Work on end_session_endpoint

juanifioren · juanifioren · commit c9201d776da6 · 2024-12-03T23:46:57.000-03:00
diff --git a/oidc_provider/templates/oidc_provider/end_session_completed.html b/oidc_provider/templates/oidc_provider/end_session_completed.html
@@ -0,0 +1,3 @@
+<h1>End Session Completed</h1>
+
+<p>You've been logged out.</p>
diff --git a/oidc_provider/templates/oidc_provider/end_session_failed.html b/oidc_provider/templates/oidc_provider/end_session_failed.html
@@ -0,0 +1,3 @@
+<h1>End Session Failed</h1>
+
+<p>You can now close this window.</p>
diff --git a/oidc_provider/tests/cases/test_end_session_endpoint.py b/oidc_provider/tests/cases/test_end_session_endpoint.py
@@ -9,18 +9,12 @@
     from django.urls import reverse
 except ImportError:
     from django.core.urlresolvers import reverse
-from django.test import TestCase
 
-from oidc_provider.lib.utils.token import (
-    create_token,
-    create_id_token,
-    encode_id_token,
-)
-from oidc_provider.tests.app.utils import (
-    create_fake_client,
-    create_fake_user,
-)
 import mock
+from django.test import TestCase
+
+from oidc_provider.lib.utils.token import create_id_token, create_token, encode_id_token
+from oidc_provider.tests.app.utils import create_fake_client, create_fake_user
 
 
 class EndSessionTestCase(TestCase):
@@ -126,12 +120,17 @@ def test_prompt_view_redirecting_to_client_post_logout_since_user_unauthenticate
         self.assertEqual(response.status_code, 302)
         self.assertEqual(response.headers["Location"], self.url_logout)
 
-    def test_prompt_view_raising_404_since_user_unauthenticated_and_no_client(self):
+    def test_prompt_view_show_completed_since_user_unauthenticated_and_no_client(self):
         self.client.logout()
         response = self.client.get(self.url_prompt)
         # Since user is unauthenticated and no client information is present, we just show
-        # not found page.
-        self.assertEqual(response.status_code, 404)
+        # a page explaining session is closed already.
+        self.assertContains(
+            response,
+            "You've been logged out.",
+            status_code=200,
+            html=True,
+        )
 
     def test_prompt_view_displaying_logout_decision_form_to_user(self):
         query_params = {
@@ -203,13 +202,18 @@ def test_prompt_view_user_logged_out_after_form_not_allowed(self, after_end_sess
         self.assertFalse(after_end_session_hook.called)
 
     @mock.patch("oidc_provider.views.after_end_session_hook")
-    def test_prompt_view_user_not_logged_out_after_form_not_allowed_no_client(
+    def test_prompt_view_user_still_logged_in_after_form_not_allowed_no_client(
         self, after_end_session_hook
     ):
         self.assertIn("_auth_user_id", self.client.session)
         response = self.client.post(self.url_prompt)  # No data.
         # Ensure user is still logged in and 404 NOT FOUND was raised.
         self.assertIn("_auth_user_id", self.client.session)
-        self.assertEqual(response.status_code, 404)
+        self.assertContains(
+            response,
+            "You can now close this window.",
+            status_code=200,
+            html=True,
+        )
         # End session hook should not be called.
         self.assertFalse(after_end_session_hook.called)
diff --git a/oidc_provider/views.py b/oidc_provider/views.py
@@ -409,7 +409,9 @@ def dispatch(self, request, *args, **kwargs):
                         self.state,
                         self.client,
                     )
-                    raise Http404("You have successfully logged out!")
+                    return render(
+                        request, "oidc_provider/end_session_completed.html", {"client": self.client}
+                    )
 
                 if self.state:
                     uri = urlsplit(self.post_logout_redirect_uri)
@@ -451,7 +453,9 @@ def get(self, request, *args, **kwargs):
             if self.client and self.client.post_logout_redirect_uris:
                 return redirect(self.client.post_logout_redirect_uris[0])
             else:
-                raise Http404("You are already logged out!")
+                return render(
+                    request, "oidc_provider/end_session_completed.html", {"client": self.client}
+                )
 
         return super(EndSessionPromptView, self).get(request, *args, **kwargs)
 
@@ -485,9 +489,12 @@ def post(self, request, *args, **kwargs):
         # Redirect to post logout uri if client is present.
         if next_page:
             return redirect(next_page)
-        raise Http404(
-            "You have successfully logged out!" if allowed else "You can close this window."
-        )
+        elif allowed:
+            return render(
+                request, "oidc_provider/end_session_completed.html", {"client": self.client}
+            )
+        else:
+            return render(request, "oidc_provider/end_session_failed.html", {"client": self.client})
 
 
 class CheckSessionIframeView(View):

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<h1>End Session Completed</h1>`
	`2`	`+`
	`3`	`+<p>You've been logged out.</p>`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<h1>End Session Failed</h1>`
	`2`	`+`
	`3`	`+<p>You can now close this window.</p>`