diff --git a/config/urls.py b/config/urls.py
index 44d1e7b963b1e03e73c3f6a2fcb3935a6f7fb995..7b6630f1a10e4ba92c97ac78df37a8620b7be79f 100644
--- a/config/urls.py
+++ b/config/urls.py
@@ -15,7 +15,7 @@ from events.feeds import EventFeed, feedview
# than just using a string
import events.reports
import events.views
-from ligoauth.views import gracedb_login
+from ligoauth.views import pre_login, shib_login, shib_logout
import search.views
# Django admin auto-discover
@@ -47,8 +47,9 @@ urlpatterns = [
url(r'^reports/cbc_report/(?P<format>(json|flex))?$',
events.reports.cbc_report, name="cbc_report"),
url(r'^latest/$', search.views.latest, name="latest"),
- url(r'^login/$', gracedb_login, name='login'),
- url(r'^logout/$', logout, {'next_page': '/'}, name='logout'),
+ url(r'^login/$', pre_login, name='login'),
+ url(r'^post_login/$', shib_login, name='post-login'),
+ url(r'^logout/$', shib_logout, name='logout'),
#(r'^reports/(?P<path>.+)$', 'django.views.static.serve',
# {'document_root': settings.LATENCY_REPORT_DEST_DIR}),
url(r'^search/$', search.views.search, name="mainsearch"),
diff --git a/gracedb/ligoauth/views.py b/gracedb/ligoauth/views.py
index e92a442add0c24d14227223bce86ff941e8e0b93..8a29f6e7d72a1c455dbf027a2ec9e2a3f7c5aaf6 100644
--- a/gracedb/ligoauth/views.py
+++ b/gracedb/ligoauth/views.py
@@ -1,8 +1,68 @@
-from django.http import HttpResponseRedirect
-from django.utils.http import urlquote
from django.conf import settings
+from django.contrib.auth import logout
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+
+import logging
+logger = logging.getLogger(__name__)
+
+
+ORIGINAL_PAGE_KEY = 'login_from_page'
+
+
+def pre_login(request):
+ """
+ Sends user to settings.LOGIN_URL (Shibboleth login) and sets up a
+ redirect target to the actual login page where we parse the shib session
+ attributes. Saves the current page (where the login button was clicked
+ from) in the session so that our login page can then redirect back to
+ the original page.
+
+ If original URL is not found, redirect to the home page
+ """
+
+ # Set target for shibboleth to redirect to
+ shib_target = reverse('post-login')
+
+ # Get original url (page where the login button was clicked)
+ original_url = request.META.get('HTTP_REFERER', reverse('home'))
+
+ # Store original url in session
+ request.session[ORIGINAL_PAGE_KEY] = original_url
+
+ # Set up url for shibboleth login with redirect target
+ full_login_url = "{base}?target={target}".format(base=settings.LOGIN_URL,
+ target=shib_target)
-def gracedb_login(request):
- full_login_url = "{base}?target={path}".format(base=settings.LOGIN_URL,
- path=urlquote(request.META.get('HTTP_REFERER', '/')))
+ # Redirect to the shibboleth login
return HttpResponseRedirect(full_login_url)
+
+
+def shib_login(request):
+ """
+ pre_login should redirect to the URL which corresponds to this view.
+
+ Apache should be configured to put the Shibboleth session information into
+ the request headers at this view's URL.
+
+ The middleware should handle attribute extraction and logging in. So all
+ we need to do here is redirect to the original page (where the user clicked
+ the login button). If we can't seem to find that information, then just
+ redirect to the home page.
+ """
+
+ original_url = request.session.get(ORIGINAL_PAGE_KEY, reverse('home'))
+
+ # Redirect to the original url
+ return HttpResponseRedirect(original_url)
+
+
+def shib_logout(request):
+
+ # Call Django logout function
+ logout(request)
+
+ # Get original url where the logout button was pressed from
+ original_url = request.META.get('HTTP_REFERER', reverse('home'))
+
+ return HttpResponseRedirect(original_url)