update admin logout for mod_shib

Author: TomiBelan

eprihlaska/templates/admin_impersonate_list.html

@@ -12,7 +12,7 @@ <h1 class="section-title">
   <div class="container">
     <div class="row">
       <div class="col-lg-12 text-right">
-        <a href="https://login.uniba.sk/logout.cgi"><strong>Odhlásiť sa</strong></a>
+        <a href="{{ url_for('logout') }}"><strong>Odhlásiť sa</strong></a>
       </div>
     </div>
 

eprihlaska/templates/admin_list.html

@@ -106,7 +106,7 @@ <h1 class="section-title">
   <div class="container">
     <div class="row">
       <div class="col-lg-12 text-right">
-        <a href="https://login.uniba.sk/logout.cgi"><strong>Odhlásiť sa</strong></a>
+        <a href="{{ url_for('logout') }}"><strong>Odhlásiť sa</strong></a>
       </div>
     </div>
     <div class="row">

eprihlaska/templates/admin_tokens_list.html

@@ -12,7 +12,7 @@ <h1 class="section-title">
   <div class="container">
     <div class="row">
       <div class="col-lg-12 text-right">
-        <a href="https://login.uniba.sk/logout.cgi"><strong>Odhlásiť sa</strong></a>
+        <a href="{{ url_for('logout') }}"><strong>Odhlásiť sa</strong></a>
       </div>
     </div>
 

eprihlaska/views.py

@@ -712,12 +712,14 @@ def signup():
 @app.route('/logout', methods=['GET'])
 @login_required
 def logout():
-    # Clear out the session
-    keys = list(session.keys()).copy()
-    for k in keys:
-        session.pop(k)
-
     logout_user()
+    session.clear()
+
+    if request.environ.get('REMOTE_USER'):
+        # Admin logout: clear our session, mod_shib session, and IdP session.
+        # (return parameter doesn't matter, Shibboleth IdP ignores it.)
+        return redirect('/Shibboleth.sso/Logout?return=/')
+
     return redirect(url_for('index'))