Commit ee987f6d authored by Valentin Samir's avatar Valentin Samir

Remember up to 100 login ticket insted of 1

parent df9dd536
......@@ -68,15 +68,13 @@ class User(models.Model):
"""Sending SLO request to all services the user logged in"""
async_list = []
session = FuturesSession(executor=ThreadPoolExecutor(max_workers=10))
# first invalidate all PGTs
ticket_classes = [ProxyGrantingTicket, ProxyTicket, ServiceTicket]
# first invalidate all Tickets
ticket_classes = [ProxyGrantingTicket, ServiceTicket, ProxyTicket]
for ticket_class in ticket_classes:
for ticket in ticket_class.objects.filter(
user=self,
validate=True if ticket_class != ProxyGrantingTicket else False,
):
queryset = ticket_class.objects.filter(user=self)
for ticket in queryset:
ticket.logout(request, session, async_list)
ticket.delete()
queryset.delete()
for future in async_list:
if future:
try:
......@@ -361,7 +359,6 @@ class Ticket(models.Model):
async_list = []
session = FuturesSession(executor=ThreadPoolExecutor(max_workers=10))
queryset = cls.objects.filter(
validate=True if cls != ProxyGrantingTicket else False,
creation__lt=(timezone.now() - timedelta(seconds=cls.TIMEOUT))
)
for ticket in queryset:
......@@ -376,10 +373,9 @@ class Ticket(models.Model):
def logout(self, request, session, async_list=None):
"""Send a SLO request to the ticket service"""
if isinstance(self, ProxyGrantingTicket):
# On logout invalidate the PGT
self.validate = True
self.save()
# On logout invalidate the Ticket
self.validate = True
self.save()
if self.validate and self.single_log_out:
try:
xml = u"""<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
......
......@@ -76,10 +76,11 @@ class LogoutMixin(object):
session_key=self.request.session.session_key
)
self.clean_session_variables()
self.request.session.flush()
user.logout(self.request)
user.delete()
except models.User.DoesNotExist:
self.clean_session_variables()
pass
class LogoutView(View, LogoutMixin):
......@@ -148,15 +149,19 @@ class LoginView(View, LogoutMixin):
def check_lt(self):
# save LT for later check
lt_valid = self.request.session.get('lt')
lt_valid = self.request.session.get('lt', [])
lt_send = self.request.POST.get('lt')
# generate a new LT (by posting the LT has been consumed)
self.request.session['lt'] = utils.gen_lt()
self.request.session['lt'] = self.request.session.get('lt', []) + [utils.gen_lt()]
if len(self.request.session['lt']) > 100:
self.request.session['lt'] = self.request.session['lt'][-100:]
# check if send LT is valid
if lt_valid is None or lt_valid != lt_send:
if lt_valid is None or lt_send not in lt_valid:
return False
else:
self.request.session['lt'].remove(lt_send)
self.request.session['lt'] = self.request.session['lt']
return True
def post(self, request, *args, **kwargs):
......@@ -194,7 +199,7 @@ class LoginView(View, LogoutMixin):
if not self.check_lt():
values = self.request.POST.copy()
# if not set a new LT and fail
values['lt'] = self.request.session['lt']
values['lt'] = self.request.session['lt'][-1]
self.init_form(values)
return self.INVALID_LOGIN_TICKET
elif not self.request.session.get("authenticated") or self.renew:
......@@ -227,7 +232,7 @@ class LoginView(View, LogoutMixin):
def process_get(self):
# generate a new LT if none is present
self.request.session['lt'] = self.request.session.get('lt', utils.gen_lt())
self.request.session['lt'] = self.request.session.get('lt', []) + [utils.gen_lt()]
if not self.request.session.get("authenticated") or self.renew:
self.init_form()
......@@ -241,7 +246,7 @@ class LoginView(View, LogoutMixin):
'service': self.service,
'method': self.method,
'warn': self.request.session.get("warn"),
'lt': self.request.session['lt']
'lt': self.request.session['lt'][-1]
}
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment