diff --git a/docs/django.rst b/docs/django.rst --- a/docs/django.rst +++ b/docs/django.rst @@ -91,7 +91,7 @@ - ``oidc-login`` (``/oidc/login/`` URL path): initiate authentication flow -- ``oidc-logout`` (``/oidc/logout/`` URL path): terminate OIDC user session, a ``next_path`` +- ``oidc-logout`` (``/oidc/logout/`` URL path): terminate OIDC user session, a ``next`` query parameter can be used to redirect to a view of choice once a user is logged out Add ``swh.auth.django.views.urlpatterns`` to your Django application URLs to use them. @@ -110,7 +110,7 @@ The following query parameter will be set for that view: -- ``next_path``: requested URL before the detection of the OIDC session expiration +- ``next``: requested URL before the detection of the OIDC session expiration - ``remote_user``: indicates that the user was previously authenticated with OIDC diff --git a/swh/auth/django/backends.py b/swh/auth/django/backends.py --- a/swh/auth/django/backends.py +++ b/swh/auth/django/backends.py @@ -75,7 +75,7 @@ application views * once a user is logged in, add an HTML link targeting the ``"oidc-logout"`` - django view in your application views (a ``next_path`` query parameter + django view in your application views (a ``next`` query parameter can be used to redirect to a view of choice once the user is logged out) """ diff --git a/swh/auth/django/middlewares.py b/swh/auth/django/middlewares.py --- a/swh/auth/django/middlewares.py +++ b/swh/auth/django/middlewares.py @@ -23,7 +23,7 @@ The following query parameter will be set for that view: - * ``next_path``: requested URL before the detection of the session expiration + * ``next``: requested URL before the detection of the session expiration * ``remote_user``: indicates that the user was previously authenticated with OIDC """ @@ -61,8 +61,8 @@ # At that point, we know that a OIDC user was previously logged in # and his session has expired. # Redirect to a view specified in django settings. - next_path = request.get_full_path() + next = request.get_full_path() logout_url = reverse( - self.redirect_view, query_params={"next_path": next_path, "remote_user": 1} + self.redirect_view, query_params={"next": next, "remote_user": 1} ) return HttpResponseRedirect(logout_url) diff --git a/swh/auth/django/views.py b/swh/auth/django/views.py --- a/swh/auth/django/views.py +++ b/swh/auth/django/views.py @@ -39,7 +39,7 @@ "code_verifier": code_verifier, "state": state, "redirect_uri": redirect_uri, - "next_path": request.GET.get("next_path", ""), + "next": request.GET.get("next", ""), } authorization_url_params = { @@ -107,7 +107,7 @@ except Exception as e: return HttpResponseServerError(str(e)) - next_path = login_data["next_path"] or request.build_absolute_uri("/") + next = login_data["next"] or request.build_absolute_uri("/") user = authenticate( request=request, @@ -121,7 +121,7 @@ login(request, user) - return HttpResponseRedirect(next_path) + return HttpResponseRedirect(next) def oidc_logout(request: HttpRequest) -> HttpResponse: @@ -142,7 +142,7 @@ # remove user data from cache cache.delete(oidc_profile_cache_key(oidc_client, user.id)) - return HttpResponseRedirect(request.GET.get("next_path", "/")) + return HttpResponseRedirect(request.GET.get("next", "/")) urlpatterns = [ diff --git a/swh/auth/tests/django/test_middlewares.py b/swh/auth/tests/django/test_middlewares.py --- a/swh/auth/tests/django/test_middlewares.py +++ b/swh/auth/tests/django/test_middlewares.py @@ -65,7 +65,5 @@ # should redirect to logout page response = client.get(url) assert response.status_code == 302 - silent_refresh_url = reverse( - "logout", query_params={"next_path": url, "remote_user": 1} - ) + silent_refresh_url = reverse("logout", query_params={"next": url, "remote_user": 1}) assert response["location"] == silent_refresh_url diff --git a/swh/auth/tests/django/test_views.py b/swh/auth/tests/django/test_views.py --- a/swh/auth/tests/django/test_views.py +++ b/swh/auth/tests/django/test_views.py @@ -118,15 +118,15 @@ keycloak_oidc.authorization_code.assert_called() # user initiates logout - next_path = reverse("root") - oidc_logout_url = reverse("oidc-logout", query_params={"next_path": next_path}) + next = reverse("root") + oidc_logout_url = reverse("oidc-logout", query_params={"next": next}) # should redirect to logout page response = client.get(oidc_logout_url) assert response.status_code == 302 request = response.wsgi_request - assert response["location"] == next_path + assert response["location"] == next # should have been logged out in Keycloak oidc_profile = keycloak_oidc.login() @@ -176,7 +176,7 @@ "code_verifier": "", "state": str(uuid.uuid4()), "redirect_uri": "", - "next_path": "", + "next": "", } session.save() @@ -202,7 +202,7 @@ "code_verifier": "", "state": str(uuid.uuid4()), "redirect_uri": "", - "next_path": "", + "next": "", } session.save() @@ -233,7 +233,7 @@ "code_verifier": "", "state": str(uuid.uuid4()), "redirect_uri": "", - "next_path": "", + "next": "", } session.save()