mirror of https://github.com/jumpserver/jumpserver
				
				
				
			
		
			
				
	
	
		
			42 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Python
		
	
	
			
		
		
	
	
			42 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Python
		
	
	
| # coding:utf-8
 | |
| #
 | |
| 
 | |
| from django.conf import settings
 | |
| from django.contrib.auth import logout
 | |
| from django.utils.deprecation import MiddlewareMixin
 | |
| from django.contrib.auth import BACKEND_SESSION_KEY
 | |
| 
 | |
| from common.utils import get_logger
 | |
| from .utils import new_client
 | |
| from .models import OIDT_ACCESS_TOKEN
 | |
| 
 | |
| BACKEND_OPENID_AUTH_CODE = 'OpenIDAuthorizationCodeBackend'
 | |
| logger = get_logger(__file__)
 | |
| __all__ = ['OpenIDAuthenticationMiddleware']
 | |
| 
 | |
| 
 | |
| class OpenIDAuthenticationMiddleware(MiddlewareMixin):
 | |
|     """
 | |
|     Check openid user single logout (with access_token)
 | |
|     """
 | |
|     def process_request(self, request):
 | |
|         # Don't need openid auth if AUTH_OPENID is False
 | |
|         if not settings.AUTH_OPENID:
 | |
|             return
 | |
|         # Don't need openid auth if no shared session enabled
 | |
|         if not settings.AUTH_OPENID_SHARE_SESSION:
 | |
|             return
 | |
|         # Don't need check single logout if user not authenticated
 | |
|         if not request.user.is_authenticated:
 | |
|             return
 | |
|         elif not request.session[BACKEND_SESSION_KEY].endswith(
 | |
|                 BACKEND_OPENID_AUTH_CODE):
 | |
|             return
 | |
|         # Check openid user single logout or not with access_token
 | |
|         try:
 | |
|             client = new_client()
 | |
|             client.get_userinfo(token=request.session.get(OIDT_ACCESS_TOKEN))
 | |
|         except Exception as e:
 | |
|             logout(request)
 | |
|             logger.error(e)
 |