github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: ensure that frontchannel logout unconditionally returns OK

Browse Source
This commit is contained in:
Trong Huu Nguyen
2021-12-14 12:45:28 +01:00
parent 4eee30abde
commit 4446d4c5b8
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/router/handler_frontchannellogout.go
View File

@@ -1,7 +1,6 @@
package router
import (
"fmt"
"net/http"
log "github.com/sirupsen/logrus"
@@ -9,12 +8,18 @@ import (
// FrontChannelLogout triggers logout triggered by a third-party.
func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
params := r.URL.Query()
// Unconditionally return HTTP 200 OK
w.WriteHeader(http.StatusOK)
params := r.URL.Query()
sid := params.Get("sid")
// Unconditionally destroy all local references to the session.
h.deleteCookie(w, h.GetSessionCookieName())
if len(sid) == 0 {
h.BadRequest(w, r, fmt.Errorf("front-channel logout: sid not set in query parameter"))
log.Info("sid parameter not set in request; ignoring")
h.DeleteSessionFallback(w, r)
return
}
@@ -25,8 +30,4 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
log.Error(err)
// Session is already destroyed at the OP and is highly unlikely to be used again.
}
// Unconditionally destroy all local references to the session.
h.deleteCookie(w, h.GetSessionCookieName())
w.WriteHeader(http.StatusOK)
}