Merge pull request OCA#329 from OCA/15.0

Syncing from upstream OCA/server-auth (15.0)
grueneerde · Apr 22, 2023 · 3528941 · 3528941
2 parents b45ea90 + a2011e6
commit 3528941
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 15.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 15.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oidc](auth_oidc/) | 15.0.1.0.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
-[auth_saml](auth_saml/) | 15.0.1.1.1 |  | SAML2 Authentication
+[auth_saml](auth_saml/) | 15.0.1.2.0 |  | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 15.0.1.0.0 |  | This module disable all inactive sessions since a given delay
 [auth_signup_partner_company](auth_signup_partner_company/) | 15.0.1.0.0 |  | Auth Signup Partner Company
 [auth_signup_verify_email](auth_signup_verify_email/) | 15.0.1.0.0 |  | Force uninvited users to use a good email for signup

diff --git a/auth_saml/__manifest__.py b/auth_saml/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "SAML2 Authentication",
-    "version": "15.0.1.1.1",
+    "version": "15.0.1.2.0",
     "category": "Tools",
     "author": "XCG Consulting, Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/server-auth",

diff --git a/auth_saml/controllers/main.py b/auth_saml/controllers/main.py
@@ -15,6 +15,7 @@
 
 from odoo.addons.web.controllers.main import (
     Home,
+    Session as WebSession,
     ensure_db,
     login_and_redirect,
     set_cookie_and_redirect,
@@ -270,3 +271,20 @@ def saml_metadata(self, req, **kw):
                 ),
                 [("Content-Type", "text/xml")],
             )
+
+
+class Session(WebSession):
+    @http.route("/web/session/logout", type="http", auth="none")
+    def logout(self, redirect="/web/login"):
+        # make sure that when a user logs out, he does not get immediately
+        # relogged in if autoredirect is enabled, so that they get an
+        # opportunity to authenticate with a normal password and get access
+        # e.g. to the admin account.
+        if "disable_autoredirect" not in redirect:
+            path, sep, parameters = redirect.partition("?")
+            if parameters:
+                parameters += "&disable_autoredirect="
+            else:
+                parameters = "disable_autoredirect="
+            redirect = path + "?" + parameters
+        return super().logout(redirect=redirect)