-
Notifications
You must be signed in to change notification settings - Fork 2
/
LogoutController.cs
114 lines (102 loc) · 4.34 KB
/
LogoutController.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
using System.Diagnostics;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using Altinn.Platform.Authentication.Configuration;
using Altinn.Platform.Authentication.Enum;
using Altinn.Platform.Authentication.Extensions;
using Altinn.Platform.Authentication.Helpers;
using Altinn.Platform.Authentication.Model;
using Altinn.Platform.Authentication.Services.Interfaces;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.FeatureManagement;
namespace Altinn.Platform.Authentication.Controllers
{
/// <summary>
/// Controller responsible for loging out
/// </summary>
[Route("authentication/api/v1")]
[ApiController]
public class LogoutController : ControllerBase
{
private const string OriginalIssClaimName = "originaliss";
private readonly GeneralSettings _generalSettings;
private readonly OidcProviderSettings _oidcProviderSettings;
private readonly JwtSecurityTokenHandler _validator;
private readonly IEventLog _eventLog;
private readonly IFeatureManager _featureManager;
/// <summary>
/// Defay
/// </summary>
public LogoutController(
ILogger<LogoutController> logger,
IOptions<GeneralSettings> generalSettings,
IOptions<OidcProviderSettings> oidcProviderSettings,
IOidcProvider oidcProvider,
IEventLog eventLog,
IFeatureManager featureManager)
{
_generalSettings = generalSettings.Value;
_oidcProviderSettings = oidcProviderSettings.Value;
_validator = new JwtSecurityTokenHandler();
_eventLog = eventLog;
_featureManager = featureManager;
}
/// <summary>
/// Logs out user
/// </summary>
[AllowAnonymous]
[ProducesResponseType(StatusCodes.Status302Found)]
[HttpGet("logout")]
public ActionResult Logout()
{
JwtSecurityToken jwt = null;
string orgIss = null;
string tokenCookie = Request.Cookies[_generalSettings.JwtCookieName];
if (_validator.CanReadToken(tokenCookie))
{
jwt = _validator.ReadJwtToken(tokenCookie);
orgIss = jwt.Claims.Where(c => c.Type.Equals(OriginalIssClaimName)).Select(c => c.Value).FirstOrDefault();
}
OidcProvider provider = GetOidcProvider(orgIss);
if (provider == null)
{
_eventLog.CreateAuthenticationEventAsync(_featureManager, tokenCookie, AuthenticationEventType.Logout, HttpContext);
return Redirect(_generalSettings.SBLLogoutEndpoint);
}
CookieOptions opt = new CookieOptions() { Domain = _generalSettings.HostName, Secure = true, HttpOnly = true };
Response.Cookies.Delete(_generalSettings.SblAuthCookieName, opt);
Response.Cookies.Delete(_generalSettings.JwtCookieName, opt);
_eventLog.CreateAuthenticationEventAsync(_featureManager, tokenCookie, AuthenticationEventType.Logout, HttpContext);
return Redirect(provider.LogoutEndpoint);
}
/// <summary>
/// Frontchannel logout for OIDC
/// </summary>
/// <returns></returns>
[AllowAnonymous]
[ProducesResponseType(StatusCodes.Status200OK)]
[HttpGet("frontchannel_logout")]
public ActionResult FrontchannelLogout()
{
CookieOptions opt = new CookieOptions() { Domain = _generalSettings.HostName, Secure = true, HttpOnly = true };
Response.Cookies.Delete(_generalSettings.SblAuthCookieName, opt);
Response.Cookies.Delete(_generalSettings.JwtCookieName, opt);
string tokenCookie = Request.Cookies[_generalSettings.JwtCookieName];
_eventLog.CreateAuthenticationEventAsync(_featureManager, tokenCookie, AuthenticationEventType.Logout, HttpContext);
return Ok();
}
private OidcProvider GetOidcProvider(string iss)
{
if (!string.IsNullOrEmpty(iss) && _oidcProviderSettings.ContainsKey(iss))
{
return _oidcProviderSettings[iss];
}
return null;
}
}
}