Update SAML2AuthPlugin to logout user on session expiration

dbca-wa · Jul 5, 2024 · f4bbd7a · f4bbd7a
1 parent 9bc8e3f
commit f4bbd7a
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/ckan/patches/ckanext-saml2auth/01_logout_user.patch b/ckan/patches/ckanext-saml2auth/01_logout_user.patch
@@ -0,0 +1,22 @@
+diff --git a/ckanext/saml2auth/plugin.py b/ckanext/saml2auth/plugin.py
+index 53b8454..07a3307 100644
+--- a/ckanext/saml2auth/plugin.py
++++ b/ckanext/saml2auth/plugin.py
+@@ -22,6 +22,7 @@ from saml2.client_base import LogoutError
+ from saml2 import entity
+
+ from flask import session, redirect, make_response
++from flask_login import logout_user
+
+ import ckan.plugins as plugins
+ import ckan.plugins.toolkit as toolkit
+@@ -103,7 +104,8 @@ class Saml2AuthPlugin(plugins.SingletonPlugin):
+             domain = h.get_site_domain_for_cookie()
+             # Clear session cookie in the browser
+             response.set_cookie('ckan', domain=domain, expires=0)
+-
++            # logout user from CKAN
++            logout_user()
+             if not toolkit.check_ckan_version(min_version="2.10"):
+                 # CKAN <= 2.9.x also sets auth_tkt cookie
+                 response.set_cookie('auth_tkt', domain=domain, expires=0)