github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/handle_external_http_logout.go

github.com/greenpau/go-authcrunch@v1.1.4/pkg/authn/handle_external_http_logout.go (about)

     1  // Copyright 2022 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authn
    16  
    17  import (
    18  	"context"
    19  	"github.com/greenpau/go-authcrunch/pkg/redirects"
    20  	"github.com/greenpau/go-authcrunch/pkg/requests"
    21  	"go.uber.org/zap"
    22  	"net/http"
    23  	"path"
    24  	"strings"
    25  )
    26  
    27  func (p *Portal) handleHTTPExternalLogout(ctx context.Context, w http.ResponseWriter, r *http.Request, rr *requests.Request, authMethod string) error {
    28  	p.disableClientCache(w)
    29  	authRealm, err := getEndpoint(r.URL.Path, "/"+authMethod+"/")
    30  	if err != nil {
    31  		return p.handleHTTPError(ctx, w, r, rr, http.StatusBadRequest)
    32  	}
    33  	authRealm = strings.Split(authRealm, "/")[0]
    34  	provider := p.getIdentityProviderByRealm(authRealm)
    35  	if provider == nil {
    36  		return p.handleHTTPRedirect(ctx, w, r, rr, "/login")
    37  	}
    38  
    39  	providerIdentityTokenCookieName := provider.GetIdentityTokenCookieName()
    40  	if providerIdentityTokenCookieName != "" {
    41  		w.Header().Add("Set-Cookie", p.cookie.GetDeleteIdentityTokenCookie(providerIdentityTokenCookieName))
    42  	}
    43  
    44  	cfg := provider.GetConfig()
    45  	logoutEnabled := false
    46  	if v, exists := cfg["logout_enabled"]; exists {
    47  		logoutEnabled = v.(bool)
    48  	}
    49  
    50  	// The user is authenticated. Find whether there is redirect_uri present in Query.
    51  	if redirects.HasRedirectURI(r.URL) && (len(p.config.TrustedLogoutRedirectURIConfigs) > 0) {
    52  		p.logger.Debug(
    53  			"external user logout with redirect",
    54  			zap.String("session_id", rr.Upstream.SessionID),
    55  			zap.String("request_id", rr.ID),
    56  		)
    57  		redirectURI := redirects.GetRedirectURI(r.URL)
    58  		if redirectURI != nil {
    59  			if redirects.Match(redirectURI, p.config.TrustedLogoutRedirectURIConfigs) {
    60  				p.logger.Debug(
    61  					"found trusted logout redirect uri",
    62  					zap.String("session_id", rr.Upstream.SessionID),
    63  					zap.String("request_id", rr.ID),
    64  					zap.String("redirect_uri", redirects.GetRawRedirectURI(r.URL)),
    65  				)
    66  				return p.handleHTTPRedirectExternal(ctx, w, r, rr, redirects.GetRawRedirectURI(r.URL))
    67  			}
    68  		}
    69  	}
    70  
    71  	if !logoutEnabled {
    72  		return p.handleHTTPRedirect(ctx, w, r, rr, "/login")
    73  	}
    74  
    75  	providerLogoutURL := provider.GetLogoutURL()
    76  	if providerLogoutURL == "" {
    77  		return p.handleHTTPRedirect(ctx, w, r, rr, "/login")
    78  	}
    79  
    80  	switch provider.GetDriver() {
    81  	case "cognito":
    82  		// Add redirect_uri to the logout URL.
    83  		providerLogoutURL += "&logout_uri=" + rr.Upstream.BaseURL + path.Join(rr.Upstream.BasePath, "/logout")
    84  	}
    85  
    86  	return p.handleHTTPRedirectExternal(ctx, w, r, rr, providerLogoutURL)
    87  }