apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[v11.0.x] AuthN: Fix signout redirect url (#87681)

Browse Source 
* AuthN: Fix signout redirect url (#87631)

* Add missing return

* Use sign out redirect url from auth config if configured

* remove option from auth.jwt that is not used

(cherry picked from commit 0f3080ecb8)

---------

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
release-11.0.0 v11.0.0
grafana-delivery-bot[bot] 1 year ago committed by GitHub
parent c23435875d
commit 277ef258d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 19 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      conf/defaults.ini
  2. 1
      pkg/api/login.go
  3. 5
      pkg/services/authn/authnimpl/service.go
  4. 15
      pkg/services/authn/authnimpl/service_test.go

1
conf/defaults.ini
Unescape View File

@ -867,7 +867,6 @@ auto_sign_up = false
url_login = false
allow_assign_grafana_admin = false
skip_org_role_sync = false
signout_redirect_url =
#################################### Auth LDAP ###########################
[auth.ldap]

1
pkg/api/login.go
Unescape View File

@ -261,6 +261,7 @@ func (hs *HTTPServer) Logout(c *contextmodel.ReqContext) {
if err != nil {
hs.log.Error("Failed perform proper logout", "error", err)
c.Redirect(hs.Cfg.AppSubURL + "/login")
return
}
_, id := c.SignedInUser.GetNamespacedID()

5
pkg/services/authn/authnimpl/service.go
Unescape View File

@ -347,6 +347,9 @@ func (s *Service) Logout(ctx context.Context, user identity.Requester, sessionTo
defer span.End()
redirect := &authn.Redirect{URL: s.cfg.AppSubURL + "/login"}
if s.cfg.SignoutRedirectUrl != "" {
redirect.URL = s.cfg.SignoutRedirectUrl
}
namespace, id := user.GetNamespacedID()
if namespace != authn.NamespaceUser {
@ -384,7 +387,7 @@ func (s *Service) Logout(ctx context.Context, user identity.Requester, sessionTo
}
Default:
if err = s.sessionService.RevokeToken(ctx, sessionToken, false); err != nil {
if err = s.sessionService.RevokeToken(ctx, sessionToken, false); err != nil && !errors.Is(err, auth.ErrUserTokenNotFound) {
return nil, err
}

15
pkg/services/authn/authnimpl/service_test.go
Unescape View File

@ -311,7 +311,8 @@ func TestService_Logout(t *testing.T) {
sessionToken *usertoken.UserToken
info *login.UserAuth
client authn.Client
client authn.Client
signoutRedirectURL string
expectedErr error
expectedTokenRevoked bool
@ -345,6 +346,14 @@ func TestService_Logout(t *testing.T) {
client: &authntest.FakeClient{ExpectedName: "auth.client.azuread"},
expectedTokenRevoked: true,
},
{
desc: "should use signout redirect url if configured",
identity: &authn.Identity{ID: authn.NamespacedID(authn.NamespaceUser, 1), AuthenticatedBy: "azuread"},
expectedRedirect: &authn.Redirect{URL: "some-url"},
client: &authntest.FakeClient{ExpectedName: "auth.client.azuread"},
signoutRedirectURL: "some-url",
expectedTokenRevoked: true,
},
{
desc: "should redirect to client specific url",
identity: &authn.Identity{ID: authn.NamespacedID(authn.NamespaceUser, 1)},
@ -381,6 +390,10 @@ func TestService_Logout(t *testing.T) {
return nil
},
}
if tt.signoutRedirectURL != "" {
svc.cfg.SignoutRedirectUrl = tt.signoutRedirectURL
}
})
redirect, err := s.Logout(context.Background(), tt.identity, tt.sessionToken)

Write Preview
Loading…
Cancel
Save