feat: implement special logout url for linked accounts feature (#19435)

* feat: implement special logout url for linked accounts feature Signed-off-by: Morten Svanaes <[email protected]> (cherry picked from commit 2c6105d) Signed-off-by: Morten Svanaes <[email protected]>
dhis2 · Dec 12, 2024 · 88bc507 · 88bc507
1 parent c50e4ef
commit 88bc507
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/...-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java b/...-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java
@@ -29,6 +29,7 @@
 
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_ENABLED;
+import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_LOGOUT_URL;
 import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_RELOGIN_URL;
 import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_LOGOUT_REDIRECT_URL;
 import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_OAUTH2_LOGIN_ENABLED;
@@ -101,13 +102,22 @@ private void handleLinkedAccountsLogout(
       HttpServletRequest request, HttpServletResponse response, Authentication authentication)
       throws IOException, ServletException {
 
-    String currentUsername = request.getParameter("current");
     String usernameToSwitchTo = request.getParameter("switch");
+    String linkedAccountsLogoutUrl = config.getProperty(LINKED_ACCOUNTS_LOGOUT_URL);
+    if (isNullOrEmpty(linkedAccountsLogoutUrl)) {
+      // Fallback if not defined in config
+      linkedAccountsLogoutUrl = "/";
+    }
 
-    if (isNullOrEmpty(currentUsername) || isNullOrEmpty(usernameToSwitchTo)) {
-      setOidcLogoutUrl();
+    if (isNullOrEmpty(usernameToSwitchTo)) {
+      // No switch parameter present: redirect to linked_accounts.logout_url
+      this.handler.setDefaultTargetUrl(linkedAccountsLogoutUrl);
     } else {
-      userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo);
+      // switch parameter present: switch accounts and then redirect to re-login URL
+      String currentUsername = request.getParameter("current");
+      if (!isNullOrEmpty(currentUsername)) {
+        userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo);
+      }
       this.handler.setDefaultTargetUrl(config.getProperty(LINKED_ACCOUNTS_RELOGIN_URL));
     }
 

diff --git a/...ort/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java b/...ort/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java
@@ -560,6 +560,9 @@ public enum ConfigurationKey {
   LINKED_ACCOUNTS_ENABLED("linked_accounts.enabled", Constants.OFF, false),
 
   LINKED_ACCOUNTS_RELOGIN_URL("linked_accounts.relogin_url", "", false),
+
+  LINKED_ACCOUNTS_LOGOUT_URL("linked_accounts.logout_url", "", false),
+
   SWITCH_USER_FEATURE_ENABLED("switch_user_feature.enabled", Constants.OFF, false),
   SWITCH_USER_ALLOW_LISTED_IPS(
       "switch_user_allow_listed_ips", "localhost,127.0.0.1,[0:0:0:0:0:0:0:1]", false),