Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
subject_id = _get_subject_id(request.session)
if subject_id is None:
return logout_failed(_('You cannot be logged out.'))
try:
result = client.global_logout(subject_id)
except KeyError:
return logout_failed(_('You are not logged in any IdP/AA.'))
state.sync()
if not result:
return logout_failed(_('You are not logged in any IdP/AA.'))
# Logout is supported only from 1 IdP
binding, http_info = list(result.values())[0]
return HttpResponseRedirect(get_location(http_info))
subject_id = _get_subject_id(request.session)
if subject_id is None:
logger.warning(
'The session does not contain the subject id for user %s. Performing local logout',
request.user)
auth.logout(request)
return render(request, logout_error_template, {})
else:
http_info = client.handle_logout_request(
data['SAMLRequest'],
subject_id,
binding,
relay_state=data.get('RelayState', ''))
state.sync()
auth.logout(request)
return HttpResponseRedirect(get_location(http_info))
else:
logger.error('No SAMLResponse or SAMLRequest parameter found')
raise Http404('No SAMLResponse or SAMLRequest parameter found')
subject_id = _get_subject_id(request.session)
if subject_id is None:
logger.warning(
'The session does not contain the subject id for user %s. Performing local logout',
request.user)
auth.logout(request)
return render(request, logout_error_template, status=403, using='django')
else:
http_info = client.handle_logout_request(
data['SAMLRequest'],
subject_id,
binding,
relay_state=data.get('RelayState', ''))
state.sync()
auth.logout(request)
return HttpResponseRedirect(get_location(http_info))
else:
logger.error('No SAMLResponse or SAMLRequest parameter found')
raise Http404('No SAMLResponse or SAMLRequest parameter found')
logger.error("Looks like the user %s is not logged in any IdP/AA", subject_id)
return HttpResponseBadRequest("You are not logged in any IdP/AA")
if len(result) > 1:
logger.error('Sorry, I do not know how to logout from several sources. I will logout just from the first one')
for entityid, logout_info in result.items():
if isinstance(logout_info, tuple):
binding, http_info = logout_info
if binding == BINDING_HTTP_POST:
logger.debug('Returning form to the IdP to continue the logout process')
body = ''.join(http_info['data'])
return HttpResponse(body)
elif binding == BINDING_HTTP_REDIRECT:
logger.debug('Redirecting to the IdP to continue the logout process')
return HttpResponseRedirect(get_location(http_info))
else:
logger.error('Unknown binding: %s', binding)
return HttpResponseServerError('Failed to log out')
else:
# We must have had a soap logout
return finish_logout(request, logout_info)
logger.error('Could not logout because there only the HTTP_REDIRECT is supported')
return HttpResponseServerError('Logout Binding not supported')
if binding == BINDING_HTTP_REDIRECT:
try:
# do not sign the xml itself, instead use the sigalg to
# generate the signature as a URL param
sig_alg_option_map = {'sha1': SIG_RSA_SHA1,
'sha256': SIG_RSA_SHA256}
sig_alg_option = getattr(conf, '_sp_authn_requests_signed_alg', 'sha1')
sigalg = sig_alg_option_map[sig_alg_option] if sign_requests else None
session_id, result = client.prepare_for_authenticate(
entityid=selected_idp, relay_state=came_from,
binding=binding, sign=False, sigalg=sigalg)
except TypeError as e:
logger.error('Unable to know which IdP to use')
return HttpResponse(text_type(e))
else:
http_response = HttpResponseRedirect(get_location(result))
elif binding == BINDING_HTTP_POST:
if post_binding_form_template:
# get request XML to build our own html based on the template
try:
location = client.sso_location(selected_idp, binding)
except TypeError as e:
logger.error('Unable to know which IdP to use')
return HttpResponse(text_type(e))
session_id, request_xml = client.create_authn_request(
location,
binding=binding)
try:
if PY3:
saml_request = base64.b64encode(binary_type(request_xml, 'UTF-8'))
else:
saml_request = base64.b64encode(binary_type(request_xml))
logger.error("Looks like the user %s is not logged in any IdP/AA", subject_id)
return HttpResponseBadRequest("You are not logged in any IdP/AA")
if len(result) > 1:
logger.error('Sorry, I do not know how to logout from several sources. I will logout just from the first one')
for entityid, logout_info in result.items():
if isinstance(logout_info, tuple):
binding, http_info = logout_info
if binding == BINDING_HTTP_POST:
logger.debug('Returning form to the IdP to continue the logout process')
body = ''.join(http_info['data'])
return HttpResponse(body)
elif binding == BINDING_HTTP_REDIRECT:
logger.debug('Redirecting to the IdP to continue the logout process')
return HttpResponseRedirect(get_location(http_info))
else:
logger.error('Unknown binding: %s', binding)
return HttpResponseServerError('Failed to log out')
else:
# We must have had a soap logout
return finish_logout(request, logout_info)
logger.error('Could not logout because there only the HTTP_REDIRECT is supported')
return HttpResponseServerError('Logout Binding not supported')
if binding == BINDING_HTTP_REDIRECT:
try:
# do not sign the xml itself, instead use the sigalg to
# generate the signature as a URL param
sig_alg_option_map = {'sha1': SIG_RSA_SHA1,
'sha256': SIG_RSA_SHA256}
sig_alg_option = getattr(conf, '_sp_authn_requests_signed_alg', 'sha1')
sigalg = sig_alg_option_map[sig_alg_option] if sign_requests else None
session_id, result = client.prepare_for_authenticate(
entityid=selected_idp, relay_state=came_from,
binding=binding, sign=False, sigalg=sigalg)
except TypeError as e:
logger.error('Unable to know which IdP to use')
return HttpResponse(text_type(e))
else:
http_response = HttpResponseRedirect(get_location(result))
elif binding == BINDING_HTTP_POST:
if post_binding_form_template:
# get request XML to build our own html based on the template
try:
location = client.sso_location(selected_idp, binding)
except TypeError as e:
logger.error('Unable to know which IdP to use')
return HttpResponse(text_type(e))
session_id, request_xml = client.create_authn_request(
location,
binding=binding)
try:
http_response = render(request, post_binding_form_template, {
'target_url': location,
'params': {
'SAMLRequest': base64.b64encode(binary_type(request_xml)),