Redirects the user to Teams logout page (#2959)

aleDsz · web-flow · commit 3359f65a4c4e · 2025-03-14T09:35:25.000-03:00
diff --git a/lib/livebook/teams/requests.ex b/lib/livebook/teams/requests.ex
@@ -237,15 +237,6 @@ defmodule Livebook.Teams.Requests do
     get("/api/v1/org/identity", %{access_token: access_token}, team)
   end
 
-  @doc """
-  Send a request to Livebook Team API to revoke session from given access token.
-  """
-  @spec logout_identity_provider(Team.t(), String.t()) ::
-          {:ok, String.t()} | {:error, map()} | {:transport_error, String.t()}
-  def logout_identity_provider(team, access_token) do
-    post("/api/v1/org/identity/revoke", %{access_token: access_token}, team)
-  end
-
   @doc """
   Normalizes errors map into errors for the given schema.
   """
diff --git a/lib/livebook/zta/livebook_teams.ex b/lib/livebook/zta/livebook_teams.ex
@@ -38,14 +38,19 @@ defmodule Livebook.ZTA.LivebookTeams do
   # Our extension to Livebook.ZTA to deal with logouts
   def logout(name, conn) do
     token = get_session(conn, :livebook_teams_access_token)
-
     team = Livebook.ZTA.get(name)
 
-    case Teams.Requests.logout_identity_provider(team, token) do
-      {:ok, _no_content} -> :ok
-      {:error, %{}} -> {:error, "You are already logged out."}
-      {:transport_error, reason} -> {:error, reason}
-    end
+    url =
+      Livebook.Config.teams_url()
+      |> URI.new!()
+      |> URI.append_path("/identity/logout")
+      |> URI.append_query("org_id=#{team.org_id}&access_token=#{token}")
+      |> URI.to_string()
+
+    conn
+    |> configure_session(renew: true)
+    |> clear_session()
+    |> redirect(external: url)
   end
 
   defp handle_request(conn, team, %{"teams_identity" => _, "code" => code}) do
diff --git a/lib/livebook_web/controllers/user_controller.ex b/lib/livebook_web/controllers/user_controller.ex
@@ -17,15 +17,11 @@ defmodule LivebookWeb.UserController do
     conn
     |> configure_session(renew: true)
     |> clear_session()
-    |> render("logout.html")
+    |> redirect(to: ~p"/")
   end
 
   defp do_zta_logout(conn) do
     {_type, module, _key} = Livebook.Config.identity_provider()
-
-    case module.logout(LivebookWeb.ZTA, conn) do
-      :ok -> do_logout(conn)
-      {:error, reason} -> conn |> redirect(to: ~p"/") |> put_flash(:error, reason)
-    end
+    module.logout(LivebookWeb.ZTA, conn)
   end
 end
diff --git a/lib/livebook_web/controllers/user_html/logout.html.heex b/lib/livebook_web/controllers/user_html/logout.html.heex
diff --git a/test/livebook_teams/zta/livebook_teams_test.exs b/test/livebook_teams/zta/livebook_teams_test.exs
@@ -128,12 +128,15 @@ defmodule Livebook.ZTA.LivebookTeamsTest do
         build_conn(:get, "/")
         |> init_test_session(Plug.Conn.get_session(conn))
 
-      assert LivebookTeams.logout(test, conn) == :ok
+      assert %{status: 302} = conn = LivebookTeams.logout(test, conn)
+      [url] = get_resp_header(conn, "location")
+      assert %{status: 200} = Req.get!(url)
 
-      # Step 5: If we try to revoke again, it should fail
-      assert {:error, _} = LivebookTeams.logout(test, conn)
+      # Step 5: It we try to authenticate again, it should redirect to Teams
+      conn =
+        build_conn(:get, "/")
+        |> init_test_session(Plug.Conn.get_session(conn))
 
-      # Step 6: It we try to authenticate again, it should redirect to Teams
       {conn, nil} = LivebookTeams.authenticate(test, conn, [])
       assert conn.halted
       assert html_response(conn, 200) =~ "window.location.href = "
diff --git a/test/livebook_web/controllers/user_controller_test.exs b/test/livebook_web/controllers/user_controller_test.exs
@@ -2,28 +2,11 @@ defmodule LivebookWeb.UserControllerTest do
   use LivebookWeb.ConnCase, async: true
 
   describe "GET /logout" do
-    test "renders logout template when logged in", %{conn: conn} do
-      conn = login_user(conn)
-
-      conn = get(conn, ~p"/logout")
-
-      assert html_response(conn, 200) =~ "You have been logged out"
-    end
-
     test "redirects when already logged out", %{conn: conn} do
-      conn = logout_user(conn)
-
-      conn = get(conn, ~p"/logout")
-
-      assert redirected_to(conn) == ~p"/"
-    end
-
-    defp login_user(conn) do
-      Phoenix.ConnTest.init_test_session(conn, %{user_id: 1})
-    end
-
-    defp logout_user(conn) do
-      Phoenix.ConnTest.init_test_session(conn, %{})
+      assert conn
+             |> Phoenix.ConnTest.init_test_session(%{})
+             |> get(~p"/logout")
+             |> redirected_to() == ~p"/"
     end
   end
 end
