From 903581ffdf08dfa775f42aea2cc75575462643e1 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 16 Jul 2024 17:52:56 -0400 Subject: [PATCH 1/2] Fix issue setting nextUrl on click of logout button Signed-off-by: Craig Perkins --- public/apps/account/utils.tsx | 11 +++++++---- server/auth/types/openid/routes.ts | 7 ++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/public/apps/account/utils.tsx b/public/apps/account/utils.tsx index ab41bd34a..854bd91a6 100644 --- a/public/apps/account/utils.tsx +++ b/public/apps/account/utils.tsx @@ -43,9 +43,9 @@ export async function logout(http: HttpStart, logoutUrl?: string): Promise setShouldShowTenantPopup(null); // Clear everything in the sessionStorage since they can contain sensitive information sessionStorage.clear(); - // When no basepath is set, we can take '/' as the basepath. - const basePath = http.basePath.serverBasePath ? http.basePath.serverBasePath : '/'; - const nextUrl = encodeURIComponent(basePath); + const nextUrl = encodeURIComponent( + window.location.pathname + window.location.search + window.location.hash + ); window.location.href = logoutUrl || `${http.basePath.serverBasePath}/app/login?nextUrl=${nextUrl}`; } @@ -54,7 +54,10 @@ export async function externalLogout(http: HttpStart, logoutEndpoint: string): P // This will ensure tenancy is picked up from local storage in the next login. setShouldShowTenantPopup(null); sessionStorage.clear(); - window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}`; + const nextUrl = encodeURIComponent( + window.location.pathname + window.location.search + window.location.hash + ); + window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}?nextUrl=${nextUrl}`; } export async function updateNewPassword( diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts index 8634f09e2..c6d71e8e7 100644 --- a/server/auth/types/openid/routes.ts +++ b/server/auth/types/openid/routes.ts @@ -263,7 +263,12 @@ export class OpenIdAuthRoutes { const token = tokenFromExtraStorage.length ? tokenFromExtraStorage.split(' ')[1] : cookie?.credentials.authHeaderValue.split(' ')[1]; // get auth token - const nextUrl = getBaseRedirectUrl(this.config, this.core, request); + let nextUrl = getBaseRedirectUrl(this.config, this.core, request); + if (request.url.searchParams.has('nextUrl')) { + nextUrl = `${nextUrl}/app/login?nextUrl=${encodeURIComponent( + request.url.searchParams.get('nextUrl') || '' + )}`; + } const logoutQueryParams = { post_logout_redirect_uri: `${nextUrl}`, From 1a47c48f7fc882ed79d7555427e14f93fa8bb8bc Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 27 Aug 2024 15:27:39 -0400 Subject: [PATCH 2/2] Add to SAML logout logic Signed-off-by: Craig Perkins --- public/apps/account/utils.tsx | 12 +++++++----- public/utils/logout-utils.tsx | 2 +- server/auth/types/openid/routes.ts | 2 +- server/auth/types/saml/routes.ts | 10 ++++++++-- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/public/apps/account/utils.tsx b/public/apps/account/utils.tsx index 854bd91a6..56328ddfe 100644 --- a/public/apps/account/utils.tsx +++ b/public/apps/account/utils.tsx @@ -43,11 +43,13 @@ export async function logout(http: HttpStart, logoutUrl?: string): Promise setShouldShowTenantPopup(null); // Clear everything in the sessionStorage since they can contain sensitive information sessionStorage.clear(); - const nextUrl = encodeURIComponent( - window.location.pathname + window.location.search + window.location.hash - ); - window.location.href = - logoutUrl || `${http.basePath.serverBasePath}/app/login?nextUrl=${nextUrl}`; + if (logoutUrl) { + window.location.href = logoutUrl; + } else { + // when session timed out, user credentials in cookie are wiped out + // refresh the page will direct the user to go through login process + window.location.reload(); + } } export async function externalLogout(http: HttpStart, logoutEndpoint: string): Promise { diff --git a/public/utils/logout-utils.tsx b/public/utils/logout-utils.tsx index 7ab38e459..132a2daad 100644 --- a/public/utils/logout-utils.tsx +++ b/public/utils/logout-utils.tsx @@ -38,7 +38,7 @@ export function interceptError(logoutUrl: string, thisWindow: Window): any { thisWindow.location.href = logoutUrl; } else { // when session timed out, user credentials in cookie are wiped out - // refres the page will direct the user to go through login process + // refresh the page will direct the user to go through login process thisWindow.location.reload(); } } diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts index b0148c7c5..5168e6ac4 100644 --- a/server/auth/types/openid/routes.ts +++ b/server/auth/types/openid/routes.ts @@ -266,7 +266,7 @@ export class OpenIdAuthRoutes { ? tokenFromExtraStorage.split(' ')[1] : cookie?.credentials.authHeaderValue.split(' ')[1]; // get auth token let nextUrl = getBaseRedirectUrl(this.config, this.core, request); - if (request.url.searchParams.has('nextUrl')) { + if (request.url.searchParams.has('nextUrl') && !!request.url.searchParams.get('nextUrl')) { nextUrl = `${nextUrl}/app/login?nextUrl=${encodeURIComponent( request.url.searchParams.get('nextUrl') || '' )}`; diff --git a/server/auth/types/saml/routes.ts b/server/auth/types/saml/routes.ts index 0e01803c1..1812665a9 100644 --- a/server/auth/types/saml/routes.ts +++ b/server/auth/types/saml/routes.ts @@ -392,9 +392,15 @@ export class SamlAuthRoutes { this.getExtraAuthStorageOptions(context.security_plugin.logger) ); this.sessionStorageFactory.asScoped(request).clear(); + + let loginUrl = `${this.coreSetup.http.basePath.serverBasePath}/app/login`; + if (request.url.searchParams.has('nextUrl')) { + loginUrl = `${loginUrl}?nextUrl=${encodeURIComponent( + request.url.searchParams.get('nextUrl') || '' + )}`; + } // TODO: need a default logout page - const redirectUrl = - authInfo.sso_logout_url || this.coreSetup.http.basePath.serverBasePath || '/'; + const redirectUrl = authInfo.sso_logout_url || loginUrl; return response.redirected({ headers: { location: redirectUrl,