import 15.2.9

[ceph.git] / ceph / src / pybind / mgr / dashboard / controllers / saml2.py

diff --git a/ceph/src/pybind/mgr/dashboard/controllers/saml2.py b/ceph/src/pybind/mgr/dashboard/controllers/saml2.py
index 4bafc6933ac99e919ed3a5c0c0ddeddcc6181273..810455e36abc708d957d67cc1b955e06d44a3702 100644 (file)
--- a/ceph/src/pybind/mgr/dashboard/controllers/saml2.py
+++ b/ceph/src/pybind/mgr/dashboard/controllers/saml2.py
@@ -16,7 +16,7 @@ from .. import mgr
 from ..exceptions import UserDoesNotExist
 from ..services.auth import JwtManager
 from ..tools import prepare_url_prefix
-from . import Controller, Endpoint, BaseController
+from . import BaseController, Controller, Endpoint, allow_empty_body, set_cookies
 
 
 @Controller('/auth/saml2', secure=False)
@@ -43,6 +43,7 @@ class Saml2(BaseController):
             raise cherrypy.HTTPError(400, 'Single Sign-On is not configured.')
 
     @Endpoint('POST', path="")
+    @allow_empty_body
     def auth_response(self, **kwargs):
         Saml2._check_python_saml()
         req = Saml2._build_req(self._request, kwargs)
@@ -70,6 +71,7 @@ class Saml2(BaseController):
             token = JwtManager.gen_token(username)
             JwtManager.set_user(JwtManager.decode_token(token))
             token = token.decode('utf-8')
+            set_cookies(url_prefix, token)
             raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token))
 
         return {
@@ -103,5 +105,6 @@ class Saml2(BaseController):
         # pylint: disable=unused-argument
         Saml2._check_python_saml()
         JwtManager.reset_user()
+        cherrypy.response.cookie['token'] = {'expires': 0, 'max-age': 0}
         url_prefix = prepare_url_prefix(mgr.get_module_option('url_prefix', default=''))
         raise cherrypy.HTTPRedirect("{}/#/login".format(url_prefix))