authelia/internal/handlers/handler_logout.go

package handlers

import (
	"fmt"
	"net/url"

	"github.com/authelia/authelia/internal/middlewares"
	"github.com/authelia/authelia/internal/utils"
)

type logoutBody struct {
	TargetURL string `json:"targetURL"`
}

type logoutResponseBody struct {
	SafeTargetURL bool `json:"safeTargetURL"`
}

// LogoutPost is the handler logging out the user attached to the given cookie.
func LogoutPost(ctx *middlewares.AutheliaCtx) {
	body := logoutBody{}
	responseBody := logoutResponseBody{SafeTargetURL: false}

	ctx.Logger.Tracef("Attempting to decode body")

	err := ctx.ParseBody(&body)
	if err != nil {
		ctx.Error(fmt.Errorf("Unable to parse body during logout: %s", err), messageOperationFailed)
	}

	ctx.Logger.Tracef("Attempting to destroy session")

	err = ctx.Providers.SessionProvider.DestroySession(ctx.RequestCtx)
	if err != nil {
		ctx.Error(fmt.Errorf("Unable to destroy session during logout: %s", err), messageOperationFailed)
	}

	redirectionURL, err := url.Parse(body.TargetURL)
	if err == nil {
		responseBody.SafeTargetURL = utils.IsRedirectionSafe(*redirectionURL, ctx.Configuration.Session.Domain)
	}

	if body.TargetURL != "" {
		ctx.Logger.Debugf("Logout target url is %s, safe %t", body.TargetURL, responseBody.SafeTargetURL)
	}

	err = ctx.SetJSONBody(responseBody)
	if err != nil {
		ctx.Error(fmt.Errorf("Unable to set body during logout: %s", err), messageOperationFailed)
	}
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package handlers`

			`import (`
			`"fmt"`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`"net/url"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`"github.com/authelia/authelia/internal/middlewares"`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`"github.com/authelia/authelia/internal/utils"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`type logoutBody struct {`
			TargetURL string `json:"targetURL"`
			`}`

			`type logoutResponseBody struct {`
			SafeTargetURL bool `json:"safeTargetURL"`
			`}`

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`// LogoutPost is the handler logging out the user attached to the given cookie.`
			`func LogoutPost(ctx *middlewares.AutheliaCtx) {`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`body := logoutBody{}`
			`responseBody := logoutResponseBody{SafeTargetURL: false}`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`ctx.Logger.Tracef("Attempting to decode body")`

			`err := ctx.ParseBody(&body)`
			`if err != nil {`
fix(handlers): handle xhr requests to /api/verify with 401 (#2189) This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303. 2021-07-22 03:52:37 +00:00			`ctx.Error(fmt.Errorf("Unable to parse body during logout: %s", err), messageOperationFailed)`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`}`

			`ctx.Logger.Tracef("Attempting to destroy session")`

			`err = ctx.Providers.SessionProvider.DestroySession(ctx.RequestCtx)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`if err != nil {`
fix(handlers): handle xhr requests to /api/verify with 401 (#2189) This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303. 2021-07-22 03:52:37 +00:00			`ctx.Error(fmt.Errorf("Unable to destroy session during logout: %s", err), messageOperationFailed)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`

fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`redirectionURL, err := url.Parse(body.TargetURL)`
			`if err == nil {`
			`responseBody.SafeTargetURL = utils.IsRedirectionSafe(*redirectionURL, ctx.Configuration.Session.Domain)`
			`}`

			`if body.TargetURL != "" {`
			`ctx.Logger.Debugf("Logout target url is %s, safe %t", body.TargetURL, responseBody.SafeTargetURL)`
			`}`

			`err = ctx.SetJSONBody(responseBody)`
			`if err != nil {`
fix(handlers): handle xhr requests to /api/verify with 401 (#2189) This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303. 2021-07-22 03:52:37 +00:00			`ctx.Error(fmt.Errorf("Unable to set body during logout: %s", err), messageOperationFailed)`
fix(handlers): logout redirection validation (#1908) 2021-04-13 08:38:12 +00:00			`}`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`