mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 20:18:13 +02:00
core/authenticate: redirect to /.pomerium/signed_out when no signout redirect url is defined (#5060)
This commit is contained in:
parent
991fca496c
commit
5f800300a4
2 changed files with 30 additions and 5 deletions
|
@ -237,6 +237,11 @@ func (a *Authenticate) signOutRedirect(w http.ResponseWriter, r *http.Request) e
|
|||
log.Warn(r.Context()).Err(err).Msg("authenticate: failed to get sign out url for authenticator")
|
||||
}
|
||||
|
||||
// if the authenticator failed to sign out, and no sign out url is defined, just go to the signed out page
|
||||
if signOutURL == "" {
|
||||
signOutURL = authenticateSignedOutURL
|
||||
}
|
||||
|
||||
httputil.Redirect(w, r, signOutURL, http.StatusFound)
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -132,6 +132,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
sessionStore sessions.SessionStore
|
||||
wantCode int
|
||||
wantBody string
|
||||
wantLocation string
|
||||
}{
|
||||
{
|
||||
"good post",
|
||||
|
@ -145,6 +146,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"https://corp.pomerium.io/",
|
||||
},
|
||||
{
|
||||
"signout redirect url",
|
||||
|
@ -158,6 +160,21 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"https://signout-redirect-url.example.com",
|
||||
},
|
||||
{
|
||||
"empty redirect url",
|
||||
http.MethodPost,
|
||||
nil,
|
||||
"",
|
||||
"",
|
||||
"sig",
|
||||
"ts",
|
||||
identity.MockProvider{SignOutError: oidc.ErrSignoutNotImplemented},
|
||||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"https://authenticate.pomerium.app/.pomerium/signed_out",
|
||||
},
|
||||
{
|
||||
"failed revoke",
|
||||
|
@ -171,6 +188,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"https://corp.pomerium.io/",
|
||||
},
|
||||
{
|
||||
"load session error",
|
||||
|
@ -184,6 +202,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"https://corp.pomerium.io/",
|
||||
},
|
||||
{
|
||||
"bad redirect uri",
|
||||
|
@ -197,6 +216,7 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
&mstore.Store{Encrypted: true, Session: &sessions.State{}},
|
||||
http.StatusFound,
|
||||
"",
|
||||
"/corp.pomerium.io/",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
@ -224,7 +244,9 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
params, _ := url.ParseQuery(u.RawQuery)
|
||||
params.Add("sig", tt.sig)
|
||||
params.Add("ts", tt.ts)
|
||||
params.Add(urlutil.QueryRedirectURI, tt.redirectURL)
|
||||
if tt.redirectURL != "" {
|
||||
params.Add(urlutil.QueryRedirectURI, tt.redirectURL)
|
||||
}
|
||||
u.RawQuery = params.Encode()
|
||||
r := httptest.NewRequest(tt.method, u.String(), nil)
|
||||
state, err := tt.sessionStore.LoadSession(r)
|
||||
|
@ -245,10 +267,8 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
if diff := cmp.Diff(body, tt.wantBody); diff != "" {
|
||||
t.Errorf("handler returned wrong body Body: %s", diff)
|
||||
}
|
||||
if tt.signoutRedirectURL != "" {
|
||||
loc := w.Header().Get("Location")
|
||||
assert.Contains(t, loc, tt.signoutRedirectURL)
|
||||
}
|
||||
loc := w.Header().Get("Location")
|
||||
assert.Equal(t, tt.wantLocation, loc)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue