Skip to content

Commit

Permalink
Working logout/login with new KC.
Browse files Browse the repository at this point in the history
  • Loading branch information
@arcshiftsolutions
arcshiftsolutions committed Nov 27, 2024
1 parent e35999d commit f93042a
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 17 deletions.
3 changes: 2 additions & 1 deletion backend/src/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ function addLoginPassportUse(discovery, strategyName, callbackURI, kc_idp_hint)
callbackURL: callbackURI,
scope: discovery.scopes_supported,
kc_idp_hint: kc_idp_hint
}, (_issuer, profile, _context, _idToken, accessToken, refreshToken, done) => {
}, (_issuer, profile, _context, idToken, accessToken, refreshToken, done) => {
if ((typeof (accessToken) === 'undefined') || (accessToken === null) ||
(typeof (refreshToken) === 'undefined') || (refreshToken === null)) {
return done('No access token', null);
Expand All @@ -142,6 +142,7 @@ function addLoginPassportUse(discovery, strategyName, callbackURI, kc_idp_hint)
//set access and refresh tokens
profile.jwtFrontend = auth.generateUiToken();
profile.jwt = accessToken;
profile.idToken = idToken;
profile._json = parseJwt(accessToken);
profile.refreshToken = refreshToken;
return done(null, profile);
Expand Down
60 changes: 44 additions & 16 deletions backend/src/routes/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,35 +176,63 @@ addBaseRouterGet('oidcEntraActivateDistrictUser', '/login_entra_activate_distric

//removes tokens and destroys session
router.get('/logout', async (req, res, next) => {
req.logout(function(err) {
if (err) {
return next(err);
}
req.session.destroy();
let primaryURL = config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend');
let idToken = req?.session?.passport?.user?.idToken;
if (idToken) {
req.logout(function(err) {
if (err) {
return next(err);
}
req.session.destroy();
let retUrl;
if (req.query && req.query.sessionExpired) {
retUrl = encodeURIComponent(primaryURL + '/session-expired' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginError) {
retUrl = encodeURIComponent(primaryURL + '/login-error' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginBceid) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginEntra) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginIDIR) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_idir' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginBceidActivateUser) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid_activate_user' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginBceidActivateDistrictUser) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid_activate_district_user' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginEntraActivateUser) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra_activate_user' + '&id_token_hint=' + idToken);
} else if (req.query && req.query.loginEntraActivateDistrictUser) {
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra_activate_district_user' + '&id_token_hint=' + idToken);
} else {
retUrl = encodeURIComponent(primaryURL + '/logout' + '&id_token_hint=' + idToken);
}
res.redirect(config.get('siteMinder_logout_endpoint') + retUrl);
});
}else {
let retUrl;
if (req.query && req.query.sessionExpired) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend') + '/session-expired' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/session-expired' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginError) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/login-error' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/login-error' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginBceid) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_bceid' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginEntra) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_entra' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginIDIR) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_idir' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_idir' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginBceidActivateUser) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_bceid_activate_user' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid_activate_user' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginBceidActivateDistrictUser) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_bceid_activate_district_user' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_bceid_activate_district_user' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginEntraActivateUser) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_entra_activate_user' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra_activate_user' + '&client_id=' + config.get('oidc:clientId'));
} else if (req.query && req.query.loginEntraActivateDistrictUser) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/api/auth/login_entra_activate_district_user' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/api/auth/login_entra_activate_district_user' + '&client_id=' + config.get('oidc:clientId'));
} else {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend')+ '/logout' + '&client_id=' + config.get('oidc:clientId'));
retUrl = encodeURIComponent(primaryURL + '/logout' + '&client_id=' + config.get('oidc:clientId'));
}
res.redirect(config.get('siteMinder_logout_endpoint') + retUrl);
});
}
});

const UnauthorizedRsp = {
Expand Down

0 comments on commit f93042a

Please sign in to comment.