From 0866f9b80f5a8943dd041808eb8e3172f4deb7f4 Mon Sep 17 00:00:00 2001
From: agnisa-cap <arne.gnisa@capgemini.com>
Date: Thu, 12 Oct 2023 15:27:36 +0200
Subject: [PATCH 1/5] N21-1314 adds a check if the course is archived. if true
 disable checkbox for videoconferences (#3332)

---
 views/courses/edit-course.hbs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/courses/edit-course.hbs b/views/courses/edit-course.hbs
index c72c73f4df..b9b024bca5 100644
--- a/views/courses/edit-course.hbs
+++ b/views/courses/edit-course.hbs
@@ -123,8 +123,8 @@
                 {{#ifConfig "FEATURE_CTL_TOOLS_TAB_ENABLED" true}}
 				{{#ifConfig "FEATURE_VIDEOCONFERENCE_ENABLED" true}}
                     <div class="form-group">
-                        <input id="activateConf" type="checkbox" name="videoconference" value="true" data-testid="videoconf_checkbox" {{#inArray "videoconference" @root.course.features}}checked{{/inArray}} {{#inArray "videoconference" @root.schoolData.features}} {{else}} disabled {{/inArray}}>
-                        <label for="activateConf">{{$t "courses._course.edit.label.activateVideoConferences"}}</label>
+                    <input id="activateConf" type="checkbox" name="videoconference" value="true" data-testid="videoconf_checkbox" {{#if @root.course.isArchived}}disabled{{/if}} {{#inArray "videoconference" @root.course.features}}checked{{/inArray}} {{#inArray "videoconference" @root.schoolData.features}} {{else}} disabled {{/inArray}}>
+                    <label for="activateConf">{{$t "courses._course.edit.label.activateVideoConferences"}}</label>
                         {{#inArray "videoconference" @root.schoolData.features}}
                         {{else}}
                             <small class="form-text text-muted">

From c9043a1586c277682928a66f62ca2e98502938d6 Mon Sep 17 00:00:00 2001
From: Arne Gnisa <arne.gnisa@capgemini.com>
Date: Fri, 13 Oct 2023 09:16:15 +0200
Subject: [PATCH 2/5] N21-1273 log out on from external system when error
 occurred during oauth login

---
 helpers/authentication.js | 70 ++++++++++++++++++++++++++++-----------
 1 file changed, 50 insertions(+), 20 deletions(-)

diff --git a/helpers/authentication.js b/helpers/authentication.js
index ae81a415af..9ec655c202 100644
--- a/helpers/authentication.js
+++ b/helpers/authentication.js
@@ -339,10 +339,27 @@ const setErrorNotification = (res, req, error, systemName) => {
 	};
 };
 
-const handleLoginError = async (req, res, error, postLoginRedirect, strategy, systemName) => {
+const getLogoutUrl = (req, res, logoutEndpoint, idTokenHint, redirect) => {
+	if (!logoutEndpoint) {
+		logger.info('Logout failed. Missing logout endpoint.');
+	}
+
+	const logoutUrl = new URL(logoutEndpoint);
+	logoutUrl.searchParams.append('id_token_hint', idTokenHint);
+
+	const validRedirect = redirectHelper.getValidRedirect(redirect);
+	const postLoginRedirect = `${Configuration.get('HOST')}${validRedirect || '/dashboard'}`;
+	logoutUrl.searchParams.append('post_logout_redirect_uri', postLoginRedirect);
+
+	return logoutUrl.toString();
+};
+
+const handleLoginError = async (req, res, error, postLoginRedirect, strategy, systemName, externalIdToken) => {
 	setErrorNotification(res, req, error, systemName);
 
+	let logoutEndpoint;
 	if (req.session.oauth2State) {
+		logoutEndpoint = req.session.oauth2State.logoutEndpoint;
 		delete req.session.oauth2State;
 	}
 
@@ -356,9 +373,21 @@ const handleLoginError = async (req, res, error, postLoginRedirect, strategy, sy
 		queryString.append('strategy', strategy);
 	}
 
-	const redirect = redirectHelper.joinPathWithQuery('/login', queryString.toString());
+	const loginRedirect = redirectHelper.joinPathWithQuery('/login', queryString.toString());
 
-	res.redirect(redirect);
+	if (logoutEndpoint) {
+		const redirect = getLogoutUrl(
+			req,
+			res,
+			req.session.oauth2State.logoutEndpoint,
+			externalIdToken,
+			loginRedirect,
+		);
+
+		res.redirect(redirect);
+	} else {
+		res.redirect(loginRedirect);
+	}
 };
 
 const login = (payload = {}, req, res, next) => {
@@ -448,7 +477,15 @@ const loginUser = async (req, res, strategy, payload, postLoginRedirect, systemN
 	} catch (errorResponse) {
 		logger.error('Login failed.');
 
