Skip to content

[ADD] Added auth_oidc_logout module #861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
danypr92 wants to merge 1 commit into
base: 16.0
Choose a base branch
from
Open

[ADD] Added auth_oidc_logout module #861

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions auth_oidc_logout/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Copyright 2016 ICTSTUDIO <http://www.ictstudio.eu>
# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)

from . import controllers
19 changes: 19 additions & 0 deletions auth_oidc_logout/__manifest__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright 2016 ICTSTUDIO <http://www.ictstudio.eu>
# Copyright 2021 ACSONE SA/NV <https://acsone.eu>
# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)

{
"name": "Authentication OpenID Connect Logout process",
"version": "16.0.0.1.0",
"license": "AGPL-3",
"author": (
"ICTSTUDIO, André Schenkels, ACSONE SA/NV, Odoo Community Association (OCA)"
),
"maintainers": ["sbidoul"],
"website": "https://github.com/OCA/server-auth",
"summary": "Allow users to login through OpenID Connect Provider",
"external_dependencies": {"python": ["python-jose"]},
"depends": ["auth_oidc"],
"data": [],
"demo": [],
}
4 changes: 4 additions & 0 deletions auth_oidc_logout/controllers/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Copyright 2016 ICTSTUDIO <http://www.ictstudio.eu>
# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)

from . import main
36 changes: 36 additions & 0 deletions auth_oidc_logout/controllers/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Copyright 2016 ICTSTUDIO <http://www.ictstudio.eu>
# Copyright 2021 ACSONE SA/NV <https://acsone.eu>
# License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
from urllib.parse import parse_qs, urljoin, urlparse

from werkzeug.urls import url_encode

from odoo import http
from odoo.http import request

from odoo.addons.web.controllers.session import Session


class OpenIDLogout(Session):
@http.route("/web/session/logout", type="http", auth="none")
def logout(self, redirect="/web/login"):
# https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
user = request.env["res.users"].sudo().browse(request.session.uid)
if user.oauth_provider_id.id:
provider = (
request.env["auth.oauth.provider"]
.sudo()
.browse(user.oauth_provider_id.id)
)
if provider.end_session_endpoint:
redirect_url = urljoin(request.httprequest.url_root, redirect)
components = urlparse(provider.end_session_endpoint)
params = parse_qs(components.query)
params["client_id"] = provider.client_id
params["post_logout_redirect_uri"] = redirect_url
logout_url = components._replace(query=url_encode(params)).geturl()
# Override the session logout to allow a non local redirect
request.session.logout(keep_db=True)
return request.env["ir.http"]._redirect(logout_url, 303)
# User has no account with any provider or no logout URL is configured for the provider
return super().logout(redirect=redirect)
1 change: 1 addition & 0 deletions auth_oidc_logout/tests/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import test_auth_oidc_logout
Loading
Loading