Skip to content

Commit 0e136f2

Browse files
feedmeapplesfeedmeapples
authored
Fix logout that didn't clear ID Token (#182)
1 parent 237ac1e commit 0e136f2

2 files changed

Lines changed: 51 additions & 10 deletions

File tree

server/auth/auth.go

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,20 @@ func SetUser(c echo.Context, user *User) error {
9191
return nil
9292
}
9393

94+
func ClearUser(c echo.Context) error {
95+
err := clearAccessToken(c)
96+
if err != nil {
97+
return err
98+
}
99+
100+
err = clearIDToken(c)
101+
if err != nil {
102+
return err
103+
}
104+
105+
return nil
106+
}
107+
94108
func ValidateAuth(c echo.Context, cfgProvider *config.ConfigProviderWithRefresh) error {
95109
cfg, err := cfgProvider.GetConfig()
96110
if err != nil {
@@ -162,6 +176,23 @@ func setAccessToken(c echo.Context, token string) error {
162176
return nil
163177
}
164178

179+
func clearAccessToken(c echo.Context) error {
180+
sess, _ := session.Get(AuthCookie, c)
181+
sess.Options = &sessions.Options{
182+
Path: "/",
183+
MaxAge: -1,
184+
HttpOnly: true,
185+
SameSite: http.SameSiteStrictMode,
186+
Secure: true,
187+
}
188+
err := sess.Save(c.Request(), c.Response())
189+
if err != nil {
190+
return err
191+
}
192+
193+
return nil
194+
}
195+
165196
func getAuthorizationExtras(c echo.Context) string {
166197
sess, _ := session.Get(AuthExtrasCookie, c)
167198
if sess == nil {
@@ -192,3 +223,20 @@ func setIDToken(c echo.Context, idToken *IDToken) error {
192223

193224
return nil
194225
}
226+
227+
func clearIDToken(c echo.Context) error {
228+
sess, _ := session.Get(AuthExtrasCookie, c)
229+
sess.Options = &sessions.Options{
230+
Path: "/",
231+
MaxAge: -1,
232+
HttpOnly: true,
233+
SameSite: http.SameSiteStrictMode,
234+
Secure: true,
235+
}
236+
err := sess.Save(c.Request(), c.Response())
237+
if err != nil {
238+
return err
239+
}
240+
241+
return nil
242+
}

server/routes/auth.go

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,6 @@ import (
3333

3434
"github.com/coreos/go-oidc/v3/oidc"
3535
"github.com/gorilla/securecookie"
36-
"github.com/gorilla/sessions"
37-
"github.com/labstack/echo-contrib/session"
3836
"github.com/labstack/echo/v4"
3937
"github.com/temporalio/ui-server/v2/server/auth"
4038
"github.com/temporalio/ui-server/v2/server/config"
@@ -150,15 +148,10 @@ func authenticateCb(ctx context.Context, oauthCfg *oauth2.Config, provider *oidc
150148
}
151149

152150
func logout(c echo.Context) error {
153-
sess, _ := session.Get(auth.AuthCookie, c)
154-
sess.Options = &sessions.Options{
155-
Path: "/",
156-
MaxAge: -1,
157-
HttpOnly: true,
158-
SameSite: http.SameSiteStrictMode,
159-
Secure: true,
151+
err := auth.ClearUser(c)
152+
if err != nil {
153+
return echo.NewHTTPError(http.StatusInternalServerError, "unable to clear user: "+err.Error())
160154
}
161-
sess.Save(c.Request(), c.Response())
162155

163156
returnUrl := c.Request().Header.Get("Referer")
164157
if returnUrl == "" {

0 commit comments

Comments
 (0)