Support RP-Initiated Logout

Signed-off-by: hongming <talonwan@yunify.com>
2021-04-20 12:01:25 +08:00
parent 37c53db57f
commit 8fdd8beb08
5 changed files with 74 additions and 14 deletions
--- a/pkg/kapis/oauth/handler.go
+++ b/pkg/kapis/oauth/handler.go
@@ -19,6 +19,9 @@ package oauth
 import (
 	"fmt"
 	"net/http"
+	"net/url"
+
+	"kubesphere.io/kubesphere/pkg/server/errors"

 	"github.com/emicklei/go-restful"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -320,3 +323,33 @@ func (h *handler) refreshTokenGrant(req *restful.Request, response *restful.Resp

 	response.WriteEntity(result)
 }
+
+func (h *handler) Logout(req *restful.Request, resp *restful.Response) {
+	authenticated, ok := request.UserFrom(req.Request.Context())
+	if ok {
+		if err := h.tokenOperator.RevokeAllUserTokens(authenticated.GetName()); err != nil {
+			api.HandleInternalError(resp, req, apierrors.NewInternalError(err))
+			return
+		}
+	}
+
+	postLogoutRedirectURI := req.QueryParameter("post_logout_redirect_uri")
+	if postLogoutRedirectURI == "" {
+		resp.WriteAsJson(errors.None)
+		return
+	}
+
+	redirectURL, err := url.Parse(postLogoutRedirectURI)
+	if err != nil {
+		api.HandleBadRequest(resp, req, fmt.Errorf("invalid logout redirect URI: %s", err))
+		return
+	}
+
+	state := req.QueryParameter("state")
+	if state != "" {
+		redirectURL.Query().Add("state", state)
+	}
+
+	resp.Header().Set("Content-Type", "text/plain")
+	http.Redirect(resp, req.Request, redirectURL.String(), http.StatusFound)
+}