Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove user locally if no logout url in IdP #10974

Merged
merged 3 commits into from
May 31, 2024
Merged

fix: remove user locally if no logout url in IdP #10974

merged 3 commits into from
May 31, 2024

Conversation

kulmann
Copy link
Contributor

@kulmann kulmann commented May 28, 2024

Description

There are IdPs without an endSessionEndpoint (e.g. Authelia). In those cases we just need to unload the currently authenticated user.

Related Issue

Motivation and Context

Hardening.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests
  • Documentation
  • Maintenance (e.g. dependency updates or tooling)

@update-docs Update Docs
Copy link

update-docs bot commented May 28, 2024

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@kulmann kulmann force-pushed the fix-missing-logout-url branch from f9ea063 to 19dc4c1 Compare May 28, 2024 12:38
@kulmann
Copy link
Contributor Author

kulmann commented May 29, 2024

Currently thinking about how to test this properly. I'm looking into setting up authelia (because that doesn't have an endSessionEndpoint) and testing it with that... anyone different ideas?

@kulmann kulmann marked this pull request as draft May 29, 2024 14:28
kulmann
kulmann commented May 31, 2024
View reviewed changes
packages/web-runtime/src/pages/accessDenied.vue
@@ -82,7 +82,6 @@ export default defineComponent({
}
}
return {
name: 'login',
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea why we had the name key here... maybe just by mistake and it was really meant for the to route?!

@kulmann kulmann requested a review from JammingBen May 31, 2024 12:02
@kulmann kulmann marked this pull request as ready for review May 31, 2024 12:02
JammingBen
JammingBen approved these changes May 31, 2024
View reviewed changes
Copy link
Contributor

@JammingBen JammingBen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't test it obviously, but code LGTM (aside from one spelling mistake :trollface: )

changelog/unreleased/bugfix-local-logout Outdated Show resolved Hide resolved
@kulmann @JammingBen
Update changelog/unreleased/bugfix-local-logout
177c65f 
Co-authored-by: Jannik Stehle <50302941+JammingBen@users.noreply.github.com>
@kulmann kulmann enabled auto-merge (squash) May 31, 2024 12:15
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@kulmann kulmann merged commit 2ea62b4 into master May 31, 2024
3 checks passed
@delete-merged-branch delete-merged-branch bot deleted the fix-missing-logout-url branch May 31, 2024 12:37
@kulmann kulmann mentioned this pull request May 31, 2024
Draft
3 tasks
@micbar micbar mentioned this pull request Jun 19, 2024
Closed
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JammingBen JammingBen JammingBen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kulmann @JammingBen