Store session mapping and do logout

egroeper · egroeper · commit c019d99acfa7 · 2017-10-13T19:29:37.000+02:00
In Django dashes in headers are replaced by underscores. We have to respect that. Otherwise we will get a KeyError (as I did at first in my test env). See https://stackoverflow.com/a/24355709/1381638
diff --git a/shibboleth/middleware.py b/shibboleth/middleware.py
@@ -4,6 +4,7 @@
 from django.core.exceptions import ImproperlyConfigured
 
 from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, GROUP_ATTRIBUTES
+from shibboleth.models import ShibSession
 
 
 class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
@@ -56,7 +57,10 @@ def process_request(self, request):
             # by logging the user in.
             request.user = user
             auth.login(request, user)
-            
+
+            # store session mapping
+            ShibSession.objects.get_or_create(shib=request.META['Shib_Session_ID'], session_id=request.session.session_key)
+
             # Upgrade user groups if configured in the settings.py
             # If activated, the user will be associated with those groups.
             if GROUP_ATTRIBUTES:
diff --git a/shibboleth/models.py b/shibboleth/models.py
@@ -1 +1,7 @@
-#intentionally left blank
+from django.db import models
+from django.contrib.sessions.models import Session
+
+
+class ShibSession(models.Model):
+    shib = models.CharField(max_length=100, primary_key=True)
+    session = models.ForeignKey(Session, on_delete=models.CASCADE)
diff --git a/shibboleth/views.py b/shibboleth/views.py
@@ -6,6 +6,7 @@
 from django.shortcuts import redirect
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
+from django.contrib.sessions.models import Session
 
 try:
     from django.utils.six.moves.urllib.parse import quote
@@ -14,6 +15,7 @@
 
 #Logout settings.
 from shibboleth.app_settings import LOGOUT_URL, LOGOUT_REDIRECT_URL
+from shibboleth.models import ShibSession
 
 #SLO (back-channel) / spyne stuff
 from spyne.model.primitive import Unicode
@@ -101,6 +103,13 @@ class LogoutNotificationService(Service):
          _out_variable_name='OK',
          )
     def LogoutNotification(ctx, sessionid):
-        #return 'Session: %s' % sessionid
-        #TODO Do logout stuff here - delete user session based on shib session
-        return True
+        # delete user session based on shib session
+        try:
+            session_mapping = ShibSession.objects.get(shib=sessionid)
+        except:
+            # Can't delete session
+            raise
+        else:
+            # Deleting session
+            Session.objects.filter(session_key=session_mapping.session_id).delete()
+            return True
