From ed4bf1527335b636b0780c62cd09491f1266e737 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Mon, 22 Apr 2024 09:21:13 +0200
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20enable=20skip=20logout?=
 =?UTF-8?q?=20confirm=20by=20passing=20prompt=3D'none'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../connect/web/endpoint/EndSessionEndpoint.java | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
index 399306123..cb67982a4 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java
@@ -46,6 +46,7 @@ import java.text.ParseException;
 import java.util.Map;
 
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI;
+import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT;
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE;
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET;
 
@@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG
 public class EndSessionEndpoint {
 
 	public static final String URL = "endsession";
-
 	private static final String CLIENT_KEY = "client";
 	private static final String STATE_KEY = "state";
 	private static final String REDIRECT_URI_KEY = "redirectUri";
-
+	private static final String PREFIX_REDIRECT = "redirect:";
 	private final SelfAssertionValidator validator;
 	private final PerunOidcConfig perunOidcConfig;
 	private final ClientDetailsEntityService clientService;
@@ -94,6 +94,7 @@ public class EndSessionEndpoint {
 	public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint,
 							 @RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri,
 							 @RequestParam(value = STATE_KEY, required = false) String state,
+							 @RequestParam(value = PARAM_PROMPT, required = false) String prompt,
 							 HttpServletRequest request,
 							 HttpSession session,
 							 Authentication auth, Map<String, Object> model)
@@ -139,6 +140,9 @@ public class EndSessionEndpoint {
 			// we're not logged in anyway, process the final redirect bits if needed
 			return processLogout(null, null, session);
 		} else {
+			if ("none".equals(prompt)) {
+				return processLogout("approve", "", session);
+			}
 			log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown");
 			// we are logged in, need to prompt the user before we log out
 			model.put("client", client);
@@ -164,7 +168,7 @@ public class EndSessionEndpoint {
 		if (isUriValid(redirectUri, client)) {
 			UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri);
 			if (StringUtils.hasText(state)) {
-				uri = uri.queryParam("state", state);
+				uri = uri.queryParam(PARAM_STATE, state);
 			}
 			UriComponents uriComponents = uri.build();
 			log.trace("redirect URL: {}", uriComponents);
@@ -176,15 +180,15 @@ public class EndSessionEndpoint {
 			if (StringUtils.hasText(approved)) {
 				target = getLogoutUrl(target);
 				log.trace("redirecting to logout SAML and then {}", target);
-				return "redirect:" + target;
+				return PREFIX_REDIRECT + target;
 			} else {
 				log.trace("redirecting to {}", target);
-				return "redirect:" + redirectURL;
+				return PREFIX_REDIRECT + redirectURL;
 			}
 		} else {
 			if (StringUtils.hasText(approved)) {
 				log.trace("redirecting to logout SAML only");
-				return "redirect:" + getLogoutUrl(null);
+				return PREFIX_REDIRECT + getLogoutUrl(null);
 			} else {
 				return "logout_denied";
 			}
-- 
GitLab