-		return handleLoginError(req, res, errorResponse.error, postLoginRedirect, strategy, systemName);
+		return handleLoginError(
+			req,
+			res,
+			errorResponse.error,
+			postLoginRedirect,
+			strategy,
+			systemName,
+			loginResponse.login?.externalIdToken,
+		);
 	}
 
 	const currentUser = jwt.decode(accessToken);
@@ -461,7 +498,15 @@ const loginUser = async (req, res, strategy, payload, postLoginRedirect, systemN
 
 		return {
 			error: errorResponse.error,
-			redirect: handleLoginError(req, res, errorResponse.error, postLoginRedirect, strategy, systemName),
+			redirect: handleLoginError(
+				req,
+				res,
+				errorResponse.error,
+				postLoginRedirect,
+				strategy,
+				systemName,
+				loginResponse.login?.externalIdToken,
+			),
 		};
 	}
 
@@ -488,21 +533,6 @@ const loginUser = async (req, res, strategy, payload, postLoginRedirect, systemN
 	};
 };
 
-const getLogoutUrl = (req, res, logoutEndpoint, idTokenHint, redirect) => {
-	if (!logoutEndpoint) {
-		logger.info('Logout failed. Missing logout endpoint.');
-	}
-
-	const logoutUrl = new URL(logoutEndpoint);
-	logoutUrl.searchParams.append('id_token_hint', idTokenHint);
-
-	const validRedirect = redirectHelper.getValidRedirect(redirect);
-	const postLoginRedirect = `${Configuration.get('HOST')}${validRedirect || '/dashboard'}`;
-	logoutUrl.searchParams.append('post_logout_redirect_uri', postLoginRedirect);
-
-	return logoutUrl.toString();
-};
-
 // eslint-disable-next-line consistent-return
 const migrateUser = async (req, res, payload) => {
 	const queryString = new URLSearchParams({

From ff26eb338ef1518be913b516b8a4ff019a81227d Mon Sep 17 00:00:00 2001
From: Arne Gnisa <arne.gnisa@capgemini.com>
Date: Fri, 13 Oct 2023 09:17:05 +0200
Subject: [PATCH 3/5] N21-1273 fix logout url

---
 helpers/authentication.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helpers/authentication.js b/helpers/authentication.js
index 9ec655c202..bce5669931 100644
--- a/helpers/authentication.js
+++ b/helpers/authentication.js
@@ -379,7 +379,7 @@ const handleLoginError = async (req, res, error, postLoginRedirect, strategy, sy
 		const redirect = getLogoutUrl(
 			req,
 			res,
-			req.session.oauth2State.logoutEndpoint,
+			logoutEndpoint,
 			externalIdToken,
 			loginRedirect,
 		);

From dac405cc6dbf32972331d9b8c8116813383b384b Mon Sep 17 00:00:00 2001
From: Arne Gnisa <arne.gnisa@capgemini.com>
Date: Fri, 13 Oct 2023 09:50:59 +0200
Subject: [PATCH 4/5] N21-1273 test with logs

---
 helpers/authentication.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/helpers/authentication.js b/helpers/authentication.js
index bce5669931..242e6b6fa4 100644
--- a/helpers/authentication.js
+++ b/helpers/authentication.js
@@ -355,6 +355,9 @@ const getLogoutUrl = (req, res, logoutEndpoint, idTokenHint, redirect) => {
 };
 
 const handleLoginError = async (req, res, error, postLoginRedirect, strategy, systemName, externalIdToken) => {
+	logger.error('Redirecting to logout endpoint.', {
+		error, postLoginRedirect, strategy, systemName, externalIdToken,
+	});
 	setErrorNotification(res, req, error, systemName);
 
 	let logoutEndpoint;
@@ -362,6 +365,7 @@ const handleLoginError = async (req, res, error, postLoginRedirect, strategy, sy
 		logoutEndpoint = req.session.oauth2State.logoutEndpoint;
 		delete req.session.oauth2State;
 	}
+	logger.error('Get logout endpoint.', { logoutEndpoint });
 
 	await clearCookie(req, res);
 
@@ -383,9 +387,11 @@ const handleLoginError = async (req, res, error, postLoginRedirect, strategy, sy
 			externalIdToken,
 			loginRedirect,
 		);
+		logger.error('Redirecting to logout endpoint.', { redirect });
 
 		res.redirect(redirect);
 	} else {
+		logger.error('To loginRedirect', { loginRedirect });
 		res.redirect(loginRedirect);
 	}
 };

From 61343d4a93241add35a193c556be84b8441e3fda Mon Sep 17 00:00:00 2001
From: Arne Gnisa <arne.gnisa@capgemini.com>
Date: Fri, 13 Oct 2023 10:10:05 +0200
Subject: [PATCH 5/5] N21-1273 fix error

---
 helpers/authentication.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helpers/authentication.js b/helpers/authentication.js
index 242e6b6fa4..c75e32a636 100644
--- a/helpers/authentication.js
+++ b/helpers/authentication.js
@@ -490,7 +490,7 @@ const loginUser = async (req, res, strategy, payload, postLoginRedirect, systemN
 			postLoginRedirect,
 			strategy,
 			systemName,
-			loginResponse.login?.externalIdToken,
+			loginResponse?.login?.externalIdToken,
 		);
 	}