Browse Source

Fixed logout without current user

but with valid id token

Change-Id: I424e60f8456ba53bb8fa990d9e2f54503b9160af
tags/1.0.25
Sebastian Marcet 8 months ago
parent
commit
865aefeaf1

+ 1
- 7
app/Http/Controllers/OAuth2/OAuth2ProviderController.php View File

@@ -264,11 +264,6 @@ final class OAuth2ProviderController extends Controller
264 264
      */
265 265
     public function endSession()
266 266
     {
267
-        if(!$this->auth_service->isUserLogged()) {
268
-            Log::debug("OAuth2ProviderController::endSession user is not logged!");
269
-            return Response::view('errors.404', array(), 404);
270
-        }
271
-
272 267
         $request = new OAuth2LogoutRequest
273 268
         (
274 269
             new OAuth2Message
@@ -280,7 +275,7 @@ final class OAuth2ProviderController extends Controller
280 275
         if(!$request->isValid())
281 276
         {
282 277
             Log::error('invalid OAuth2LogoutRequest!');
283
-            return Response::view('errors.404', array(), 404);
278
+            return Response::view('errors.404', [], 404);
284 279
         }
285 280
 
286 281
         if(Request::isMethod('get') )
@@ -314,7 +309,6 @@ final class OAuth2ProviderController extends Controller
314 309
 
315 310
             if (!is_null($response) && $response instanceof OAuth2Response) {
316 311
                 $strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
317
-
318 312
                 return $strategy->handle($response);
319 313
             }
320 314
 

+ 4
- 2
app/libs/OAuth2/OAuth2Protocol.php View File

@@ -1428,14 +1428,16 @@ final class OAuth2Protocol implements IOAuth2Protocol
1428 1428
                 $this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
1429 1429
                 throw new InvalidOAuth2Request('user not found!');
1430 1430
             }
1431
+
1431 1432
             $logged_user = $this->auth_service->getCurrentUser();
1432 1433
 
1433
-            if(is_null($logged_user) || $logged_user->getId() !== $user->getId()) {
1434
+            if(!is_null($logged_user) && $logged_user->getId() !== $user->getId()) {
1434 1435
                 $this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
1435 1436
                 throw new InvalidOAuth2Request('user does not match with current session!');
1436 1437
             }
1437 1438
 
1438
-            $this->auth_service->logout();
1439
+            if(!is_null($logged_user))
1440
+                $this->auth_service->logout();
1439 1441
 
1440 1442
             if(!empty($redirect_logout_uri))
1441 1443
             {

Loading…
Cancel
Save