From f24ac0756fc364948881a3727497219ade16f962 Mon Sep 17 00:00:00 2001
From: dvoet <dvoet@users.noreply.github.com>
Date: Mon, 27 Jan 2025 14:33:52 -0500
Subject: [PATCH] CORE-277 post_logout_redirect_uri can't be a fragment (#5235)

---
 src/auth/signout/sign-out.test.ts | 8 ++++----
 src/auth/signout/sign-out.ts      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/auth/signout/sign-out.test.ts b/src/auth/signout/sign-out.test.ts
index 317a01adf1..465e3d8b4d 100644
--- a/src/auth/signout/sign-out.test.ts
+++ b/src/auth/signout/sign-out.test.ts
@@ -35,7 +35,7 @@ type NavExports = typeof import('src/libs/nav');
 jest.mock('src/libs/nav', (): NavExports => {
   return {
     ...jest.requireActual<NavExports>('src/libs/nav'),
-    getLink: jest.fn().mockReturnValue({ name: 'signout-callback', query: {} }),
+    getPath: jest.fn().mockReturnValue('/signout'),
     goToPath: jest.fn(),
     getWindowOrigin: jest.fn(),
     getCurrentRoute: jest.fn().mockReturnValue(currentRoute),
@@ -88,13 +88,13 @@ describe('sign-out', () => {
     const unsetCookiesFn = jest.fn();
     const signOutRedirectFn = jest.fn();
     const hostname = 'https://mycoolhost.horse';
-    const link = 'signout';
+    const link = '/signout';
     const expectedState = btoa(JSON.stringify({ signOutRedirect: currentRoute, signOutCause: 'unspecified' }));
     asMockedFn(oidcStore.get).mockReturnValue({
       userManager: { signoutRedirect: signOutRedirectFn },
     } as unknown as OidcState);
     asMockedFn(leoCookieProvider.unsetCookies).mockImplementation(unsetCookiesFn);
-    asMockedFn(Nav.getLink).mockReturnValue(link);
+    asMockedFn(Nav.getPath).mockReturnValue(link);
     asMockedFn(Nav.getWindowOrigin).mockReturnValue(hostname);
     asMockedFn(Nav.getCurrentRoute).mockReturnValue(currentRoute);
     // Act
@@ -102,7 +102,7 @@ describe('sign-out', () => {
     // Assert
     expect(unsetCookiesFn).toHaveBeenCalled();
     expect(signOutRedirectFn).toHaveBeenCalledWith({
-      post_logout_redirect_uri: `${hostname}/${link}`,
+      post_logout_redirect_uri: `${hostname}${link}`,
       extraQueryParams: { state: expectedState },
     });
   });
diff --git a/src/auth/signout/sign-out.ts b/src/auth/signout/sign-out.ts
index 1f76f9bf6f..3198c89a13 100644
--- a/src/auth/signout/sign-out.ts
+++ b/src/auth/signout/sign-out.ts
@@ -42,7 +42,7 @@ export const doSignOut = async (signOutCause: SignOutCause = 'unspecified'): Pro
   await leoCookieProvider.unsetCookies();
   try {
     const userManager = oidcStore.get().userManager;
-    const redirectUrl = `${Nav.getWindowOrigin()}/${Nav.getLink(signOutCallbackLinkName)}`;
+    const redirectUrl = `${Nav.getWindowOrigin()}${Nav.getPath(signOutCallbackLinkName)}`;
     // This will redirect to the logout callback page, which calls `userSignedOut` and then redirects to the homepage.
     const { name, query, params }: SignOutRedirect = Nav.getCurrentRoute();
     const signOutState: SignOutState = { signOutRedirect: { name, query, params }, signOutCause };