Fixed logout without current user
but with valid id token Change-Id: I424e60f8456ba53bb8fa990d9e2f54503b9160af
This commit is contained in:
parent
23aa90d68e
commit
865aefeaf1
@ -264,11 +264,6 @@ final class OAuth2ProviderController extends Controller
|
||||
*/
|
||||
public function endSession()
|
||||
{
|
||||
if(!$this->auth_service->isUserLogged()) {
|
||||
Log::debug("OAuth2ProviderController::endSession user is not logged!");
|
||||
return Response::view('errors.404', array(), 404);
|
||||
}
|
||||
|
||||
$request = new OAuth2LogoutRequest
|
||||
(
|
||||
new OAuth2Message
|
||||
@ -280,7 +275,7 @@ final class OAuth2ProviderController extends Controller
|
||||
if(!$request->isValid())
|
||||
{
|
||||
Log::error('invalid OAuth2LogoutRequest!');
|
||||
return Response::view('errors.404', array(), 404);
|
||||
return Response::view('errors.404', [], 404);
|
||||
}
|
||||
|
||||
if(Request::isMethod('get') )
|
||||
@ -314,7 +309,6 @@ final class OAuth2ProviderController extends Controller
|
||||
|
||||
if (!is_null($response) && $response instanceof OAuth2Response) {
|
||||
$strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
|
||||
|
||||
return $strategy->handle($response);
|
||||
}
|
||||
|
||||
|
@ -1428,13 +1428,15 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
||||
$this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
|
||||
throw new InvalidOAuth2Request('user not found!');
|
||||
}
|
||||
|
||||
$logged_user = $this->auth_service->getCurrentUser();
|
||||
|
||||
if(is_null($logged_user) || $logged_user->getId() !== $user->getId()) {
|
||||
if(!is_null($logged_user) && $logged_user->getId() !== $user->getId()) {
|
||||
$this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
|
||||
throw new InvalidOAuth2Request('user does not match with current session!');
|
||||
}
|
||||
|
||||
if(!is_null($logged_user))
|
||||
$this->auth_service->logout();
|
||||
|
||||
if(!empty($redirect_logout_uri))
|
||||
|
Loading…
Reference in New Issue
Block a user