feat: enable skip logout confirm by passing prompt='none'

perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/EndSessionEndpoint.java

@@ -46,6 +46,7 @@ import java.text.ParseException;
 import java.util.Map;
 
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_POST_LOGOUT_REDIRECT_URI;
+import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_PROMPT;
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_STATE;
 import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARGET;
 
@@ -68,11 +69,10 @@ import static cz.muni.ics.oidc.server.filters.AuthProcFilterConstants.PARAM_TARG
 public class EndSessionEndpoint {
 
 	public static final String URL = "endsession";
-
 	private static final String CLIENT_KEY = "client";
 	private static final String STATE_KEY = "state";
 	private static final String REDIRECT_URI_KEY = "redirectUri";
-
+	private static final String PREFIX_REDIRECT = "redirect:";
 	private final SelfAssertionValidator validator;
 	private final PerunOidcConfig perunOidcConfig;
 	private final ClientDetailsEntityService clientService;
@@ -94,6 +94,7 @@ public class EndSessionEndpoint {
 	public String endSession(@RequestParam(value = "id_token_hint", required = false) String idTokenHint,
 							 @RequestParam(value = PARAM_POST_LOGOUT_REDIRECT_URI, required = false) String postLogoutRedirectUri,
 							 @RequestParam(value = STATE_KEY, required = false) String state,
+							 @RequestParam(value = PARAM_PROMPT, required = false) String prompt,
 							 HttpServletRequest request,
 							 HttpSession session,
 							 Authentication auth, Map<String, Object> model)
@@ -139,6 +140,9 @@ public class EndSessionEndpoint {
 			// we're not logged in anyway, process the final redirect bits if needed
 			return processLogout(null, null, session);
 		} else {
+			if ("none".equals(prompt)) {
+				return processLogout("approve", "", session);
+			}
 			log.info("Logout confirmating for user {} from client {}", auth.getName(), client != null ? client.getClientName() : "unknown");
 			// we are logged in, need to prompt the user before we log out
 			model.put("client", client);
@@ -164,7 +168,7 @@ public class EndSessionEndpoint {
 		if (isUriValid(redirectUri, client)) {
 			UriComponentsBuilder uri = UriComponentsBuilder.fromHttpUrl(redirectUri);
 			if (StringUtils.hasText(state)) {
-				uri = uri.queryParam("state", state);
+				uri = uri.queryParam(PARAM_STATE, state);
 			}
 			UriComponents uriComponents = uri.build();
 			log.trace("redirect URL: {}", uriComponents);
@@ -176,15 +180,15 @@ public class EndSessionEndpoint {
 			if (StringUtils.hasText(approved)) {
 				target = getLogoutUrl(target);
 				log.trace("redirecting to logout SAML and then {}", target);
-				return "redirect:" + target;
+				return PREFIX_REDIRECT + target;
 			} else {
 				log.trace("redirecting to {}", target);
-				return "redirect:" + redirectURL;
+				return PREFIX_REDIRECT + redirectURL;
 			}
 		} else {
 			if (StringUtils.hasText(approved)) {
 				log.trace("redirecting to logout SAML only");
-				return "redirect:" + getLogoutUrl(null);
+				return PREFIX_REDIRECT + getLogoutUrl(null);
 			} else {
 				return "logout_denied";
 			}