Skip to content
Snippets Groups Projects
Verified Commit ed4bf152 authored by Dominik Frantisek Bucik's avatar Dominik Frantisek Bucik
Browse files

feat: :guitar: enable skip logout confirm by passing prompt='none'

parent 54d5e669
No related branches found
No related tags found
1 merge request!393feat: 🎸 enable skip logout confirm by passing prompt='none'
Pipeline #431460 passed
...@@ -46,6 +46,7 @@ import java.text.ParseException; ...@@ -46,6 +46,7 @@ import java.text.ParseException;
import java.util.Map; import java.util.Map;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE;
import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET; import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET;
...@@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG ...@@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG
public class EndSessionEndpoint { public class EndSessionEndpoint {
public static final String URL = "endsession"; public static final String URL = "endsession";
private static final String CLIENT_KEY = "client"; private static final String CLIENT_KEY = "client";
private static final String STATE_KEY = "state"; private static final String STATE_KEY = "state";
private static final String REDIRECT_URI_KEY = "redirectUri"; private static final String REDIRECT_URI_KEY = "redirectUri";
private static final String PREFIX_REDIRECT = "redirect:";
private final SelfAssertionValidator validator; private final SelfAssertionValidator validator;
private final PerunOidcConfig perunOidcConfig; private final PerunOidcConfig perunOidcConfig;
private final ClientDetailsEntityService clientService; private final ClientDetailsEntityService clientService;
...@@ -94,6 +94,7 @@ public class EndSessionEndpoint { ...@@ -94,6 +94,7 @@ public class EndSessionEndpoint {
public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint, public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint,
@RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri, @RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri,
@RequestParam(value = STATE_KEY, required = false) String state, @RequestParam(value = STATE_KEY, required = false) String state,
@RequestParam(value = PARAM_PROMPT, required = false) String prompt,
HttpServletRequest request, HttpServletRequest request,
HttpSession session, HttpSession session,
Authentication auth, Map<String, Object> model) Authentication auth, Map<String, Object> model)
...@@ -139,6 +140,9 @@ public class EndSessionEndpoint { ...@@ -139,6 +140,9 @@ public class EndSessionEndpoint {
// we're not logged in anyway, process the final redirect bits if needed // we're not logged in anyway, process the final redirect bits if needed
return processLogout(null, null, session); return processLogout(null, null, session);
} else { } else {
if ("none".equals(prompt)) {
return processLogout("approve", "", session);
}
log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown"); log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown");
// we are logged in, need to prompt the user before we log out // we are logged in, need to prompt the user before we log out
model.put("client", client); model.put("client", client);
...@@ -164,7 +168,7 @@ public class EndSessionEndpoint { ...@@ -164,7 +168,7 @@ public class EndSessionEndpoint {
if (isUriValid(redirectUri, client)) { if (isUriValid(redirectUri, client)) {
UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri); UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri);
if (StringUtils.hasText(state)) { if (StringUtils.hasText(state)) {
uri = uri.queryParam("state", state); uri = uri.queryParam(PARAM_STATE, state);
} }
UriComponents uriComponents = uri.build(); UriComponents uriComponents = uri.build();
log.trace("redirect URL: {}", uriComponents); log.trace("redirect URL: {}", uriComponents);
...@@ -176,15 +180,15 @@ public class EndSessionEndpoint { ...@@ -176,15 +180,15 @@ public class EndSessionEndpoint {
if (StringUtils.hasText(approved)) { if (StringUtils.hasText(approved)) {
target = getLogoutUrl(target); target = getLogoutUrl(target);
log.trace("redirecting to logout SAML and then {}", target); log.trace("redirecting to logout SAML and then {}", target);
return "redirect:" + target; return PREFIX_REDIRECT + target;
} else { } else {
log.trace("redirecting to {}", target); log.trace("redirecting to {}", target);
return "redirect:" + redirectURL; return PREFIX_REDIRECT + redirectURL;
} }
} else { } else {
if (StringUtils.hasText(approved)) { if (StringUtils.hasText(approved)) {
log.trace("redirecting to logout SAML only"); log.trace("redirecting to logout SAML only");
return "redirect:" + getLogoutUrl(null); return PREFIX_REDIRECT + getLogoutUrl(null);
} else { } else {
return "logout_denied"; return "logout_denied";
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment