diff --git a/migrations/20230316134353-oidc-clients-add-table.js b/migrations/20230316134353-oidc-clients-add-table.js index e82c613d8..d0afc1077 100644 --- a/migrations/20230316134353-oidc-clients-add-table.js +++ b/migrations/20230316134353-oidc-clients-add-table.js @@ -4,7 +4,8 @@ exports.up = async function (db) { var cmd = 'CREATE TABLE oidcClients(' + 'id VARCHAR(128) NOT NULL UNIQUE,' + 'secret VARCHAR(128) NOT NULL,' + - 'redirectUri VARCHAR(256) NOT NULL,' + + 'loginRedirectUri VARCHAR(256) NOT NULL,' + + 'logoutRedirectUri VARCHAR(256) NOT NULL,' + 'PRIMARY KEY (id))'; await db.runSql(cmd); diff --git a/migrations/schema.sql b/migrations/schema.sql index 6e15af10e..4bf3d4eca 100644 --- a/migrations/schema.sql +++ b/migrations/schema.sql @@ -316,5 +316,6 @@ CREATE TABLE IF NOT EXISTS appLinks( CREATE TABLE IF NOT EXISTS oidcClients( id VARCHAR(128) NOT NULL UNIQUE, secret VARCHAR(128) DEFAULT "", - redirectUri VARCHAR(256) DEFAULT "", + loginRedirectUri VARCHAR(256) DEFAULT "", + logoutRedirectUri VARCHAR(256) DEFAULT "", PRIMARY KEY(id)); diff --git a/src/oidc.js b/src/oidc.js index b799bddf4..6e3477c1b 100644 --- a/src/oidc.js +++ b/src/oidc.js @@ -33,15 +33,16 @@ const assert = require('assert'), settings = require('./settings.js'); const OIDC_CLIENTS_TABLE_NAME = 'oidcClients'; -const OIDC_CLIENTS_FIELDS = [ 'id', 'secret', 'redirectUri' ]; +const OIDC_CLIENTS_FIELDS = [ 'id', 'secret', 'loginRedirectUri', 'logoutRedirectUri' ]; -async function clientsAdd(id, secret, redirectUri) { +async function clientsAdd(id, secret, loginRedirectUri, logoutRedirectUri) { assert.strictEqual(typeof id, 'string'); assert.strictEqual(typeof secret, 'string'); - assert.strictEqual(typeof redirectUri, 'string'); + assert.strictEqual(typeof loginRedirectUri, 'string'); + assert.strictEqual(typeof logoutRedirectUri, 'string'); - const query = 'INSERT INTO oidcClients (id, secret, redirectUri) VALUES (?, ?, ?)'; - const args = [ id, secret, redirectUri ]; + const query = 'INSERT INTO oidcClients (id, secret, loginRedirectUri, logoutRedirectUri) VALUES (?, ?, ?)'; + const args = [ id, secret, loginRedirectUri, logoutRedirectUri ]; const [error] = await safe(database.query(query, args)); if (error && error.code === 'ER_DUP_ENTRY') throw new BoxError(BoxError.ALREADY_EXISTS, 'client already exists'); @@ -59,12 +60,13 @@ async function clientsGet(id) { return result[0]; } -async function clientsUpdate(id, secret, redirectUri) { +async function clientsUpdate(id, secret, loginRedirectUri, logoutRedirectUri) { assert.strictEqual(typeof id, 'string'); assert.strictEqual(typeof secret, 'string'); - assert.strictEqual(typeof redirectUri, 'string'); + assert.strictEqual(typeof loginRedirectUri, 'string'); + assert.strictEqual(typeof logoutRedirectUri, 'string'); - const result = await database.query(`UPDATE ${OIDC_CLIENTS_TABLE_NAME} SET secret=?, redirectUri=? WHERE id = ?`, [ secret, redirectUri, id]); + const result = await database.query(`UPDATE ${OIDC_CLIENTS_TABLE_NAME} SET secret=?, loginRedirectUri=?, logoutRedirectUri=? WHERE id = ?`, [ secret, loginRedirectUri, logoutRedirectUri, id]); if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'client not found'); } @@ -160,7 +162,8 @@ class CloudronAdapter { return { client_id: id, client_secret: client.secret, - redirect_uris: [ client.redirectUri ], + redirect_uris: [ client.loginRedirectUri ], + post_logout_redirect_uri: client.logoutRedirectUri, }; } else { if (!this.store[id]) return false; @@ -285,9 +288,11 @@ function renderSessionEndPage(routePrefix, provider) { assert.strictEqual(typeof routePrefix, 'string'); assert.strictEqual(typeof provider, 'object'); - debug(`route session end get`); + return async function (req, res, next) { + debug(`route session end get`); - return res.render('session_end', {}); + return res.render('session_end', {}); + }; } function renderInteractionPage(routePrefix, provider) {