Fixed logout without current user
but with valid id token Change-Id: I424e60f8456ba53bb8fa990d9e2f54503b9160af
This commit is contained in:
parent
23aa90d68e
commit
865aefeaf1
|
@ -264,11 +264,6 @@ final class OAuth2ProviderController extends Controller
|
||||||
*/
|
*/
|
||||||
public function endSession()
|
public function endSession()
|
||||||
{
|
{
|
||||||
if(!$this->auth_service->isUserLogged()) {
|
|
||||||
Log::debug("OAuth2ProviderController::endSession user is not logged!");
|
|
||||||
return Response::view('errors.404', array(), 404);
|
|
||||||
}
|
|
||||||
|
|
||||||
$request = new OAuth2LogoutRequest
|
$request = new OAuth2LogoutRequest
|
||||||
(
|
(
|
||||||
new OAuth2Message
|
new OAuth2Message
|
||||||
|
@ -280,7 +275,7 @@ final class OAuth2ProviderController extends Controller
|
||||||
if(!$request->isValid())
|
if(!$request->isValid())
|
||||||
{
|
{
|
||||||
Log::error('invalid OAuth2LogoutRequest!');
|
Log::error('invalid OAuth2LogoutRequest!');
|
||||||
return Response::view('errors.404', array(), 404);
|
return Response::view('errors.404', [], 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(Request::isMethod('get') )
|
if(Request::isMethod('get') )
|
||||||
|
@ -314,7 +309,6 @@ final class OAuth2ProviderController extends Controller
|
||||||
|
|
||||||
if (!is_null($response) && $response instanceof OAuth2Response) {
|
if (!is_null($response) && $response instanceof OAuth2Response) {
|
||||||
$strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
|
$strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
|
||||||
|
|
||||||
return $strategy->handle($response);
|
return $strategy->handle($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1428,14 +1428,16 @@ final class OAuth2Protocol implements IOAuth2Protocol
|
||||||
$this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
|
$this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
|
||||||
throw new InvalidOAuth2Request('user not found!');
|
throw new InvalidOAuth2Request('user not found!');
|
||||||
}
|
}
|
||||||
|
|
||||||
$logged_user = $this->auth_service->getCurrentUser();
|
$logged_user = $this->auth_service->getCurrentUser();
|
||||||
|
|
||||||
if(is_null($logged_user) || $logged_user->getId() !== $user->getId()) {
|
if(!is_null($logged_user) && $logged_user->getId() !== $user->getId()) {
|
||||||
$this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
|
$this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
|
||||||
throw new InvalidOAuth2Request('user does not match with current session!');
|
throw new InvalidOAuth2Request('user does not match with current session!');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->auth_service->logout();
|
if(!is_null($logged_user))
|
||||||
|
$this->auth_service->logout();
|
||||||
|
|
||||||
if(!empty($redirect_logout_uri))
|
if(!empty($redirect_logout_uri))
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue