mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
5ff7339c19
Closes: #2178. - Don't bother with the redirection to the next page using the ?next= URL parameter. Always redirect to the home (index) page. - Show a message that logout was successful. - Ensure that SSO cookie is removed. Tests: - Logout and notice that redirection has been performed to the home page. - "Logged out successfully." message is shown. - When logged as a user with a language set, logging out preserves the language of the user who was just logged out. - Login. Click logout while having browser developer tool open. Notice that Logout request has SSO cookie. The response does not have the cookie set. The next request is to the home page and it does not have SSO cookie in the request. - Login to tt-rss app that needs SSO to work. Logout from FreedomBox interface using another page. Refresh the tt-rss page and notice that user was logged out and redirect to FreedomBox login page. - Logout. Again, manually visit the URL https://10.42.0.203/plinth/accounts/logout/. The page is still required to home page and success is still shown even though the user is already logged out. - Repeat the logout test as non-admin user. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
38 lines
1.4 KiB
Python
38 lines
1.4 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
URLs for the Users module
|
|
"""
|
|
|
|
from axes.decorators import axes_dispatch
|
|
from django.urls import re_path
|
|
from stronghold.decorators import public
|
|
|
|
from plinth.modules.sso.views import CaptchaLoginView, SSOLoginView, logout
|
|
from plinth.utils import non_admin_view
|
|
|
|
from . import views
|
|
|
|
urlpatterns = [
|
|
re_path(r'^sys/users/$', views.UserList.as_view(), name='index'),
|
|
re_path(r'^sys/users/create/$', views.UserCreate.as_view(), name='create'),
|
|
re_path(r'^sys/users/(?P<slug>[\w.@+-]+)/edit/$',
|
|
non_admin_view(views.UserUpdate.as_view()), name='edit'),
|
|
re_path(r'^sys/users/(?P<slug>[\w.@+-]+)/delete/$',
|
|
views.UserDelete.as_view(), name='delete'),
|
|
re_path(r'^sys/users/(?P<slug>[\w.@+-]+)/change_password/$',
|
|
non_admin_view(views.UserChangePassword.as_view()),
|
|
name='change_password'),
|
|
|
|
# Authnz is handled by SSO
|
|
|
|
# XXX: Use axes authentication backend and middleware instead of
|
|
# axes_dispatch after axes 5.x becomes available in Debian stable.
|
|
re_path(r'^accounts/login/$',
|
|
public(axes_dispatch(SSOLoginView.as_view())), name='login'),
|
|
re_path(r'^accounts/logout/$', public(logout), name='logout'),
|
|
re_path(r'^users/firstboot/$', public(views.FirstBootView.as_view()),
|
|
name='firstboot'),
|
|
re_path(r'accounts/login/locked/$', public(CaptchaLoginView.as_view()),
|
|
name='locked_out'),
|
|
]
|