saml: create a new session if expired during passive SSO (#72898) #14
|
@ -674,3 +674,34 @@ def test_no_opened_session_cookie(pub):
|
|||
assert resp.status_int == 200
|
||||
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name
|
||||
assert cookie_name not in app.cookies
|
||||
|
||||
|
||||
def test_expired_opened_session_cookie_menu_json(pub):
|
||||
app = get_app(pub)
|
||||
app.get('/') # init pub, set app_dir, etc.
|
||||
|
||||
pub.site_options.set('options', 'idp_session_cookie_name', 'IDP_OPENED_SESSION')
|
||||
with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd:
|
||||
pub.site_options.write(fd)
|
||||
|
||||
app.set_cookie('IDP_OPENED_SESSION', '1')
|
||||
|
||||
# simulate a saml login
|
||||
user = pub.user_class()
|
||||
user.store()
|
||||
request = mock.Mock()
|
||||
request.get_environ.return_value = '1.1.1.1'
|
||||
with mock.patch('quixote.session.get_request', return_value=request), mock.patch(
|
||||
'wcs.qommon.saml2', return_value=mock.Mock(cookies={'IDP_OPENED_SESSION': '2'})
|
||||
):
|
||||
session = get_session_manager().session_class(id=None)
|
||||
session.set_user(user.id)
|
||||
session.opened_session_value = '2'
|
||||
session.id = 'abcd'
|
||||
session.store()
|
||||
app.set_cookie(pub.config.session_cookie_name, session.id)
|
||||
app.set_cookie(pub.config.session_cookie_name + '-passive-auth-tried', '3')
|
||||
|
||||
# access to a restricted page with no session on the idp or passive sso already tried
|
||||
app.set_cookie('IDP_OPENED_SESSION', '3')
|
||||
app.get('/backoffice/menu.json', status=302)
|
||||
|
|
|
@ -347,7 +347,13 @@ class RootDirectory(Directory):
|
|||
if idp_session_cookie_name not in cookies or cookies.get(idp_session_cookie_name) == cookies.get(
|
||||
passive_tried_cookie_name
|
||||
):
|
||||
# no session on the idp or passive sso already tried, stop here.
|
||||
# no session on the idp or passive sso already tried, init a new session if necessary
|
||||
# (because it was explicitly expired just above), then let the flow continue and the
|
||||
# expected page be served.
|
||||
if get_session() is None:
|
||||
# init a new session
|
||||
get_publisher().session_manager.start_request()
|
||||
get_publisher().session_manager.maintain_session(get_session())
|
||||
return
|
||||
response.set_cookie(
|
||||
passive_tried_cookie_name,
|
||||
|
|
Loading…
Reference in New Issue