authelia/internal/handlers/handler_logout.go

package handlers

import (
	"fmt"
	"net/url"

	"github.com/authelia/authelia/v4/internal/middlewares"
)

type logoutBody struct {
	TargetURL string `json:"targetURL"`
}

type logoutResponseBody struct {
	SafeTargetURL bool `json:"safeTargetURL"`
}

// LogoutPOST is the handler logging out the user attached to the given cookie.
func LogoutPOST(ctx *middlewares.AutheliaCtx) {
	var (
		body logoutBody
		err  error
	)

	responseBody := logoutResponseBody{SafeTargetURL: false}

	if err = ctx.ParseBody(&body); err != nil {
		ctx.Error(fmt.Errorf("unable to parse body during logout: %w", err), messageOperationFailed)

		return
	}

	if err = ctx.DestroySession(); err != nil {
		ctx.Error(fmt.Errorf("unable to destroy session during logout: %w", err), messageOperationFailed)

		return
	}

	redirectionURL, err := url.ParseRequestURI(body.TargetURL)
	if err == nil {
		responseBody.SafeTargetURL = ctx.IsSafeRedirectionTargetURI(redirectionURL)
	}

	if body.TargetURL != "" {
		ctx.Logger.Debugf("Logout target url is %s, safe %t", body.TargetURL, responseBody.SafeTargetURL)
	}

	if err = ctx.SetJSONBody(responseBody); err != nil {
		ctx.Error(fmt.Errorf("unable to set body during logout: %w", err), messageOperationFailed)
	}
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package handlers`

			`import (`
			`"fmt"`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`"net/url"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
fix: include major in go.mod module directive (#2278) * build: include major in go.mod module directive * fix: xflags * revert: cobra changes * fix: mock doc 2021-08-11 01:04:35 +00:00			`"github.com/authelia/authelia/v4/internal/middlewares"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`type logoutBody struct {`
			TargetURL string `json:"targetURL"`
			`}`

			`type logoutResponseBody struct {`
			SafeTargetURL bool `json:"safeTargetURL"`
			`}`

fix(server): incorrect remote ip logged in error handler (#3139) This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important. 2022-04-08 04:13:47 +00:00			`// LogoutPOST is the handler logging out the user attached to the given cookie.`
			`func LogoutPOST(ctx *middlewares.AutheliaCtx) {`
feat(notification): otp identity validation Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-23 10:59:15 +00:00			`var (`
			`body logoutBody`
			`err error`
			`)`

fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`responseBody := logoutResponseBody{SafeTargetURL: false}`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
feat(notification): otp identity validation Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-23 10:59:15 +00:00			`if err = ctx.ParseBody(&body); err != nil {`
			`ctx.Error(fmt.Errorf("unable to parse body during logout: %w", err), messageOperationFailed)`

			`return`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`}`

feat(notification): otp identity validation Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-23 10:59:15 +00:00			`if err = ctx.DestroySession(); err != nil {`
			`ctx.Error(fmt.Errorf("unable to destroy session during logout: %w", err), messageOperationFailed)`

			`return`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

refactor: clean up uri checking functions (#3943) 2022-09-03 01:51:02 +00:00			`redirectionURL, err := url.ParseRequestURI(body.TargetURL)`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`if err == nil {`
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`responseBody.SafeTargetURL = ctx.IsSafeRedirectionTargetURI(redirectionURL)`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`}`

			`if body.TargetURL != "" {`
			`ctx.Logger.Debugf("Logout target url is %s, safe %t", body.TargetURL, responseBody.SafeTargetURL)`
			`}`

feat(notification): otp identity validation Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-04-23 10:59:15 +00:00			`if err = ctx.SetJSONBody(responseBody); err != nil {`
			`ctx.Error(fmt.Errorf("unable to set body during logout: %w", err), messageOperationFailed)`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`}`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`