From ed4bf1527335b636b0780c62cd09491f1266e737 Mon Sep 17 00:00:00 2001 From: Dominik Frantisek Bucik <bucik@ics.muni.cz> Date: Mon, 22 Apr 2024 09:21:13 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20enable=20skip=20logout?= =?UTF-8?q?=20confirm=20by=20passing=20prompt=3D'none'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../connect/web/endpoint/EndSessionEndpoint.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java index 399306123..cb67982a4 100644 --- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java +++ b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java @@ -46,6 +46,7 @@ import java.text.ParseException; import java.util.Map; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI; +import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET; @@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG public class EndSessionEndpoint { public static final String URL = "endsession"; - private static final String CLIENT_KEY = "client"; private static final String STATE_KEY = "state"; private static final String REDIRECT_URI_KEY = "redirectUri"; - + private static final String PREFIX_REDIRECT = "redirect:"; private final SelfAssertionValidator validator; private final PerunOidcConfig perunOidcConfig; private final ClientDetailsEntityService clientService; @@ -94,6 +94,7 @@ public class EndSessionEndpoint { public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint, @RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri, @RequestParam(value = STATE_KEY, required = false) String state, + @RequestParam(value = PARAM_PROMPT, required = false) String prompt, HttpServletRequest request, HttpSession session, Authentication auth, Map<String, Object> model) @@ -139,6 +140,9 @@ public class EndSessionEndpoint { // we're not logged in anyway, process the final redirect bits if needed return processLogout(null, null, session); } else { + if ("none".equals(prompt)) { + return processLogout("approve", "", session); + } log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown"); // we are logged in, need to prompt the user before we log out model.put("client", client); @@ -164,7 +168,7 @@ public class EndSessionEndpoint { if (isUriValid(redirectUri, client)) { UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri); if (StringUtils.hasText(state)) { - uri = uri.queryParam("state", state); + uri = uri.queryParam(PARAM_STATE, state); } UriComponents uriComponents = uri.build(); log.trace("redirect URL: {}", uriComponents); @@ -176,15 +180,15 @@ public class EndSessionEndpoint { if (StringUtils.hasText(approved)) { target = getLogoutUrl(target); log.trace("redirecting to logout SAML and then {}", target); - return "redirect:" + target; + return PREFIX_REDIRECT + target; } else { log.trace("redirecting to {}", target); - return "redirect:" + redirectURL; + return PREFIX_REDIRECT + redirectURL; } } else { if (StringUtils.hasText(approved)) { log.trace("redirecting to logout SAML only"); - return "redirect:" + getLogoutUrl(null); + return PREFIX_REDIRECT + getLogoutUrl(null); } else { return "logout_denied"; } -- GitLab