From 4c2344bef378a8e271faeecc9abc7537603ef893 Mon Sep 17 00:00:00 2001
From: FrankApiyo <franklineapiyo@gmail.com>
Date: Tue, 21 Jan 2025 16:47:48 +0300
Subject: [PATCH] Use login URL response to clear site data

---
 oidc/viewsets.py       |  5 ++++-
 tests/test_viewsets.py | 11 ++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/oidc/viewsets.py b/oidc/viewsets.py
index 897c4d5..cc954a6 100644
--- a/oidc/viewsets.py
+++ b/oidc/viewsets.py
@@ -114,7 +114,10 @@ def _get_client(self, auth_server: str) -> Optional[OpenIDClient]:
     def login(self, request: HttpRequest, **kwargs: dict) -> HttpResponse:
         client = self._get_client(auth_server=kwargs.get("auth_server"))
         if client:
-            return client.login(redirect_after=request.query_params.get("next"))
+            response = client.login(redirect_after=request.query_params.get("next"))
+            # Add Clear-Site-Data headers
+            response["Clear-Site-Data"] = '"cache", "cookies"'
+            return response
         return HttpResponseBadRequest(
             _("Unable to process OpenID connect login request."),
         )
diff --git a/tests/test_viewsets.py b/tests/test_viewsets.py
index 4b60343..d2cdd68 100644
--- a/tests/test_viewsets.py
+++ b/tests/test_viewsets.py
@@ -11,7 +11,7 @@
 from mock import MagicMock, patch
 from rest_framework.test import APIRequestFactory
 
-from oidc.viewsets import UserModelOpenIDConnectViewset
+from oidc.viewsets import UserModelOpenIDConnectViewset, BaseOpenIDConnectViewset
 
 User = get_user_model()
 
@@ -592,6 +592,15 @@ def test_auth_code_flow(self, mock_retrieve_auth_code):
         self.assertEqual(response.status_code, 302)
         self.assertEqual(response.url, "http://localhost:3000")
 
+    @override_settings(OPENID_CONNECT_AUTH_SERVERS=OPENID_CONNECT_AUTH_SERVERS)
+    @override_settings(OPENID_CONNECT_VIEWSET_CONFIG=OPENID_CONNECT_VIEWSET_CONFIG)
+    def test_base_open_id_connect_viewset(self):
+        viewset_class = BaseOpenIDConnectViewset
+        view = viewset_class.as_view({"get": "login"})
+        request = self.factory.get("/")
+        response = view(request, auth_server="default")
+        self.assertEqual(response.headers["Clear-Site-Data"], '"cache", "cookies"')
+
     @patch(
         "oidc.viewsets.OpenIDClient.verify_and_decode_id_token",
         MagicMock(