From f47c4445bd7f2e5c8ea5351b29ca2288d4862129 Mon Sep 17 00:00:00 2001 From: Pedro Juarez Date: Sun, 12 May 2024 09:30:46 -0700 Subject: [PATCH] Return header with error idp logout (#3346) --- api/user_logout.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/api/user_logout.go b/api/user_logout.go index 110fb6889..921c71cb2 100644 --- a/api/user_logout.go +++ b/api/user_logout.go @@ -20,10 +20,13 @@ import ( "context" "encoding/base64" "encoding/json" + "fmt" "net/http" "net/url" "time" + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" "github.com/minio/console/api/operations" @@ -37,10 +40,13 @@ func registerLogoutHandlers(api *operations.ConsoleAPI) { api.AuthLogoutHandler = authApi.LogoutHandlerFunc(func(params authApi.LogoutParams, session *models.Principal) middleware.Responder { err := getLogoutResponse(session, params) if err != nil { - api.Logger("IDP logout failed: %v", err.APIError) + api.Logger("IDP logout failed: %v", err.APIError.DetailedMessage) } // Custom response writer to expire the session cookies return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) { + if err != nil { + w.Header().Set("IDP-Logout", fmt.Sprintf("%v", err.APIError.DetailedMessage)) + } expiredCookie := ExpireSessionCookie() // this will tell the browser to clear the cookie and invalidate user session // additionally we are deleting the cookie from the client side @@ -104,10 +110,14 @@ func logoutFromIDPProvider(r *http.Request, state string) error { client := &http.Client{ Transport: GlobalTransport, } - _, err := client.PostForm(providerCfg.EndSessionEndpoint, params) + result, err := client.PostForm(providerCfg.EndSessionEndpoint, params) if err != nil { - return err + return errors.New(500, "failed to logout: %v", err.Error()) + } + if result.StatusCode != 204 { + return errors.New(int32(result.StatusCode), "failed to logout") } } + return nil }