diff options
| author | Dave Arter <davea@mysociety.org> | 2019-07-03 17:25:12 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-08-16 14:25:12 +0100 |
| commit | 90930e50590a6dc3bfbdac345b6286a1b22f0438 (patch) | |
| tree | 0bce6e19014d2d86c8d75a448b0c58582f7a10b8 | |
| parent | 0d39d25104aa5b5bc8fe326772d5984b3f498b43 (diff) | |
Add support for OIDC logout
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 9 |
2 files changed, 15 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index b1c795b1e..6b2b29044 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -445,6 +445,12 @@ Log the user out. Tell them we've done so. sub sign_out : Local { my ( $self, $c ) = @_; $c->logout(); + + if ( $c->sessionid && $c->session->{oauth} && $c->session->{oauth}{logout_redirect_uri} ) { + $c->response->redirect($c->session->{oauth}{logout_redirect_uri}); + delete $c->session->{oauth}{logout_redirect_uri}; + $c->detach; + } } sub ajax_sign_in : Path('ajax/sign_in') { diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index b22ca64b1..f4ef7defe 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -7,6 +7,7 @@ BEGIN { extends 'Catalyst::Controller'; } use Net::Facebook::Oauth2; use Net::Twitter::Lite::WithAPIv1_1; use OIDC::Lite::Client::WebServer::Azure; +use URI::Escape; =head1 NAME @@ -237,6 +238,14 @@ sub oidc_callback: Path('/auth/OIDC') : Args(0) { # which is passed to Open311 with reports made by this user. my $extra = $c->cobrand->call_hook(oidc_user_extra => $id_token); + # The OIDC endpoint may require a specific URI to be called to log the user + # out when they log out of FMS. + if ( my $redirect_uri = $c->cobrand->feature('oidc_login')->{logout_uri} ) { + $redirect_uri .= "?post_logout_redirect_uri="; + $redirect_uri .= URI::Escape::uri_escape( $c->uri_for('/auth/sign_out') ); + $c->session->{oauth}{logout_redirect_uri} = $redirect_uri; + } + $c->forward('oauth_success', [ 'oidc', $uid, $name, $email, $extra ]); } |