source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py @ 3754

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py@3754
Revision 3754, 3.5 KB checked in by pjkersha, 12 years ago (diff)
Line 
1from sso.lib.base import *
2from ndg.security.common.pylons.security_util import SecuritySession
3import logging
4log = logging.getLogger(__name__)
5
6import sys # include in case tracefile is set to sys.stderr
7import base64 # decode the return to address
8from urlparse import urlsplit, urlunsplit
9
10from ndg.security.common.SessionMgr import SessionMgrClient
11
12
13class LogoutController(BaseController):
14    '''Provides the pylons controller for logging out and removing security
15    session cookie content
16    '''
17
18   
19    def index(self):
20        '''Logout - remove session from Session Manager tidy up cookie'''
21
22        log.info("LogoutController.index ...")
23       
24
25        if 'ndgSec' not in session:
26            # There's no handle to a security session
27            log.error("logout called but no 'ndgSec' key in session object")
28            return self._redirect()
29       
30        try:
31            smClnt = SessionMgrClient(uri=session['ndgSec']['h'],
32                    tracefile=g.ndg.security.server.ssoservice.cfg.tracefile,
33                    **g.ndg.security.server.ssoservice.cfg.wss)       
34        except Exception, e:
35            log.error("logout - creating Session Manager client: %s" % e)
36            return self._cleanupAndRedirect() 
37       
38        # Disconnect from Session Manager
39        log.info('Calling Session Manager "%s" disconnect for logout...' % \
40                 session['ndgSec']['h'])
41        try:
42            smClnt.disconnect(sessID=session['ndgSec']['sid'])
43        except Exception, e:
44            log.error("Error with Session Manager logout: %s" % e)
45            # don't exit here - instead proceed to delete session and
46            # redirect ...
47
48        return self._cleanupAndRedirect()
49
50
51    def _cleanupAndRedirect(self):
52        """Remove security session and call _redirect"""
53        try:
54            # easy to kill our cookie
55            SecuritySession.delete()
56            if 'ndgCleared' in session: del session['ndgCleared']
57            session.save()
58           
59        except Exception, e:   
60            log.error("logout - clearing security session: %s" % e)
61
62        return self._redirect()
63   
64   
65    def _redirect(self):
66        """Handle redirect back to previous page"""
67       
68        # Redirect URL is held in 'r' URL arg of this request
69        b64encReturnTo = str(request.params.get('r', ''))
70
71        if b64encReturnTo:
72            # Decode the return to address
73            try:
74                b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo)
75            except Exception, e:
76                log.error("logout - decoding return URL: %s" % e) 
77                c.xml = "Error carrying out browser redirect following logout"
78                return render('ndg.security.error')
79           
80            # Check for 'getCredentials' - avoid in case username/password
81            # contained in the URL!
82            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
83            if getCredentialsIdx != -1:
84                log.debug(\
85                    "Reverting request URL from getCredentials to login...")
86                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
87           
88            # and now go back to whence we had come
89            log.debug("LogoutController._redirect: redirect to %s" % \
90                                                              b64decReturnTo)
91            h.redirect_to(b64decReturnTo)
92        else:
93            log.debug("LogoutController._redirect: no redirect URL set.")
94            return render('ndg.security.error')
Note: See TracBrowser for help on using the repository browser.