87                log.debug(\
88                    "Reverting request URL from getCredentials to login...")
89                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
90           
91            # and now go back to whence we had come
92            log.debug("LogoutController._redirect: redirect to %s" % \
93                                                              b64decReturnTo)
94            h.redirect_to(b64decReturnTo)
95        else:
96            log.debug("LogoutController._redirect: no redirect URL set.")
97            return render('ndg.security.error')
Note: See TracBrowser for help on using the repository browser.