django-oidc-provider/oidc_provider/middleware.py

try:
    # https://docs.djangoproject.com/en/1.10/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware
    from django.utils.deprecation import MiddlewareMixin
except ImportError:
    MiddlewareMixin = object

from oidc_provider import settings
from oidc_provider.lib.utils.common import get_browser_state_or_default


class SessionManagementMiddleware(MiddlewareMixin):
    """
    Maintain a `op_browser_state` cookie along with the `sessionid` cookie that
    represents the End-User's login state at the OP. If the user is not logged
    in then use the value of settings.OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY.
    """

    def process_response(self, request, response):
        if settings.get('OIDC_SESSION_MANAGEMENT_ENABLE'):
            response.set_cookie('op_browser_state', get_browser_state_or_default(request))
        return response
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			`try:`
			`# https://docs.djangoproject.com/en/1.10/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware`
			`from django.utils.deprecation import MiddlewareMixin`
			`except ImportError:`
			`MiddlewareMixin = object`
Initial Session Management version. 2016-10-28 18:25:52 +00:00
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			`from oidc_provider import settings`
			`from oidc_provider.lib.utils.common import get_browser_state_or_default`
Initial Session Management version. 2016-10-28 18:25:52 +00:00

			`class SessionManagementMiddleware(MiddlewareMixin):`
			`"""`
			Maintain a `op_browser_state` cookie along with the `sessionid` cookie that
			`represents the End-User's login state at the OP. If the user is not logged`
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			`in then use the value of settings.OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY.`
Initial Session Management version. 2016-10-28 18:25:52 +00:00			`"""`

			`def process_response(self, request, response):`
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property 2017-05-05 03:19:57 +00:00			`if settings.get('OIDC_SESSION_MANAGEMENT_ENABLE'):`
			`response.set_cookie('op_browser_state', get_browser_state_or_default(request))`
Initial Session Management version. 2016-10-28 18:25:52 +00:00			`return response`