Add a checkbox to forget the identity provider if we checked "remember the identity provider"

2016-08-01 11:50:15 +02:00 · 2016-08-01 11:50:15 +02:00 · 2a1c90965c
parent 0237364d8e
commit 2a1c90965c
5 changed files with 53 additions and 39 deletions
--- a/cas_server/locale/fr/LC_MESSAGES/django.mo
+++ b/cas_server/locale/fr/LC_MESSAGES/django.mo
--- a/cas_server/locale/fr/LC_MESSAGES/django.po
+++ b/cas_server/locale/fr/LC_MESSAGES/django.po
@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: cas_server\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-07-30 19:19+0200\n"
-"PO-Revision-Date: 2016-07-30 19:20+0200\n"
+"POT-Creation-Date: 2016-08-01 12:01+0200\n"
+"PO-Revision-Date: 2016-08-01 12:01+0200\n"
 "Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
 "Language-Team: django <LL@li.org>\n"
 "Language: fr\n"
@ -23,40 +23,40 @@ msgstr ""
 msgid "Central Authentication Service"
 msgstr "Service Central d'Authentification"

-#: forms.py:77
+#: forms.py:88
 msgid "Identity provider"
 msgstr "fournisseur d'identité"

-#: forms.py:80 forms.py:102 forms.py:208
-msgid "service"
-msgstr "service"
-
-#: forms.py:83
-msgid "Remember the identity provider"
-msgstr "Se souvenir du fournisseur d'identité"
-
-#: forms.py:86 forms.py:110
+#: forms.py:92 forms.py:111
 msgid "Warn me before logging me into other sites."
 msgstr "Prévenez-moi avant d'accéder à d'autres services."

-#: forms.py:100 models.py:600
+#: forms.py:96
+msgid "Remember the identity provider"
+msgstr "Se souvenir du fournisseur d'identité"
+
+#: forms.py:106 models.py:600
 msgid "username"
 msgstr "nom d'utilisateur"

-#: forms.py:104
+#: forms.py:108
 msgid "password"
 msgstr "mot de passe"

-#: forms.py:134
+#: forms.py:130
 msgid "The credentials you provided cannot be determined to be authentic."
 msgstr "Les informations transmises n'ont pas permis de vous authentifier."

-#: forms.py:194
+#: forms.py:182
 msgid "User not found in the temporary database, please try to reconnect"
 msgstr ""
 "Utilisateur non trouvé dans la base de donnée temporaire, essayez de vous "
 "reconnecter"

+#: forms.py:196
+msgid "service"
+msgstr "service"
+
 #: management/commands/cas_clean_federate.py:20
 msgid "Clean old federated users"
 msgstr "Nettoyer les anciens utilisateurs fédéré"
@ -300,7 +300,11 @@ msgstr ""
 msgid "Log me out from all my sessions"
 msgstr "Me déconnecter de toutes mes sessions"

-#: templates/cas_server/logged.html:11
+#: templates/cas_server/logged.html:14
+msgid "Forget the identity provider"
+msgstr "Oublier le fournisseur d'identité"
+
+#: templates/cas_server/logged.html:18
 msgid "Logout"
 msgstr "Se déconnecter"

@ -316,7 +320,7 @@ msgstr "Connexion"
 msgid "Connect to the service"
 msgstr "Se connecter au service"

-#: views.py:165
+#: views.py:168
 msgid ""
 "<h3>Logout successful</h3>You have successfully logged out from the Central "
 "Authentication Service. For security reasons, exit your web browser."
@ -325,7 +329,7 @@ msgstr ""
 "d'Authentification. Pour des raisons de sécurité, veuillez fermer votre "
 "navigateur."

-#: views.py:171
+#: views.py:174
 #, python-format
 msgid ""
 "<h3>Logout successful</h3>You have successfully logged out from %s sessions "
@ -336,7 +340,7 @@ msgstr ""
 "Service Central d'Authentification. Pour des raisons de sécurité, veuillez "
 "fermer votre navigateur."

-#: views.py:178
+#: views.py:181
 msgid ""
 "<h3>Logout successful</h3>You were already logged out from the Central "
 "Authentication Service. For security reasons, exit your web browser."
@ -345,7 +349,7 @@ msgstr ""
 "d'Authentification. Pour des raisons de sécurité, veuillez fermer votre "
 "navigateur."

-#: views.py:351
+#: views.py:361
 #, python-format
 msgid ""
 "Invalid response from your identity provider CAS upon ticket %(ticket)s "
@ -354,46 +358,46 @@ msgstr ""
 "Réponse invalide du CAS du fournisseur d'identité lors de la validation du "
 "ticket %(ticket)s: %(error)r"

-#: views.py:472
+#: views.py:483
 msgid "Invalid login ticket, please retry to login"
 msgstr "Ticket de connexion invalide, merci de réessayé de vous connecter"

-#: views.py:652
+#: views.py:675
 #, python-format
 msgid "Authentication has been required by service %(name)s (%(url)s)"
 msgstr ""
 "Une demande d'authentification a été émise pour le service %(name)s "
 "(%(url)s)."

