chore(auth): fix single sign out redirect route

2024-03-10 19:43:54 +00:00 · 2024-03-10 19:43:54 +00:00 · 1e5c4df163
commit 1e5c4df163
parent b947037ea2
6 changed files with 17 additions and 4 deletions
--- a/messages/uniworx/categories/authorization/de-de-formal.msg
+++ b/messages/uniworx/categories/authorization/de-de-formal.msg
@ -140,4 +140,5 @@ FormHoneypotComment: Kommentar
 FormHoneypotCommentPlaceholder: Kommentar
 FormHoneypotFilled: Bitte füllen Sie keines der verstecken Felder aus

+Logout: Abmeldung
 SingleSignOut: Abmeldung bei Azure
--- a/messages/uniworx/categories/authorization/en-eu.msg
+++ b/messages/uniworx/categories/authorization/en-eu.msg
@ -141,4 +141,5 @@ FormHoneypotComment: Comment
 FormHoneypotCommentPlaceholder: Comment
 FormHoneypotFilled: Please do not fill in any of the hidden fields

+Logout: Logout
 SingleSignOut: Azure logout
--- a/3
+++ b/3
@ -46,7 +46,8 @@
 /static StaticR EmbeddedStatic appStatic                      !free
 /auth   AuthR   Auth   getAuth                                !free

-/ssout SSOutR  GET !free -- single sign-out (OIDC)
+/logout       SOutR  GET !free
+/logout/ssout SSOutR GET !free -- single sign-out (OIDC)

 /metrics     MetricsR GET																			!free -- verify if this can be free

--- a/src/Auth/OAuth2.hs
+++ b/src/Auth/OAuth2.hs
@ -167,5 +167,6 @@ singleSignOut mRedirect = do
      endpoint = case mRedirect of
        Just r -> base <> "?post_logout_redirect_uri=" <> r
        Nothing -> base
+  $logErrorS "\n\27[31mSSO\27[0m" endpoint 
  redirect endpoint

--- a/src/Foundation/Navigation.hs
+++ b/src/Foundation/Navigation.hs
@ -73,6 +73,7 @@ breadcrumb :: ( BearerAuthSite UniWorX
           => Route UniWorX
           -> m Breadcrumb
 breadcrumb (AuthR _)        = i18nCrumb MsgMenuLogin         $ Just NewsR
+breadcrumb SOutR            = i18nCrumb MsgLogout              Nothing
 breadcrumb SSOutR           = i18nCrumb MsgSingleSignOut       Nothing
 breadcrumb (StaticR _)      = i18nCrumb MsgBreadcrumbStatic    Nothing
 breadcrumb (WellKnownR _)   = i18nCrumb MsgBreadcrumbWellKnown Nothing
--- a/src/Handler/SingleSignOut.hs
+++ b/src/Handler/SingleSignOut.hs
@ -3,7 +3,8 @@
 -- SPDX-License-Identifier: AGPL-3.0-or-later

 module Handler.SingleSignOut
-  ( getSSOutR
+  ( getSOutR
+  , getSSOutR
  ) where

 import Import
@ -11,13 +12,20 @@ import Auth.OAuth2 (singleSignOut)
 import qualified Network.Wai as W


+getSOutR :: Handler Html
+getSOutR = do
+  $logErrorS "\27[31mSOut\27[0m" "Redirect to LogoutR"
+  redirect $ AuthR LogoutR
+
 getSSOutR :: Handler Html
 getSSOutR = do
  app <- getYesod
-  let logoutR = intercalate "/" . fst . renderRoute $ AuthR LogoutR
+  let redir = intercalate "/" . fst . renderRoute $ SOutR
      root = case approot of
        ApprootRequest f -> f app W.defaultRequest
        _ -> error "approt implementation changed"
+      url = decodeUtf8 . urlEncode True . encodeUtf8 $ root <> "/" <> redir
  AppSettings{..} <- getsYesod appSettings'
-  if appSingleSignOn then singleSignOut (Just $ root <> "/" <> logoutR) else redirect (AuthR LogoutR)
+  $logErrorS "\27[31mSSOut\27[0m" "Redirect to auth server"
+  if appSingleSignOn then singleSignOut (Just url) else redirect (AuthR LogoutR)