Skip to content

Commit

Permalink
Open logout URL directly
Browse files Browse the repository at this point in the history
  • Loading branch information
LukasHirt committed Oct 20, 2020
1 parent 60b2484 commit c714783
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 15 deletions.
6 changes: 6 additions & 0 deletions changelog/unreleased/fix-logout
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Bugfix: OIDC logout

We've fixed the bug that the user sometimes got immediately logged back into the web UI after clicking on logout.

https://github.com/owncloud/product/issues/266
https://github.com/owncloud/phoenix/pull/4211
5 changes: 4 additions & 1 deletion src/components/UserMenu.vue
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,10 @@ export default {
methods: {
logout() {
this.visible = false
this.$store.dispatch('logout')
// Use timeout to leave enough time for the dropdown to be hidden
setTimeout(() => {
this.$store.dispatch('logout')
})
},
focusFirstLink() {
/*
Expand Down
9 changes: 7 additions & 2 deletions src/services/auth.js
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,13 @@ export function initVueAuthenticate(config) {
isAuthenticated() {
return this.getToken() !== null
},
logout() {
return mgr.signoutRedirect()
createSignoutRequest(idToken) {
return new Promise((resolve, reject) => {
mgr
.createSignoutRequest(idToken)
.then(signoutRequest => resolve(signoutRequest.url))
.catch(error => reject(error))
})
},
clearLoginState() {
return mgr.removeUser()
Expand Down
33 changes: 21 additions & 12 deletions src/store/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,25 +26,34 @@ const actions = {
// clear oidc client state
vueAuthInstance.clearLoginState()
},
logout(context) {
const logoutFinalizer = () => {
context.dispatch('cleanUpLoginState')
context.dispatch('loadSettingsValues')
// force redirect to login page after logout
router.push({ name: 'login' })
async logout({ dispatch }) {
function logoutFinalizier(forceRedirect = false) {
// Remove signed in user
dispatch('cleanUpLoginState')
dispatch('loadSettingsValues')

// Force redirect to login
if (forceRedirect) {
router.push({ name: 'login' })
}
}
// TODO: only call logout if we still have the id token
const u = vueAuthInstance.getStoredUserObject()
const u = await vueAuthInstance.getStoredUserObject()

if (u && u.id_token) {
vueAuthInstance
.logout()
.then(logoutFinalizer)
.createSignoutRequest({ id_token_hint: u.id_token })
.then(signoutRequestUrl => {
logoutFinalizier()

// Navigate to signout URL
window.open(signoutRequestUrl, '_self')
})
.catch(error => {
console.error(error)
logoutFinalizer()
})
} else {
logoutFinalizer()
// Oauth2 logout
logoutFinalizier(true)
}
},
initAuth(context, payload = { autoRedirect: false }) {
Expand Down

0 comments on commit c714783

Please sign in to comment.