create logout endpoint that clears user data from session
This commit is contained in:
dandds
parent
dffd0e9e0f
commit
0d1494ea11
@ -49,10 +49,9 @@ def login_redirect():
|
|||||||
return redirect(url_for(".home"))
|
return redirect(url_for(".home"))
|
||||||
|
|
||||||
|
|
||||||
def _is_valid_certificate(request):
|
@bp.route("/logout")
|
||||||
cert = request.environ.get("HTTP_X_SSL_CLIENT_CERT")
|
def logout():
|
||||||
if cert:
|
if session.get("user_id"):
|
||||||
result = app.crl_validator.validate(cert.encode())
|
del (session["user_id"])
|
||||||
return result
|
|
||||||
else:
|
return redirect(url_for(".home"))
|
||||||
return False
|
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
{{ Icon('avatar', classes='topbar__link-icon') }}
|
{{ Icon('avatar', classes='topbar__link-icon') }}
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
<a href="/" class="topbar__link" title='Log out of JEDI Cloud'>
|
<a href="{{ url_for('atst.logout') }}" class="topbar__link" title='Log out of JEDI Cloud'>
|
||||||
{{ Icon('logout', classes='topbar__link-icon') }}
|
{{ Icon('logout', classes='topbar__link-icon') }}
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -1,3 +1,5 @@
|
|||||||
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
from flask import session, url_for
|
from flask import session, url_for
|
||||||
from .mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS
|
from .mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS
|
||||||
@ -148,7 +150,6 @@ def test_creates_new_user_on_login(monkeypatch, client):
|
|||||||
|
|
||||||
|
|
||||||
def test_creates_new_user_without_email_on_login(monkeypatch, client):
|
def test_creates_new_user_without_email_on_login(monkeypatch, client):
|
||||||
monkeypatch.setattr("atst.routes._is_valid_certificate", lambda *args: True)
|
|
||||||
cert_file = open("ssl/client-certs/atat.mil.crt").read()
|
cert_file = open("ssl/client-certs/atat.mil.crt").read()
|
||||||
|
|
||||||
# ensure user does not exist
|
# ensure user does not exist
|
||||||
@ -168,3 +169,31 @@ def test_creates_new_user_without_email_on_login(monkeypatch, client):
|
|||||||
assert user.first_name == DOD_SDN_INFO["first_name"]
|
assert user.first_name == DOD_SDN_INFO["first_name"]
|
||||||
assert user.last_name == DOD_SDN_INFO["last_name"]
|
assert user.last_name == DOD_SDN_INFO["last_name"]
|
||||||
assert user.email == None
|
assert user.email == None
|
||||||
|
|
||||||
|
|
||||||
|
def test_logout(app, client, monkeypatch):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"atst.domain.authnid.AuthenticationContext.authenticate", lambda s: True
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"atst.domain.authnid.AuthenticationContext.get_user",
|
||||||
|
lambda s: UserFactory.create(),
|
||||||
|
)
|
||||||
|
# create a real session
|
||||||
|
resp = client.get(
|
||||||
|
url_for("atst.login_redirect"),
|
||||||
|
environ_base={
|
||||||
|
"HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS",
|
||||||
|
"HTTP_X_SSL_CLIENT_S_DN": DOD_SDN,
|
||||||
|
"HTTP_X_SSL_CLIENT_CERT": "",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
resp_success = client.get(url_for("requests.requests_index"))
|
||||||
|
# verify session is valid
|
||||||
|
assert resp_success.status_code == 200
|
||||||
|
client.get(url_for("atst.logout"))
|
||||||
|
resp_failure = client.get(url_for("requests.requests_index"))
|
||||||
|
# verify that logging out has cleared the session
|
||||||
|
assert resp_failure.status_code == 302
|
||||||
|
destination = urlparse(resp_failure.headers["Location"]).path
|
||||||
|
assert destination == url_for("atst.root")
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user