refactor(handler): minor cleanups

2026-05-07 17:06:57 +00:00 · 2022-07-19 20:11:52 +02:00
parent 3e62683cad
commit 09ab8b9e3b
7 changed files with 14 additions and 10 deletions
--- a/pkg/handler/handler_callback.go
+++ b/pkg/handler/handler_callback.go
@@ -17,6 +17,7 @@ import (
 	retrypkg "github.com/nais/wonderwall/pkg/retry"
 )

+// Callback handles the authentication response from the identity provider.
 func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	// unconditionally clear login cookie
 	h.clearLoginCookies(w)
--- a/pkg/handler/handler_default.go
+++ b/pkg/handler/handler_default.go
@@ -8,7 +8,7 @@ import (
 	"github.com/nais/wonderwall/pkg/session"
 )

-// Default proxies all requests upstream
+// Default proxies all requests upstream.
 func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
 	isAuthenticated := false

--- a/pkg/handler/handler_frontchannellogout.go
+++ b/pkg/handler/handler_frontchannellogout.go
@@ -8,7 +8,7 @@ import (
 	logentry "github.com/nais/wonderwall/pkg/middleware"
 )

-// FrontChannelLogout triggers logout triggered by a third-party.
+// FrontChannelLogout performs a local logout initiated by a third party in the SSO circle-of-trust.
 func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
 	logger := logentry.LogEntry(r)

--- a/pkg/handler/handler_login.go
+++ b/pkg/handler/handler_login.go
@@ -19,6 +19,7 @@ const (
 	LoginCookieLifetime = 1 * time.Hour
 )

+// Login initiates the authorization code flow.
 func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
 	login, err := h.Client.Login(r)
 	if err != nil {
--- a/pkg/handler/handler_logout.go
+++ b/pkg/handler/handler_logout.go
@@ -13,15 +13,22 @@ import (
 	"github.com/nais/wonderwall/pkg/session"
 )

-// Logout triggers self-initiated for the current user
+// Logout triggers self-initiated logout for the current user.
 func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
 	logger := logentry.LogEntry(r)

+	logout, err := h.Client.Logout()
+	if err != nil {
+		h.InternalError(w, r, err)
+		return
+	}
+
 	var idToken string

 	sessionData, err := h.getSessionFromCookie(w, r)
 	if err == nil && sessionData != nil {
 		idToken = sessionData.IDToken
+
 		err = h.destroySession(w, r, h.localSessionID(sessionData.ExternalSessionID))
 		if err != nil && !errors.Is(err, session.KeyNotFoundError) {
 			h.InternalError(w, r, fmt.Errorf("logout: destroying session: %w", err))
@@ -40,12 +47,6 @@ func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
 		h.Loginstatus.ClearCookie(w, h.CookieOptions)
 	}

-	logout, err := h.Client.Logout()
-	if err != nil {
-		h.InternalError(w, r, err)
-		return
-	}
-
 	logger.Info("logout: redirecting to identity provider")
 	metrics.ObserveLogout(metrics.LogoutOperationSelfInitiated)
 	http.Redirect(w, r, logout.SingleLogoutURL(idToken), http.StatusTemporaryRedirect)
--- a/pkg/handler/handler_logout_callback.go
+++ b/pkg/handler/handler_logout_callback.go
@@ -6,7 +6,7 @@ import (
 	logentry "github.com/nais/wonderwall/pkg/middleware"
 )

-// LogoutCallback handles the callback from the self-initiated logout for the current user
+// LogoutCallback handles the callback initiated by the self-initiated logout after single-logout at the identity provider.
 func (h *Handler) LogoutCallback(w http.ResponseWriter, r *http.Request) {
 	redirect := h.Client.LogoutCallback(r).PostLogoutRedirectURI()

--- a/pkg/handler/handler_test.go
+++ b/pkg/handler/handler_test.go
@@ -86,6 +86,7 @@ func TestHandler_LogoutCallback(t *testing.T) {
 	defer idp.Close()

 	rpClient := idp.RelyingPartyClient()
+	login(t, rpClient, idp)
 	logout(t, rpClient, idp)
 }