Updating shib login handling (pre/post login views)

We use a few redirects to handle login and extraction of the shibboleth attributes in a post-login page.

Updating shib login handling (pre/post login views)
383a3b08 · Tanner Prestegard · GraceDB · 3c82ab98 · 383a3b08 · 383a3b08
Commit 383a3b08 authored 6 years ago by Tanner Prestegard Committed by GraceDB 6 years ago
--- a/config/urls.py
+++ b/config/urls.py
@@ -15,7 +15,7 @@ from events.feeds import EventFeed, feedview
 # than just using a string
 import events.reports
 import events.views
-from ligoauth.views import gracedb_login
+from ligoauth.views import pre_login, shib_login, shib_logout
 import search.views

 # Django admin auto-discover
@@ -47,8 +47,9 @@ urlpatterns = [
    url(r'^reports/cbc_report/(?P<format>(json|flex))?$',
        events.reports.cbc_report, name="cbc_report"),
    url(r'^latest/$', search.views.latest, name="latest"),
-    url(r'^login/$', gracedb_login, name='login'),
-    url(r'^logout/$', logout, {'next_page': '/'}, name='logout'),
+    url(r'^login/$', pre_login, name='login'),
+    url(r'^post_login/$', shib_login, name='post-login'),
+    url(r'^logout/$', shib_logout, name='logout'),
    #(r'^reports/(?P<path>.+)$', 'django.views.static.serve',
    #        {'document_root': settings.LATENCY_REPORT_DEST_DIR}),
    url(r'^search/$', search.views.search, name="mainsearch"),

--- a/gracedb/ligoauth/views.py
+++ b/gracedb/ligoauth/views.py
-from django.http import HttpResponseRedirect
-from django.utils.http import urlquote
 from django.conf import settings
+from django.contrib.auth import logout
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+
+import logging
+logger = logging.getLogger(__name__)
+
+
+ORIGINAL_PAGE_KEY = 'login_from_page'
+
+
+def pre_login(request):
+    """
+    Sends user to settings.LOGIN_URL (Shibboleth login) and sets up a
+    redirect target to the actual login page where we parse the shib session
+    attributes.  Saves the current page (where the login button was clicked
+    from) in the session so that our login page can then redirect back to
+    the original page.
+
+    If original URL is not found, redirect to the home page
+    """
+
+    # Set target for shibboleth to redirect to
+    shib_target = reverse('post-login')
+
+    # Get original url (page where the login button was clicked)
+    original_url = request.META.get('HTTP_REFERER', reverse('home'))
+
+    # Store original url in session
+    request.session[ORIGINAL_PAGE_KEY] = original_url
+
+    # Set up url for shibboleth login with redirect target
+    full_login_url = "{base}?target={target}".format(base=settings.LOGIN_URL,
+        target=shib_target)

-def gracedb_login(request):
-    full_login_url = "{base}?target={path}".format(base=settings.LOGIN_URL,
-        path=urlquote(request.META.get('HTTP_REFERER', '/')))
+    # Redirect to the shibboleth login
    return HttpResponseRedirect(full_login_url)
+
+
+def shib_login(request):
+    """
+    pre_login should redirect to the URL which corresponds to this view.
+
+    Apache should be configured to put the Shibboleth session information into
+    the request headers at this view's URL.
+
+    The middleware should handle attribute extraction and logging in. So all
+    we need to do here is redirect to the original page (where the user clicked
+    the login button). If we can't seem to find that information, then just
+    redirect to the home page.
+    """
+
+    original_url = request.session.get(ORIGINAL_PAGE_KEY, reverse('home'))
+
+    # Redirect to the original url
+    return HttpResponseRedirect(original_url)
+
+
+def shib_logout(request):
+
+    # Call Django logout function
+    logout(request)
+
+    # Get original url where the logout button was pressed from
+    original_url = request.META.get('HTTP_REFERER', reverse('home'))
+
+    return HttpResponseRedirect(original_url)