1 | from sso.lib.base import * |
---|
2 | from ndg.security.common.pylons.security_util import SecuritySession |
---|
3 | import logging |
---|
4 | log = logging.getLogger(__name__) |
---|
5 | |
---|
6 | import sys # include in case tracefile is set to sys.stderr |
---|
7 | import base64 # decode the return to address |
---|
8 | from urlparse import urlsplit, urlunsplit |
---|
9 | |
---|
10 | from ndg.security.common.SessionMgr import SessionMgrClient |
---|
11 | |
---|
12 | |
---|
13 | class LogoutController(BaseController): |
---|
14 | '''Provides the pylons controller for logging out and removing security |
---|
15 | session cookie content |
---|
16 | ''' |
---|
17 | |
---|
18 | |
---|
19 | def index(self): |
---|
20 | '''Logout - remove session from Session Manager tidy up cookie''' |
---|
21 | |
---|
22 | log.info("LogoutController.index ...") |
---|
23 | |
---|
24 | |
---|
25 | if 'ndgSec' not in session: |
---|
26 | # There's no handle to a security session |
---|
27 | log.error("logout called but no 'ndgSec' key in session object") |
---|
28 | return self._redirect() |
---|
29 | |
---|
30 | try: |
---|
31 | smClnt = SessionMgrClient(uri=session['ndgSec']['h'], |
---|
32 | tracefile=g.ndg.security.server.ssoservice.cfg.tracefile, |
---|
33 | **g.ndg.security.server.ssoservice.cfg.wss) |
---|
34 | except Exception, e: |
---|
35 | log.error("logout - creating Session Manager client: %s" % e) |
---|
36 | return self._cleanupAndRedirect() |
---|
37 | |
---|
38 | # Disconnect from Session Manager |
---|
39 | log.info('Calling Session Manager "%s" disconnect for logout...' % \ |
---|
40 | session['ndgSec']['h']) |
---|
41 | try: |
---|
42 | smClnt.disconnect(sessID=session['ndgSec']['sid']) |
---|
43 | except Exception, e: |
---|
44 | log.error("Error with Session Manager logout: %s" % e) |
---|
45 | # don't exit here - instead proceed to delete session and |
---|
46 | # redirect ... |
---|
47 | |
---|
48 | return self._cleanupAndRedirect() |
---|
49 | |
---|
50 | |
---|
51 | def _cleanupAndRedirect(self): |
---|
52 | """Remove security session and call _redirect""" |
---|
53 | try: |
---|
54 | # easy to kill our cookie |
---|
55 | SecuritySession.delete() |
---|
56 | if 'ndgCleared' in session: del session['ndgCleared'] |
---|
57 | session.save() |
---|
58 | |
---|
59 | except Exception, e: |
---|
60 | log.error("logout - clearing security session: %s" % e) |
---|
61 | |
---|
62 | return self._redirect() |
---|
63 | |
---|
64 | |
---|
65 | def _redirect(self): |
---|
66 | """Handle redirect back to previous page""" |
---|
67 | |
---|
68 | # Redirect URL is held in 'r' URL arg of this request |
---|
69 | b64encReturnTo = str(request.params.get('r', '')) |
---|
70 | |
---|
71 | if b64encReturnTo: |
---|
72 | # Decode the return to address |
---|
73 | try: |
---|
74 | b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo) |
---|
75 | except Exception, e: |
---|
76 | log.error("logout - decoding return URL: %s" % e) |
---|
77 | c.xml = "Error carrying out browser redirect following logout" |
---|
78 | return render('ndg.security.error') |
---|
79 | |
---|
80 | # Check for 'getCredentials' - avoid in case username/password |
---|
81 | # contained in the URL! |
---|
82 | getCredentialsIdx = b64decReturnTo.rfind('/getCredentials') |
---|
83 | if getCredentialsIdx != -1: |
---|
84 | log.debug(\ |
---|
85 | "Reverting request URL from getCredentials to login...") |
---|
86 | b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login' |
---|
87 | |
---|
88 | # and now go back to whence we had come |
---|
89 | log.debug("LogoutController._redirect: redirect to %s" % \ |
---|
90 | b64decReturnTo) |
---|
91 | h.redirect_to(b64decReturnTo) |
---|
92 | else: |
---|
93 | log.debug("LogoutController._redirect: no redirect URL set.") |
---|
94 | return render('ndg.security.error') |
---|