Support authnrequest_id logoutrequest_id on demos

pitbulk · pitbulk · commit ec21c28b9997 · 2019-06-27T16:34:34.000+02:00
diff --git a/demo-django/demo/views.py b/demo-django/demo/views.py
@@ -41,6 +41,10 @@ def index(request):
 
     if 'sso' in req['get_data']:
         return HttpResponseRedirect(auth.login())
+        # If AuthNRequest ID need to be stored in order to later validate it, do instead
+        # sso_built_url = auth.login()
+        # request.session['AuthNRequestID'] = auth.get_last_request_id()
+        # return HttpResponseRedirect(sso_built_url)
     elif 'sso2' in req['get_data']:
         return_to = OneLogin_Saml2_Utils.get_self_url(req) + reverse('attrs')
         return HttpResponseRedirect(auth.login(return_to))
@@ -58,12 +62,22 @@ def index(request):
             name_id_spnq = request.session['samlNameIdSPNameQualifier']
 
         return HttpResponseRedirect(auth.logout(name_id=name_id, session_index=session_index, nq=name_id_nq, name_id_format=name_id_format, spnq=name_id_spnq))
+        # If LogoutRequest ID need to be stored in order to later validate it, do instead
+        # slo_built_url = auth.logout(name_id=name_id, session_index=session_index)
+        # request.session['LogoutRequestID'] = auth.get_last_request_id()
+        #return HttpResponseRedirect(slo_built_url)
     elif 'acs' in req['get_data']:
-        auth.process_response()
+        request_id = None
+        if 'AuthNRequestID' in request.session:
+            request_id = request.session['AuthNRequestID']
+
+        auth.process_response(request_id=request_id)
         errors = auth.get_errors()
         not_auth_warn = not auth.is_authenticated()
 
         if not errors:
+            if 'AuthNRequestID' in request.session:
+                del request.session['AuthNRequestID']
             request.session['samlUserdata'] = auth.get_attributes()
             request.session['samlNameId'] = auth.get_nameid()
             request.session['samlNameIdFormat'] = auth.get_nameid_format()
@@ -76,8 +90,11 @@ def index(request):
             if auth.get_settings().is_debug_active():
                 error_reason = auth.get_last_error_reason()
     elif 'sls' in req['get_data']:
+        request_id = None
+        if 'LogoutRequestID' in request.session:
+            request_id = request.session['LogoutRequestID']
         dscb = lambda: request.session.flush()
-        url = auth.process_slo(delete_session_cb=dscb)
+        url = auth.process_slo(request_id=request_id, delete_session_cb=dscb)
         errors = auth.get_errors()
         if len(errors) == 0:
             if url is not None:
diff --git a/demo-flask/index.py b/demo-flask/index.py
@@ -46,6 +46,10 @@ def index():
 
     if 'sso' in request.args:
         return redirect(auth.login())
+        # If AuthNRequest ID need to be stored in order to later validate it, do instead
+        # sso_built_url = auth.login()
+        # request.session['AuthNRequestID'] = auth.get_last_request_id()
+        # return redirect(sso_built_url)
     elif 'sso2' in request.args:
         return_to = '%sattrs/' % request.host_url
         return redirect(auth.login(return_to))
@@ -64,10 +68,16 @@ def index():
 
         return redirect(auth.logout(name_id=name_id, session_index=session_index, nq=name_id_nq, name_id_format=name_id_format, spnq=name_id_spnq))
     elif 'acs' in request.args:
-        auth.process_response()
+        request_id = None
+        if 'AuthNRequestID' in session:
+            request_id = session['AuthNRequestID']
+
+        auth.process_response(request_id=request_id)
         errors = auth.get_errors()
         not_auth_warn = not auth.is_authenticated()
         if len(errors) == 0:
+            if 'AuthNRequestID' in session:
+                del session['AuthNRequestID']
             session['samlNameId'] = auth.get_nameid()
             session['samlNameIdFormat'] = auth.get_nameid_format()
             session['samlNameIdNameQualifier'] = auth.get_nameid_nq()
@@ -77,8 +87,11 @@ def index():
             if 'RelayState' in request.form and self_url != request.form['RelayState']:
                 return redirect(auth.redirect_to(request.form['RelayState']))
     elif 'sls' in request.args:
+        request_id = None
+        if 'LogoutRequestID' in session:
+            request_id = session['LogoutRequestID']
         dscb = lambda: session.clear()
-        url = auth.process_slo(delete_session_cb=dscb)
+        url = auth.process_slo(request_id=request_id, delete_session_cb=dscb)
         errors = auth.get_errors()
         if len(errors) == 0:
             if url is not None:
