Skip to content

Commit

Permalink
PR!10573: uses one method for both POST and GET, Rspec tests use shar…
Browse files Browse the repository at this point in the history 
…ed_examples
  • Loading branch information
@lmgeorge
lmgeorge committed May 10, 2024
1 parent 7913de6 commit 756061e
Show file tree
Hide file tree
Showing 4 changed files with 543 additions and 1,049 deletions.
65 changes: 32 additions & 33 deletions app/controllers/openid_connect/logout_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,47 +5,35 @@ class LogoutController < ApplicationController
include SecureHeadersConcern
include FullyAuthenticatable

before_action :set_devise_failure_redirect_for_concurrent_session_logout, only: [:index]
before_action :set_devise_failure_redirect_for_concurrent_session_logout,
only: [:logout]
before_action :confirm_two_factor_authenticated, only: [:delete]

def index
@logout_form = build_logout_form

result = @logout_form.submit
analytics.oidc_logout_requested(**result.to_h.except(:redirect_uri))

if result.success? && result.extra[:redirect_uri]
handle_successful_logout_request(result, result.extra[:redirect_uri])
else
render :error
end
end

def delete
# Handle logout (with confirmation if initiated by relying partner)
def logout
@logout_form = build_logout_form
result = @logout_form.submit
redirect_uri = result.extra[:redirect_uri]

analytics.oidc_logout_submitted(**result.to_h.except(:redirect_uri))
analytics.oidc_logout_requested(**to_event(result))

if result.success? && (redirect_uri = result.extra[:redirect_uri])
analytics.logout_initiated(**result.to_h.except(:redirect_uri))
irs_attempts_api_tracker.logout_initiated(success: result.success?)

redirect_user(redirect_uri, @logout_form.service_provider&.issuer, current_user&.uuid)
sign_out
if result.success? && redirect_uri
handle_successful_logout_request(result, redirect_uri)
else
render :error
end
end

def create
# Sign out without confirmation
def delete
@logout_form = build_logout_form
result = @logout_form.submit
redirect_uri = result.extra[:redirect_uri]

analytics.oidc_logout_requested(**result.to_h.except(:redirect_uri))
analytics.oidc_logout_submitted(**to_event(result))

if result.success? && result.extra[:redirect_uri]
handle_successful_logout_request(result, result.extra[:redirect_uri])
if result.success? && redirect_uri
handle_logout(result, redirect_uri)
else
render :error
end
Expand Down Expand Up @@ -117,7 +105,8 @@ def build_logout_form
def handle_successful_logout_request(result, redirect_uri)
apply_logout_secure_headers_override(redirect_uri, @logout_form.service_provider)
if require_logout_confirmation?
analytics.oidc_logout_visited(**result.to_h.except(:redirect_uri))
analytics.oidc_logout_visited(**to_event(result))

@params = {
client_id: logout_params[:client_id],
post_logout_redirect_uri: logout_params[:post_logout_redirect_uri],
Expand All @@ -126,15 +115,25 @@ def handle_successful_logout_request(result, redirect_uri)
@service_provider_name = @logout_form.service_provider&.friendly_name
delete_branded_experience(logout: true)

render :index
render :confirm_logout
else
analytics.logout_initiated(**result.to_h.except(:redirect_uri))
irs_attempts_api_tracker.logout_initiated(success: result.success?)
handle_logout(result, redirect_uri)
end
end

sign_out
def handle_logout(result, redirect_uri)
analytics.logout_initiated(**to_event(result))
irs_attempts_api_tracker.logout_initiated(success: result.success?)

redirect_user(redirect_uri, @logout_form.service_provider&.issuer, current_user&.uuid)
end
sign_out

redirect_user(redirect_uri, @logout_form.service_provider&.issuer, current_user&.uuid)
end

# Convert FormResponse into loggable analytics event
# @param [FormResponse] result
def to_event(result)
result.to_h.except(:redirect_uri)
end

def logout_params
Expand Down
0 ...iews/openid_connect/logout/index.html.erb → ...id_connect/logout/confirm_logout.html.erb
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion config/routes.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
post '/api/logger' => 'frontend_log#create'

get '/openid_connect/authorize' => 'openid_connect/authorization#index'
get '/openid_connect/logout' => 'openid_connect/logout#index'
match '/openid_connect/logout' => 'openid_connect/logout#logout', via: %i[get post]
delete '/openid_connect/logout' => 'openid_connect/logout#delete'

get '/robots.txt' => 'robots#index'
Expand Down
Loading

0 comments on commit 756061e

Please sign in to comment.