Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

N21-2136 moin schule logout from svs #3535

Merged
merged 15 commits into from
Nov 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions config/default.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,11 @@
"type": "boolean",
"default": false,
"description": "Enables the rooms feature"
},
"FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED": {
"type": "boolean",
"default": false,
"description": "Enables the external system logout feature"
}
},
"allOf": [
Expand Down
17 changes: 17 additions & 0 deletions controllers/login.js
Original file line number Diff line number Diff line change
Expand Up @@ -484,4 +484,21 @@ router.get('/logout/', (req, res, next) => {
.catch(next);
});

router.get('/logout/external/', async (req, res, next) => {
let redirectUri = '/logout/';
if (Configuration.has('OAUTH2_LOGOUT_URI')) {
redirectUri = Configuration.get('OAUTH2_LOGOUT_URI');
}

if (res.locals.isExternalLogoutAllowed) {
try {
await api(req, { version: 'v3' }).post('/logout/external');
} catch (err) {
logger.error('error during external logout.', formatError(err));
}
}

res.redirect(redirectUri);
});

module.exports = router;
24 changes: 23 additions & 1 deletion helpers/authentication.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ const clearCookie = async (req, res, options = { destroySession: false }) => {
});
});
}

res.clearCookie('jwt');
// this is deprecated and only used for cookie removal from now on,
// and can be removed after one month (max cookie lifetime from life systems)
Expand Down Expand Up @@ -101,6 +101,26 @@ const isAuthenticated = (req) => {
};

const populateCurrentUser = async (req, res) => {
async function setExternalSystemFromJwt(decodedJwt) {
if (!('systemId' in decodedJwt) && !decodedJwt.systemId) {
return;
}

try {
const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`);
const hasEndSessionEndpoint = 'oauthConfig' in response
&& 'endSessionEndpoint' in response.oauthConfig
&& response.oauthConfig.endSessionEndpoint;

res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED')
GordonNicholasCap marked this conversation as resolved.
Show resolved Hide resolved
&& hasEndSessionEndpoint;
res.locals.systemName = response.displayName;
} catch (err) {
const metadata = { error: err.toString() };
logger.error('Unable to find out the external login system used by user', metadata);
}
}

let payload = {};
if (isJWT(req)) {
try {
Expand Down Expand Up @@ -129,6 +149,8 @@ const populateCurrentUser = async (req, res) => {
}

if (payload && payload.userId) {
await setExternalSystemFromJwt(payload);

if (res.locals.currentUser && res.locals.currentSchoolData) {
return Promise.resolve(res.locals.currentSchoolData);
}
Expand Down
2 changes: 1 addition & 1 deletion locales/de.json
Original file line number Diff line number Diff line change
Expand Up @@ -3231,4 +3231,4 @@
"createAfterFirstSave": "H5P Inhalte können erst nach dem ersten Speichern erstellt werden."
}
}
}
}
2 changes: 1 addition & 1 deletion locales/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -3231,4 +3231,4 @@
"createAfterFirstSave": "H5P contents can only be created after the first save."
}
}
}
}
2 changes: 1 addition & 1 deletion locales/es.json
Original file line number Diff line number Diff line change
Expand Up @@ -3231,4 +3231,4 @@
"createAfterFirstSave": "Los contenidos H5P solo se pueden crear después del primer guardado."
}
}
}
}
2 changes: 1 addition & 1 deletion locales/uk.json
Original file line number Diff line number Diff line change
Expand Up @@ -3240,4 +3240,4 @@
"createAfterFirstSave": "Вміст H5P можна створити лише після першого збереження."
}
}
}
}
17 changes: 16 additions & 1 deletion views/lib/topbar.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,22 @@
<hr>
{{> "user/forms/language" [email protected] }}
<li><a class="dropdown-item" data-testid="settings" href="/account/" role="menuitem" aria-label="{{$t 'lib.loggedin.tab_label.settings' }}">{{$t "lib.loggedin.tab_label.settings" }}</a></li>
<li><a class="dropdown-item localstorageclear" data-testid="logout" href= {{#hasConfig "OAUTH2_LOGOUT_URI"}} {{getConfig "OAUTH2_LOGOUT_URI"}} {{else}} "/logout/" {{/hasConfig}} role="menuitem" aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}">{{$t "lib.loggedin.tab_label.signOut"}}</a></li>
{{#if isExternalLogoutAllowed}}
<li><a class="dropdown-item"
data-testid="external-logout"
href="/logout/external/"
role="menuitem"
aria-label="{{$t 'lib.loggedin.tab_label.signOut'}} Bildungscloud & {{ systemName }}">
{{$t 'lib.loggedin.tab_label.signOut'}} Bildungscloud & {{ systemName }}
</a></li>
{{/if}}
<li><a class="dropdown-item localstorageclear"
data-testid="logout"
role="menuitem"
href= {{#hasConfig "OAUTH2_LOGOUT_URI"}} {{getConfig "OAUTH2_LOGOUT_URI"}} {{else}} "/logout/" {{/hasConfig}}
aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}">
{{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}
</a></li>
</ul>
</div>
</li>
Expand Down
Loading