Refactor logout handling for CKAN version compatibility

salsadigitalauorg · Oct 30, 2024 · d12127e · d12127e
1 parent d731265
commit d12127e
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/ckanext/saml2auth/plugin.py b/ckanext/saml2auth/plugin.py
@@ -22,7 +22,6 @@
 from saml2 import entity
 
 from flask import session, redirect, make_response
-from flask_login import logout_user
 
 import ckan.plugins as plugins
 import ckan.plugins.toolkit as toolkit
@@ -35,6 +34,9 @@
 from ckanext.saml2auth import helpers as h
 from saml2.s_utils import UnsupportedBinding
 
+if toolkit.check_ckan_version(min_version="2.10"):
+    from flask_login import logout_user
+
 log = logging.getLogger(__name__)
 
 
@@ -104,8 +106,12 @@ def logout(self):
             domain = h.get_site_domain_for_cookie()
             # Clear session cookie in the browser
             response.set_cookie('ckan', domain=domain, expires=0)
-            # logout user from CKAN
-            logout_user()
+            if toolkit.check_ckan_version(min_version="2.10"):
+                # logout user from CKAN
+                logout_user()
+                field_name = toolkit.config.get("WTF_CSRF_FIELD_NAME")
+                if session.get(field_name):
+                    session.pop(field_name)
 
             if not toolkit.check_ckan_version(min_version="2.10"):
                 # CKAN <= 2.9.x also sets auth_tkt cookie