authentik.enterprise.providers.ws_federation.processors.sign_out

View Source

 1from dataclasses import dataclass
 2
 3from django.http import HttpRequest
 4from django.shortcuts import get_object_or_404
 5
 6from authentik.core.models import Application
 7from authentik.enterprise.providers.ws_federation.models import WSFederationProvider
 8from authentik.enterprise.providers.ws_federation.processors.constants import WS_FED_ACTION_SIGN_OUT
 9
10
11@dataclass()
12class SignOutRequest:
13    wa: str
14    wtrealm: str
15    wreply: str
16
17    @staticmethod
18    def parse(request: HttpRequest) -> SignOutRequest:
19        action = request.GET.get("wa")
20        if action != WS_FED_ACTION_SIGN_OUT:
21            raise ValueError("Invalid action")
22        realm = request.GET.get("wtrealm")
23        if not realm:
24            raise ValueError("Missing Realm")
25
26        req = SignOutRequest(
27            wa=action,
28            wtrealm=realm,
29            wreply=request.GET.get("wreply"),
30        )
31
32        _, provider = req.get_app_provider()
33        if not req.wreply:
34            req.wreply = provider.acs_url
35        if not req.wreply.startswith(provider.acs_url):
36            raise ValueError("Invalid wreply")
37        return req
38
39    def get_app_provider(self):
40        provider: WSFederationProvider = get_object_or_404(
41            WSFederationProvider, audience=self.wtrealm
42        )
43        application = get_object_or_404(Application, provider=provider)
44        return application, provider

@dataclass()

class SignOutRequest: View Source

12@dataclass()
13class SignOutRequest:
14    wa: str
15    wtrealm: str
16    wreply: str
17
18    @staticmethod
19    def parse(request: HttpRequest) -> SignOutRequest:
20        action = request.GET.get("wa")
21        if action != WS_FED_ACTION_SIGN_OUT:
22            raise ValueError("Invalid action")
23        realm = request.GET.get("wtrealm")
24        if not realm:
25            raise ValueError("Missing Realm")
26
27        req = SignOutRequest(
28            wa=action,
29            wtrealm=realm,
30            wreply=request.GET.get("wreply"),
31        )
32
33        _, provider = req.get_app_provider()
34        if not req.wreply:
35            req.wreply = provider.acs_url
36        if not req.wreply.startswith(provider.acs_url):
37            raise ValueError("Invalid wreply")
38        return req
39
40    def get_app_provider(self):
41        provider: WSFederationProvider = get_object_or_404(
42            WSFederationProvider, audience=self.wtrealm
43        )
44        application = get_object_or_404(Application, provider=provider)
45        return application, provider

SignOutRequest(wa: str, wtrealm: str, wreply: str)

wa: str

wtrealm: str

wreply: str

@staticmethod

def parse( request: django.http.request.HttpRequest) -> SignOutRequest: View Source

18    @staticmethod
19    def parse(request: HttpRequest) -> SignOutRequest:
20        action = request.GET.get("wa")
21        if action != WS_FED_ACTION_SIGN_OUT:
22            raise ValueError("Invalid action")
23        realm = request.GET.get("wtrealm")
24        if not realm:
25            raise ValueError("Missing Realm")
26
27        req = SignOutRequest(
28            wa=action,
29            wtrealm=realm,
30            wreply=request.GET.get("wreply"),
31        )
32
33        _, provider = req.get_app_provider()
34        if not req.wreply:
35            req.wreply = provider.acs_url
36        if not req.wreply.startswith(provider.acs_url):
37            raise ValueError("Invalid wreply")
38        return req

def get_app_provider(self): View Source

40    def get_app_provider(self):
41        provider: WSFederationProvider = get_object_or_404(
42            WSFederationProvider, audience=self.wtrealm
43        )
44        application = get_object_or_404(Application, provider=provider)
45        return application, provider