We shall only call the sso end session endpoint in case we still have…

… the id_token. In some sceanrios the id_token is no longer known (expiry)
owncloud · Feb 4, 2020 · 2f4a342 · 2f4a342
1 parent 6e80cdf
commit 2f4a342
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/src/services/auth.js b/src/services/auth.js
@@ -78,6 +78,17 @@ export function initVueAuthenticate (config) {
         }
         return null
       },
+      getStoredUserObject () {
+        const storageString = sessionStorage.getItem('oc_oAuth' + mgr._userStoreKey)
+        if (storageString) {
+          const user = User.fromStorageString(storageString)
+          if (user) {
+            mgr.events.load(user, false)
+            return user
+          }
+        }
+        return null
+      },
       isAuthenticated () {
         return this.getToken() !== null
       },

diff --git a/src/store/user.js b/src/store/user.js
@@ -32,12 +32,18 @@ const actions = {
       // force redirect to login page after logout
       router.push({ name: 'login' })
     }
-    vueAuthInstance.logout()
-      .then(logoutFinalizer)
-      .catch(error => {
-        console.error(error)
-        logoutFinalizer()
-      })
+    // TODO: only call logout if we still have the id token
+    const u = vueAuthInstance.getStoredUserObject()
+    if (u && u.id_token) {
+      vueAuthInstance.logout()
+        .then(logoutFinalizer)
+        .catch(error => {
+          console.error(error)
+          logoutFinalizer()
+        })
+    } else {
+      logoutFinalizer()
+    }
   },
   initAuth (context, payload = { autoRedirect: false }) {
     function init (client, token, doLogin = true) {