From 88bc507509eb64481de3fd600373471b5bafd189 Mon Sep 17 00:00:00 2001 From: netroms Date: Wed, 11 Dec 2024 21:31:43 +0800 Subject: [PATCH] feat: implement special logout url for linked accounts feature (#19435) * feat: implement special logout url for linked accounts feature Signed-off-by: Morten Svanaes (cherry picked from commit 2c6105d01e8a29b0dd419c451b959ecbb8735096) Signed-off-by: Morten Svanaes --- .../oidc/DhisOidcLogoutSuccessHandler.java | 18 ++++++++++++++---- .../dhis/external/conf/ConfigurationKey.java | 3 +++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java index c5f45a201089..d91c8a7475ff 100644 --- a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java +++ b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java @@ -29,6 +29,7 @@ import static com.google.common.base.Strings.isNullOrEmpty; import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_ENABLED; +import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_LOGOUT_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_RELOGIN_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_LOGOUT_REDIRECT_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_OAUTH2_LOGIN_ENABLED; @@ -101,13 +102,22 @@ private void handleLinkedAccountsLogout( HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { - String currentUsername = request.getParameter("current"); String usernameToSwitchTo = request.getParameter("switch"); + String linkedAccountsLogoutUrl = config.getProperty(LINKED_ACCOUNTS_LOGOUT_URL); + if (isNullOrEmpty(linkedAccountsLogoutUrl)) { + // Fallback if not defined in config + linkedAccountsLogoutUrl = "/"; + } - if (isNullOrEmpty(currentUsername) || isNullOrEmpty(usernameToSwitchTo)) { - setOidcLogoutUrl(); + if (isNullOrEmpty(usernameToSwitchTo)) { + // No switch parameter present: redirect to linked_accounts.logout_url + this.handler.setDefaultTargetUrl(linkedAccountsLogoutUrl); } else { - userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo); + // switch parameter present: switch accounts and then redirect to re-login URL + String currentUsername = request.getParameter("current"); + if (!isNullOrEmpty(currentUsername)) { + userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo); + } this.handler.setDefaultTargetUrl(config.getProperty(LINKED_ACCOUNTS_RELOGIN_URL)); } diff --git a/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java b/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java index 498604051950..21d213c7b077 100644 --- a/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java +++ b/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java @@ -560,6 +560,9 @@ public enum ConfigurationKey { LINKED_ACCOUNTS_ENABLED("linked_accounts.enabled", Constants.OFF, false), LINKED_ACCOUNTS_RELOGIN_URL("linked_accounts.relogin_url", "", false), + + LINKED_ACCOUNTS_LOGOUT_URL("linked_accounts.logout_url", "", false), + SWITCH_USER_FEATURE_ENABLED("switch_user_feature.enabled", Constants.OFF, false), SWITCH_USER_ALLOW_LISTED_IPS( "switch_user_allow_listed_ips", "localhost,127.0.0.1,[0:0:0:0:0:0:0:1]", false),