Fixed end-session when user are already disconnected

This commit is contained in:
Éloi Rivard 2022-07-07 16:28:28 +02:00
parent 5b31da36ce
commit db0fd2d8ba
3 changed files with 23 additions and 0 deletions

View file

@ -10,6 +10,7 @@ Fixed
*****
- The consent page was displaying scopes not supported by clients. :pr:`56`
- Fixed end session when user are already disconnected.
[0.0.9] - 2022-06-05
====================

View file

@ -242,6 +242,9 @@ def end_session():
data = CombinedMultiDict((request.args, request.form))
user = current_user()
if not user:
return redirect(url_for("account.index"))
form = LogoutForm(request.form)
form.action = url_for("oidc.oauth.end_session_submit")

View file

@ -329,3 +329,22 @@ def test_no_jwt_bad_csrf(testclient, slapd_connection, logged_user, client):
assert res.location.startswith(post_logout_redirect_url)
testclient.get(f"/profile/{logged_user.uid[0]}", status=403)
def test_end_session_already_disconnected(
testclient, slapd_connection, user, client, id_token
):
post_logout_redirect_url = "https://mydomain.tld/disconnected"
res = testclient.get(
"/oauth/end_session",
params={
"id_token_hint": id_token,
"logout_hint": user.uid[0],
"client_id": client.client_id,
"post_logout_redirect_uri": post_logout_redirect_url,
"state": "foobar",
},
status=302,
)
assert res.location == "/"