Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend] Add remote logout_remote value to openId options (#7766) #8466

Merged
merged 1 commit into from
Sep 27, 2024
Merged

[backend] Add remote logout_remote value to openId options (#7766) #8466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion opencti-platform/opencti-graphql/src/config/providers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@
}
// endregion
const openIdScope = R.uniq(openIdScopes).join(' ');
const options = { client, passReqToCallback: true, params: { scope: openIdScope } };
const options = { logout_remote: mappedConfig.logout_remote, client, passReqToCallback: true, params: { scope: openIdScope } };

Check warning on line 320 in opencti-platform/opencti-graphql/src/config/providers.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/config/providers.js#L320 

Added line #L320 was not covered by tests
const debugCallback = (message, meta) => logApp.info(message, meta);
const openIDStrategy = new OpenIDStrategy(options, debugCallback, (_, tokenset, userinfo, done) => {
logApp.info('[OPENID] Successfully logged', { userinfo });
Expand Down Expand Up @@ -386,6 +386,7 @@
openIDStrategy.logout = (_, callback) => {
const isSpecificUri = isNotEmptyField(config.logout_callback_url);
const endpointUri = issuer.end_session_endpoint ? issuer.end_session_endpoint : `${config.issuer}/oidc/logout`;
logApp.debug(`[OPENID] logout configuration, isSpecificUri:${isSpecificUri}, issuer.end_session_endpoint:${issuer.end_session_endpoint}, final endpointUri: ${endpointUri}`);

Check warning on line 389 in opencti-platform/opencti-graphql/src/config/providers.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/config/providers.js#L389 

Added line #L389 was not covered by tests
if (isSpecificUri) {
const logoutUri = `${endpointUri}?post_logout_redirect_uri=${config.logout_callback_url}`;
callback(null, logoutUri);
Expand Down
2 changes: 2 additions & 0 deletions opencti-platform/opencti-graphql/src/http/httpPlatform.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,7 @@
const strategy = passport._strategy(provider);
if (strategy) {
if (strategy.logout_remote === true && strategy.logout) {
logApp.debug('Logout: requesting remote logout using authentication strategy parameters.');

Check warning on line 364 in opencti-platform/opencti-graphql/src/http/httpPlatform.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/http/httpPlatform.js#L364 

Added line #L364 was not covered by tests
req.user = user; // Needed for passport
strategy.logout(req, (error, request) => {
if (error) {
Expand All @@ -371,6 +372,7 @@
}
});
} else {
logApp.debug('Logout: OpenCTI logout only, remote logout on IDP not requested.');

Check warning on line 375 in opencti-platform/opencti-graphql/src/http/httpPlatform.js

View check run for this annotation

Codecov / codecov/patch

opencti-platform/opencti-graphql/src/http/httpPlatform.js#L375 

Added line #L375 was not covered by tests
res.redirect(referer);
}
} else {
Expand Down