From ed4bf1527335b636b0780c62cd09491f1266e737 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Mon, 22 Apr 2024 09:21:13 +0200
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20enable=20skip=20logout?=
=?UTF-8?q?=20confirm=20by=20passing=20prompt=3D'none'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../connect/web/endpoint/EndSessionEndpoint.java | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
index 399306123..cb67982a4 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
@@ -46,6 +46,7 @@ import java.text.ParseException;
import java.util.Map;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI;
+import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET;
@@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG
public class EndSessionEndpoint {
public static final String URL = "endsession";
-
private static final String CLIENT_KEY = "client";
private static final String STATE_KEY = "state";
private static final String REDIRECT_URI_KEY = "redirectUri";
-
+ private static final String PREFIX_REDIRECT = "redirect:";
private final SelfAssertionValidator validator;
private final PerunOidcConfig perunOidcConfig;
private final ClientDetailsEntityService clientService;
@@ -94,6 +94,7 @@ public class EndSessionEndpoint {
public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint,
@RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri,
@RequestParam(value = STATE_KEY, required = false) String state,
+ @RequestParam(value = PARAM_PROMPT, required = false) String prompt,
HttpServletRequest request,
HttpSession session,
Authentication auth, Map<String, Object> model)
@@ -139,6 +140,9 @@ public class EndSessionEndpoint {
// we're not logged in anyway, process the final redirect bits if needed
return processLogout(null, null, session);
} else {
+ if ("none".equals(prompt)) {
+ return processLogout("approve", "", session);
+ }
log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown");
// we are logged in, need to prompt the user before we log out
model.put("client", client);
@@ -164,7 +168,7 @@ public class EndSessionEndpoint {
if (isUriValid(redirectUri, client)) {
UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri);
if (StringUtils.hasText(state)) {
- uri = uri.queryParam("state", state);
+ uri = uri.queryParam(PARAM_STATE, state);
}
UriComponents uriComponents = uri.build();
log.trace("redirect URL: {}", uriComponents);
@@ -176,15 +180,15 @@ public class EndSessionEndpoint {
if (StringUtils.hasText(approved)) {
target = getLogoutUrl(target);
log.trace("redirecting to logout SAML and then {}", target);
- return "redirect:" + target;
+ return PREFIX_REDIRECT + target;
} else {
log.trace("redirecting to {}", target);
- return "redirect:" + redirectURL;
+ return PREFIX_REDIRECT + redirectURL;
}
} else {
if (StringUtils.hasText(approved)) {
log.trace("redirecting to logout SAML only");
- return "redirect:" + getLogoutUrl(null);
+ return PREFIX_REDIRECT + getLogoutUrl(null);
} else {
return "logout_denied";
}
--
GitLab