OpenConceptLab/ocl_issues#1480 | on SSO token expiry redirect to logi…

…n and redirect back to same location

public/index.html

@@ -32,10 +32,10 @@
        window.location = '/#/search/' + window.location.search;
      }
      if(window.location.hash.startsWith('#/state=')) {
-       window.location = '/#/oidc/login/' + window.location.hash.replace('#/', '?');
+       window.location = '/#/oidc/login/' + window.location.hash.replace('#/', '?') + '&next=' + window.location.pathname;
      }
      if(window.location.hash.startsWith('#state=')) {
-       window.location = '/#/oidc/login/' + window.location.hash.replace('#', '?');
+       window.location = '/#/oidc/login/' + window.location.hash.replace('#', '?') + '&next=' + window.location.pathname;
      }
     </script>
     <title></title>

src/common/utils.js

@@ -670,7 +670,7 @@ export const getSiteTitle = () => get(getAppliedServerConfig(), 'info.site.title
 
 export const getRandomColor = () => `#${Math.floor(Math.random()*16777215).toString(16)}`;
 
-export const logoutUser = (alert = true, redirectToLogin) => {
+export const logoutUser = (alert = true, redirectToLogin, forced) => {
   const clearTokens = () => {
     localStorage.removeItem('token');
     localStorage.removeItem('id_token');
@@ -689,7 +689,11 @@ export const logoutUser = (alert = true, redirectToLogin) => {
       window.location.reload();
     }
   }
-  const logoutURL = getSSOLogoutURL()
+  let redirectURL;
+  if(forced) {
+    redirectURL = window.location.origin + '/#/accounts/login?next=' + (window.location.origin + '/'+ window.location.hash)
+  }
+  const logoutURL = getSSOLogoutURL(redirectURL)
   if(logoutURL) {
     clearTokens()
     window.location = logoutURL
@@ -806,21 +810,25 @@ export const isSSOEnabled = () => {
 }
 
 export const getLoginURL = returnTo => {
-  const redirectURL = window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL
+  let redirectURL = returnTo || window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL
   const oidClientID = window.OIDC_RP_CLIENT_ID || process.env.OIDC_RP_CLIENT_ID
+
+  redirectURL = redirectURL.replace(/([^:]\/)\/+/g, "$1");
+
   if(isSSOEnabled())
     return `${getAPIURL()}/users/login/?client_id=${oidClientID}&state=fj8o3n7bdy1op5&nonce=13sfaed52le09&redirect_uri=${redirectURL}`
   let url = '/#/accounts/login'
   if(returnTo)
     url += `?returnTo=${returnTo}`
+
   return url
 }
 
-export const getSSOLogoutURL = () => {
-  const redirectURL = window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL
+export const getSSOLogoutURL = returnTo => {
+  const redirectURL = returnTo || window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL
   const idToken = localStorage.id_token
   if(redirectURL && idToken)
-    return `${getAPIURL()}/users/logout/?&post_logout_redirect_uri=${redirectURL}&id_token_hint=${idToken}`
+    return `${getAPIURL()}/users/logout/?id_token_hint=${idToken}&post_logout_redirect_uri=${redirectURL}`
 }
 
 

src/components/users/Login.jsx

@@ -10,7 +10,7 @@ import {
 import { values, map, get } from 'lodash';
 import APIService from '../../services/APIService';
 import {
-  refreshCurrentUserCache, getAppliedServerConfig
+  refreshCurrentUserCache, getAppliedServerConfig, isSSOEnabled, getLoginURL
 } from '../../common/utils';
 import VerifyEmailMessage from './VerifyEmailMessage';
 
