fraport/fradrive-old
fraport/fradrive-old
Archived
3
1
Fork 0
Code Issues 65 Pull Requests 5 Actions Packages Projects Releases 197 Wiki Activity

chore(auth): fix single sign out redirect route

Browse Source
This commit is contained in:
David Mosbach 2024-03-10 19:43:54 +00:00
parent b947037ea2
commit 1e5c4df163
6 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
messages/uniworx/categories/authorization/de-de-formal.msg
View File

@ -140,4 +140,5 @@ FormHoneypotComment: Kommentar
FormHoneypotCommentPlaceholder: Kommentar FormHoneypotCommentPlaceholder: Kommentar
FormHoneypotFilled: Bitte füllen Sie keines der verstecken Felder aus FormHoneypotFilled: Bitte füllen Sie keines der verstecken Felder aus
Logout: Abmeldung
SingleSignOut: Abmeldung bei Azure SingleSignOut: Abmeldung bei Azure

1
messages/uniworx/categories/authorization/en-eu.msg
View File

@ -141,4 +141,5 @@ FormHoneypotComment: Comment
FormHoneypotCommentPlaceholder: Comment FormHoneypotCommentPlaceholder: Comment
FormHoneypotFilled: Please do not fill in any of the hidden fields FormHoneypotFilled: Please do not fill in any of the hidden fields
Logout: Logout
SingleSignOut: Azure logout SingleSignOut: Azure logout

3
routes
View File

@ -46,7 +46,8 @@
/static StaticR EmbeddedStatic appStatic !free /static StaticR EmbeddedStatic appStatic !free
/auth AuthR Auth getAuth !free /auth AuthR Auth getAuth !free
/ssout SSOutR GET !free -- single sign-out (OIDC) /logout SOutR GET !free
/logout/ssout SSOutR GET !free -- single sign-out (OIDC)
/metrics MetricsR GET !free -- verify if this can be free /metrics MetricsR GET !free -- verify if this can be free

1
src/Auth/OAuth2.hs
View File

@ -167,5 +167,6 @@ singleSignOut mRedirect = do
endpoint = case mRedirect of endpoint = case mRedirect of
Just r -> base <> "?post_logout_redirect_uri=" <> r Just r -> base <> "?post_logout_redirect_uri=" <> r
Nothing -> base Nothing -> base
$logErrorS "\n\27[31mSSO\27[0m" endpoint
redirect endpoint redirect endpoint

1
src/Foundation/Navigation.hs
View File

@ -73,6 +73,7 @@ breadcrumb :: ( BearerAuthSite UniWorX
=> Route UniWorX => Route UniWorX
-> m Breadcrumb -> m Breadcrumb
breadcrumb (AuthR _) = i18nCrumb MsgMenuLogin $ Just NewsR breadcrumb (AuthR _) = i18nCrumb MsgMenuLogin $ Just NewsR
breadcrumb SOutR = i18nCrumb MsgLogout Nothing
breadcrumb SSOutR = i18nCrumb MsgSingleSignOut Nothing breadcrumb SSOutR = i18nCrumb MsgSingleSignOut Nothing
breadcrumb (StaticR _) = i18nCrumb MsgBreadcrumbStatic Nothing breadcrumb (StaticR _) = i18nCrumb MsgBreadcrumbStatic Nothing
breadcrumb (WellKnownR _) = i18nCrumb MsgBreadcrumbWellKnown Nothing breadcrumb (WellKnownR _) = i18nCrumb MsgBreadcrumbWellKnown Nothing

14
src/Handler/SingleSignOut.hs
View File

@ -3,7 +3,8 @@
-- SPDX-License-Identifier: AGPL-3.0-or-later -- SPDX-License-Identifier: AGPL-3.0-or-later
module Handler.SingleSignOut module Handler.SingleSignOut
( getSSOutR ( getSOutR
, getSSOutR
) where ) where
import Import import Import
@ -11,13 +12,20 @@ import Auth.OAuth2 (singleSignOut)
import qualified Network.Wai as W import qualified Network.Wai as W
getSOutR :: Handler Html
getSOutR = do
$logErrorS "\27[31mSOut\27[0m" "Redirect to LogoutR"
redirect $ AuthR LogoutR
getSSOutR :: Handler Html getSSOutR :: Handler Html
getSSOutR = do getSSOutR = do
app <- getYesod app <- getYesod
let logoutR = intercalate "/" . fst . renderRoute $ AuthR LogoutR let redir = intercalate "/" . fst . renderRoute $ SOutR
root = case approot of root = case approot of
ApprootRequest f -> f app W.defaultRequest ApprootRequest f -> f app W.defaultRequest
_ -> error "approt implementation changed" _ -> error "approt implementation changed"
url = decodeUtf8 . urlEncode True . encodeUtf8 $ root <> "/" <> redir
AppSettings{..} <- getsYesod appSettings' AppSettings{..} <- getsYesod appSettings'
if appSingleSignOn then singleSignOut (Just $ root <> "/" <> logoutR) else redirect (AuthR LogoutR) $logErrorS "\27[31mSSOut\27[0m" "Redirect to auth server"
if appSingleSignOn then singleSignOut (Just url) else redirect (AuthR LogoutR)