Skip to content

Commit

Permalink
Merge pull request #820 from SciCatProject/add-better-check-for-logou…
Browse files Browse the repository at this point in the history 
…t-urls

feat: add better check for logout urls
  • Loading branch information
@martin-trajanovski
martin-trajanovski authored Oct 18, 2023
2 parents c29db83 + 7fa5615 commit 8f62192
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 20 deletions.
57 changes: 37 additions & 20 deletions src/auth/auth.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import { User } from "src/users/schemas/user.schema";
import { UsersService } from "../users/users.service";
import { Request } from "express";
import { OidcConfig } from "src/config/configuration";
import { parseBoolean } from "src/common/utils";
import { flattenObject, parseBoolean } from "src/common/utils";
import { Issuer } from "openid-client";

@Injectable()
Expand Down Expand Up @@ -58,46 +58,63 @@ export class AuthService {
"expressSessionSecret",
);

const logoutResult = await this.additionalLogoutTasks(req, logoutURL);

if (expressSessionSecret) {
req.logout(async (err) => {
if (err) {
// we should provide a message
console.log("Logout error");
console.log(err);
//res.status(HttpStatus.BAD_REQUEST);
}
return await this.additionalLogoutTasks(req, logoutURL);
});

return logoutResult;
} else {
return await this.additionalLogoutTasks(req, logoutURL);
}
if (logoutURL) {
return { logout: "successful", logoutURL: logoutURL };
return logoutResult;
}

return { logout: "successful" };
}

async additionalLogoutTasks(req: Request, logoutURL: string) {
const user = req.user as Omit<User, "password">;
if (user?.authStrategy == "oidc") {
if (user?.authStrategy === "oidc") {
const oidcConfig = this.configService.get<OidcConfig>("oidc");
const autoLogout: boolean = parseBoolean(oidcConfig?.autoLogout || false);
const autoLogout: boolean = parseBoolean(oidcConfig?.autoLogout || true);

if (autoLogout) {
const trustIssuer = await Issuer.discover(
`${oidcConfig?.issuer}/.well-known/openid-configuration`,
);
const end_session_endpoint = trustIssuer.metadata.end_session_endpoint;
if (end_session_endpoint) {
if (logoutURL) {
return {
logout: "successful",
logoutURL:
end_session_endpoint +
(logoutURL ? "?post_logout_redirect_uri=" + logoutURL : ""),
logoutURL: logoutURL,
};
}

// If there is no LOGOUT_URL set try to get one from the issuer
const trustIssuer = await Issuer.discover(
`${oidcConfig?.issuer}/.well-known/openid-configuration`,
);
// Flatten the object in case the end_session url is nested.
const flattenTrustIssuer = flattenObject(trustIssuer);

// Note search for "end_session" key into the flatten object
const endSessionEndpointKey = Object.keys(flattenTrustIssuer).find(
(key) => key.includes("end_session"),
);

if (endSessionEndpointKey) {
// Get the end_session endpoint value
const endSessionEndpoint = flattenTrustIssuer[endSessionEndpointKey];

if (endSessionEndpoint) {
return {
logout: "successful",
logoutURL: endSessionEndpoint,
};
}
}
}
}
return;

return { logout: "successful" };
}
}
16 changes: 16 additions & 0 deletions src/common/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,22 @@ export const extractMetadataKeys = <T>(
return Array.from(keys);
};

export const flattenObject = <T>(obj: T) => {
const result: Record<string, unknown> = {};

for (const i in obj) {
if (typeof obj[i] === "object" && !Array.isArray(obj[i])) {
const temp = flattenObject(obj[i]);
for (const j in temp) {
result[i + "." + j] = temp[j];
}
} else {
result[i] = obj[i];
}
}
return result;
};

export const handleAxiosRequestError = (
err: unknown,
context?: string,
Expand Down

0 comments on commit 8f62192

Please sign in to comment.