oidc: post logout redirect uris is an array

2023-03-17 12:34:54 +01:00
parent 5465bbb6d7
commit 260925229a
3 changed files with 47 additions and 38 deletions
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -11,7 +11,6 @@ exports = module.exports = {
    },
    routes: {
        renderInteractionPage,
-        renderSessionEndPage,
        interactionLogin,
        interactionConfirm,
        interactionAbort
@@ -163,7 +162,7 @@ class CloudronAdapter {
                client_id: id,
                client_secret: client.secret,
                redirect_uris: [ client.loginRedirectUri ],
-                post_logout_redirect_uri: client.logoutRedirectUri,
+                post_logout_redirect_uris: [ client.logoutRedirectUri ],
            };
        } else {
            if (!this.store[id]) return false;
@@ -284,17 +283,6 @@ class CloudronAdapter {
    }
 }

-function renderSessionEndPage(routePrefix, provider) {
-    assert.strictEqual(typeof routePrefix, 'string');
-    assert.strictEqual(typeof provider, 'object');
-
-    return async function (req, res, next) {
-        debug(`route session end get`);
-
-        return res.render('session_end', {});
-    };
-}
-
 function renderInteractionPage(routePrefix, provider) {
    assert.strictEqual(typeof routePrefix, 'string');
    assert.strictEqual(typeof provider, 'object');
@@ -504,6 +492,46 @@ async function claims(userId, use, scope) {
    return claims;
 }

+async function logoutSource(ctx, form) {
+  // @param ctx - koa request context
+  // @param form - form source (id="op.logoutForm") to be embedded in the page and submitted by
+  //   the End-User
+  ctx.body = `<!DOCTYPE html>
+    <head>
+      <title>Logout Request</title>
+      <style>/* css and html classes omitted for brevity, see lib/helpers/defaults.js */</style>
+    </head>
+    <body>
+      <div>
+        <h1>Cloudron Do you want to sign-out from ${ctx.host}?</h1>
+        ${form}
+        <button autofocus type="submit" form="op.logoutForm" value="yes" name="logout">Yes, sign me out</button>
+        <button type="submit" form="op.logoutForm">No, stay signed in</button>
+      </div>
+    </body>
+    </html>`;
+}
+
+async function postLogoutSuccessSource(ctx) {
+  // @param ctx - koa request context
+  const {
+    clientId, clientName, clientUri, initiateLoginUri, logoUri, policyUri, tosUri,
+  } = ctx.oidc.client || {}; // client is defined if the user chose to stay logged in with the OP
+  const display = clientName || clientId;
+  ctx.body = `<!DOCTYPE html>
+    <head>
+      <title>Sign-out Success</title>
+      <style>/* css and html classes omitted for brevity, see lib/helpers/defaults.js */</style>
+    </head>
+    <body>
+      <div>
+        <h1>Cloudron Sign-out Success</h1>
+        <p>Your sign-out ${display ? `with ${display}` : ''} was successful.</p>
+      </div>
+    </body>
+    </html>`;
+}
+
 async function getProvider(routePrefix) {
    assert.strictEqual(typeof routePrefix, 'string');

@@ -529,7 +557,12 @@ async function getProvider(routePrefix) {
            profile: [ 'family_name', 'given_name', 'locale', 'name', 'preferred_username' ]
        },
        features: {
-            devInteractions: { enabled: false }
+            devInteractions: { enabled: false },
+            rpInitiatedLogout: {
+                enabled: true,
+                logoutSource,
+                postLogoutSuccessSource
+            },
        },
        // if a client only has one redirect uri specified, the client does not have to provide it in the request
        allowOmittingSingleRegisteredRedirectUri: true,