source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py @ 4384

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py@4384
Revision 4384, 4.0 KB checked in by pjkersha, 12 years ago (diff)

SessionMgr? -> SessionManager?

Line 
1from ndg.security.server.sso.sso.lib.base import *
2from ndg.security.common.pylons.security_util import SecuritySession
3import logging
4log = logging.getLogger(__name__)
5
6import sys # include in case tracefile is set to sys.stderr
7import base64 # decode the return to address
8from urlparse import urlsplit, urlunsplit
9
10from ndg.security.common.sessionmanager import SessionManagerClient
11
12
13class LogoutController(BaseController):
14    '''Provides the pylons controller for logging out and removing security
15    session cookie content
16    '''
17
18    def index(self):
19        '''Logout - remove session from Session Manager tidy up cookie'''
20
21        log.info("LogoutController.index ...")
22       
23        # Convenience alias
24        cfg = g.ndg.security.server.sso.cfg
25       
26
27        if 'ndgSec' not in session:
28            # There's no handle to a security session
29            log.error("logout called but no 'ndgSec' key in session object")
30            return self._redirect()
31       
32        try:
33            smClnt = SessionManagerClient(uri=session['ndgSec']['h'],
34                                      tracefile=cfg.tracefile,
35                                      **cfg.wss)       
36        except Exception, e:
37            log.error("logout - creating Session Manager client: %s" % e)
38            return self._cleanupAndRedirect() 
39       
40        # Disconnect from Session Manager
41        log.info('Calling Session Manager "%s" disconnect for logout...' % \
42                 session['ndgSec']['h'])
43        try:
44            smClnt.disconnect(sessID=session['ndgSec']['sid'])
45        except Exception, e:
46            log.error("Error with Session Manager logout: %s" % e)
47            # don't exit here - instead proceed to delete session and
48            # redirect ...
49
50        return self._cleanupAndRedirect()
51
52
53    def _cleanupAndRedirect(self):
54        """Remove security session and call _redirect"""
55        try:
56            # easy to kill our cookie
57            SecuritySession.delete()
58            if 'ndgCleared' in session: del session['ndgCleared']
59            session.save()
60           
61        except Exception, e:   
62            log.error("logout - clearing security session: %s" % e)
63
64        return self._redirect()
65   
66   
67    def _redirect(self):
68        """Handle redirect back to previous page"""
69       
70        # Redirect URL is held in 'r' URL arg of this request
71        b64encReturnTo = str(request.params.get('r', ''))
72
73        if b64encReturnTo:
74            # Decode the return to address
75            try:
76                b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo)
77            except Exception, e:
78                log.error("logout - decoding return URL: %s" % e) 
79                c.xml = "Error carrying out browser redirect following logout"
80                return render('ndg.security.kid', 'ndg.security.error')
81           
82            # Check for 'getCredentials' - avoid in case username/password
83            # contained in the URL!
84            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
85            if getCredentialsIdx != -1:
86                log.debug(\
87                    "Reverting request URL from getCredentials to login...")
88                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
89           
90            # Add flag indicating to caller that logout succeeded.  The caller
91            # can use this to remove any security cookie present in their
92            # domain - See:
93            # ndg.security.client.ssoclient.ssoclient.lib.base.BaseController
94            if '?' in b64decReturnTo:
95                b64decReturnTo += '&logout=1'
96            else:
97                b64decReturnTo += '?logout=1'
98
99            # and now go back to whence we had come
100            log.debug("LogoutController._redirect: redirect to %s" % \
101                                                              b64decReturnTo)
102            h.redirect_to(b64decReturnTo)
103        else:
104            log.debug("LogoutController._redirect: no redirect URL set.")
105            return render('ndg.security.kid', 'ndg.security.error')
Note: See TracBrowser for help on using the repository browser.