@@ -27,6 +27,13 @@ class Login extends React.Component {
     }
   }
 
+  componentDidMount() {
+    if(isSSOEnabled()) {
+      const queryString = new URLSearchParams(window.location.hash.split('?')[1])
+      window.location = getLoginURL(queryString.get('next').replace('#', ''))
+    }
+  }
+
   handleSubmit = event => {
     event.preventDefault()
     const form = document.getElementsByTagName('form')[0];
@@ -84,7 +91,8 @@ class Login extends React.Component {
 
   render() {
     const { serverError, verificationMsg, email, showPassword } = this.state;
-    return (
+    return (isSSOEnabled() ?
+      <p>Redirecting...</p> :
       <div className='col-md-12' style={{marginTop: '25px'}}>
         <div className='col-md-3' />
         <div className='col-md-6'>

src/components/users/OIDLoginCallback.jsx

@@ -9,6 +9,12 @@ import APIService from '../../services/APIService'
 
 
 class OIDLoginCallback extends React.Component {
+  constructor(props) {
+    super(props)
+    this.state = {
+      next: null
+    }
+  }
   componentDidMount() {
     this.exchangeCodeForToken()
   }
@@ -17,35 +23,42 @@ class OIDLoginCallback extends React.Component {
     const queryParams = new URLSearchParams(this.props.location.search)
     const code = queryParams.get('code')
     const idToken = queryParams.get('id_token')
+    const next = queryParams.get('next')
     if(code) {
       /*eslint no-undef: 0*/
-      const redirectURL = window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL
-      const clientSecret = window.OIDC_RP_CLIENT_SECRET || process.env.OIDC_RP_CLIENT_SECRET
-      const clientId = window.OIDC_RP_CLIENT_ID || process.env.OIDC_RP_CLIENT_ID
+      this.setState({next: next && next !== '/' ? next : null }, () => {
+        const redirectURL = this.state.next ? window.location.origin + this.state.next : (window.LOGIN_REDIRECT_URL || process.env.LOGIN_REDIRECT_URL)
+        const clientSecret = window.OIDC_RP_CLIENT_SECRET || process.env.OIDC_RP_CLIENT_SECRET
+        const clientId = window.OIDC_RP_CLIENT_ID || process.env.OIDC_RP_CLIENT_ID
 
-      APIService.users().appendToUrl('oidc/code-exchange/').post({code: code, redirect_uri: redirectURL, client_id: clientId, client_secret: clientSecret}).then(res => {
-        if(res.data?.access_token) {
-          localStorage.removeItem('server_configs')
-          localStorage.setItem('token', res.data.access_token)
-          localStorage.setItem('id_token', idToken)
-          this.cacheUserData()
-        } else {
-          alertifyjs.error(res.data)
-        }
+        APIService.users().appendToUrl('oidc/code-exchange/').post({code: code, redirect_uri: redirectURL, client_id: clientId, client_secret: clientSecret}).then(res => {
+          if(res.data?.access_token) {
+            localStorage.removeItem('server_configs')
+            localStorage.setItem('token', res.data.access_token)
+            localStorage.setItem('id_token', idToken)
+            this.cacheUserData()
+          } else {
+            alertifyjs.error(res.data)
+          }
+        })
       })
     }
   }
 
   cacheUserData() {
     refreshCurrentUserCache(response => {
       alertifyjs.success(`Successfully signed in`)
-      let returnToURL = response.data.url
-      if(get(this.props, 'location.search')) {
-        const queryParams = new URLSearchParams(this.props.location.search)
-        if(queryParams && queryParams.get('returnTo'))
-          returnToURL = queryParams.get('returnTo')
+      if(this.state.next)
+        window.location.hash = '#' + this.state.next
+      else {
+        let returnToURL = response.data.url
+        if(get(this.props, 'location.search')) {
+          const queryParams = new URLSearchParams(this.props.location.search)
+          if(queryParams && queryParams.get('returnTo'))
+            returnToURL = queryParams.get('returnTo')
+        }
+        window.location.hash  = '#' + returnToURL
       }
-      window.location.hash  = '#' + returnToURL
     })
   }
 

src/components/users/UserOptions.jsx

@@ -43,7 +43,7 @@ const UserOptions = () => {
         if(!alertifyForLogout) {
           alertifyForLogout = true
           clearInterval(intervalId)
-          alertifyjs.error('Your token has been expired. You are logged out, please re-login.', 2, () => logoutUser(false, false))
+          alertifyjs.error('Your token has been expired. You are logged out, please re-login.', 2, () => logoutUser(false, false, true))
         }
       }
     })