-#: views.py:690
+#: views.py:713
 #, python-format
 msgid "Service %(url)s non allowed."
 msgstr "le service %(url)s n'est pas autorisé."

-#: views.py:697
+#: views.py:720
 msgid "Username non allowed"
 msgstr "Nom d'utilisateur non authorisé"

-#: views.py:704
+#: views.py:727
 msgid "User characteristics non allowed"
 msgstr "Caractéristique utilisateur non autorisée"

-#: views.py:711
+#: views.py:734
 #, python-format
 msgid "The attribute %(field)s is needed to use that service"
 msgstr "L'attribut %(field)s est nécessaire pour se connecter à ce service"

-#: views.py:801
+#: views.py:824
 #, python-format
 msgid "Authentication renewal required by service %(name)s (%(url)s)."
 msgstr "Demande de réauthentification pour le service %(name)s (%(url)s)."

-#: views.py:808
+#: views.py:831
 #, python-format
 msgid "Authentication required by service %(name)s (%(url)s)."
 msgstr "Authentification requise par le service %(name)s (%(url)s)."

-#: views.py:815
+#: views.py:838
 #, python-format
 msgid "Service %s non allowed"
 msgstr "Le service %s n'est pas autorisé"
--- a/cas_server/templates/cas_server/logged.html
+++ b/cas_server/templates/cas_server/logged.html
@ -8,6 +8,13 @@
      <input type="checkbox" name="all" value="1">{% trans "Log me out from all my sessions" %}
    </label>
  </div>
+  {% if settings.CAS_FEDERATE and request.COOKIES.remember_provider %}
+  <div class="checkbox">
+    <label>
+      <input type="checkbox" name="forget_provider" value="1">{% trans "Forget the identity provider" %}
+    </label>
+  </div>
+  {% endif %}
  <button class="btn btn-danger btn-block btn-lg" type="submit">{% trans "Logout" %}</button>
 </form>
 {% endblock %}
--- a/cas_server/tests/test_federate.py
+++ b/cas_server/tests/test_federate.py
@ -128,8 +128,8 @@ class FederateAuthLoginLogoutTestCase(
                {'ticket': ticket, 'remember': 'on' if remember else ''}
            )
            if remember:
-                self.assertIn("_remember_provider", client.cookies)
-                self.assertEqual(client.cookies["_remember_provider"].value, provider.suffix)
+                self.assertIn("remember_provider", client.cookies)
+                self.assertEqual(client.cookies["remember_provider"].value, provider.suffix)
            self.assertEqual(response.status_code, 302)
            self.assertEqual(response["Location"], "%s/login" % (
                'http://testserver' if django.VERSION < (1, 9) else ""
--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -147,9 +147,12 @@ class LogoutView(View, LogoutMixin):
        # current querystring
        if settings.CAS_FEDERATE:
            if auth is not None:
-                params = utils.copy_params(request.GET)
+                params = utils.copy_params(request.GET, ignore={"forget_provider"})
                url = auth.get_logout_url()
-                return HttpResponseRedirect(utils.update_url(url, params))
+                response = HttpResponseRedirect(utils.update_url(url, params))
+                if request.GET.get("forget_provider"):
+                    response.delete_cookie("remember_provider")
+                return response
        # if service is set, redirect to service after logout
        if self.service:
            list(messages.get_messages(request))  # clean messages before leaving the django app
@ -331,7 +334,7 @@ class FederateAuth(View):
                            max_age = settings.CAS_FEDERATE_REMEMBER_TIMEOUT
                            utils.set_cookie(
                                response,
-                                "_remember_provider",
+                                "remember_provider",
                                provider.suffix,
                                max_age
                            )
@ -360,7 +363,7 @@ class FederateAuth(View):
                        ) % {'ticket': ticket, 'error': error}
                    )
                    response = redirect("cas_server:login")
-                    response.delete_cookie("_remember_provider")
+                    response.delete_cookie("remember_provider")
                    return response
        except FederatedIendityProvider.DoesNotExist:
            logger.warning("Identity provider suffix %s not found" % provider)
@ -855,16 +858,16 @@ class LoginView(View, LogoutMixin):
                    )
                else:
                    if (
-                        self.request.COOKIES.get('_remember_provider') and
+                        self.request.COOKIES.get('remember_provider') and
                        FederatedIendityProvider.objects.filter(
-                            suffix=self.request.COOKIES['_remember_provider']
+                            suffix=self.request.COOKIES['remember_provider']
                        )
                    ):
                        params = utils.copy_params(self.request.GET)
                        url = utils.reverse_params(
                            "cas_server:federateAuth",
                            params=params,
-                            kwargs=dict(provider=self.request.COOKIES['_remember_provider'])
+                            kwargs=dict(provider=self.request.COOKIES['remember_provider'])
                        )
                        return HttpResponseRedirect(url)
                    else: