Added auth strategy logout url.

2021-10-16 23:55:34 -07:00 · 2021-10-16 23:55:34 -07:00 · a99790c7ec
parent cce929eed1
commit a99790c7ec
2 changed files with 30 additions and 8 deletions
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@ -740,7 +740,8 @@
                  "newAccounts": { "type": "boolean", "default": false },
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "clientid": { "type": "string" },
-                  "clientsecret": { "type": "string" }
+                  "clientsecret": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "clientid", "clientsecret" ]
              },
@ -751,7 +752,8 @@
                  "newAccounts": { "type": "boolean", "default": false },
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "clientid": { "type": "string" },
-                  "clientsecret": { "type": "string" }
+                  "clientsecret": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "clientid", "clientsecret" ]
              },
@ -762,7 +764,8 @@
                  "newAccounts": { "type": "boolean", "default": false },
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "clientid": { "type": "string" },
-                  "clientsecret": { "type": "string" }
+                  "clientsecret": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "clientid", "clientsecret" ]
              },
@ -773,7 +776,8 @@
                  "newAccounts": { "type": "boolean", "default": false },
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "clientid": { "type": "string" },
-                  "clientsecret": { "type": "string" }
+                  "clientsecret": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "clientid", "clientsecret" ]
              },
@ -785,7 +789,8 @@
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "clientid": { "type": "string" },
                  "clientsecret": { "type": "string" },
-                  "tenantid": { "type": "string" }
+                  "tenantid": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "clientid", "clientsecret", "tenantid" ]
              },
@ -797,7 +802,8 @@
                  "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "entityid": { "type": "string" },
                  "idpurl": { "type": "string", "format": "uri" },
-                  "cert": { "type": "string" }
+                  "cert": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "entityid", "idpurl", "cert" ]
              },
@ -811,7 +817,8 @@
                  "newAccountsRights": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
                  "entityid": { "type": "string" },
                  "idpurl": { "type": "string", "format": "uri" },
-                  "cert": { "type": "string" }
+                  "cert": { "type": "string" },
+                  "logouturl": {"type": "string", "format": "uri", "description": "Then set, the user will be redirected to this URL when hitting the logout link."}
                },
                "required": [ "entityid", "idpurl", "cert" ]
              }
--- a/webserver.js
+++ b/webserver.js
@ -764,13 +764,28 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {

        res.set({ 'Cache-Control': 'no-store' });
        // Destroy the user's session to log them out will be re-created next request
+        var userid = req.session.userid;
        if (req.session.userid) {
            var user = obj.users[req.session.userid];
            if (user != null) { obj.parent.DispatchEvent(['*'], obj, { etype: 'user', userid: user._id, username: user.name, action: 'logout', msgid: 2, msg: 'Account logout', domain: domain.id }); }
        }
        req.session = null;
-        if (req.query.key != null) { res.redirect(domain.url + '?key=' + req.query.key); } else { res.redirect(domain.url); }
        parent.debug('web', 'handleLogoutRequest: success.');
+
+        // If this user was logged in using an authentication strategy and there is a logout URL, use it.
+        if ((userid != null) && (domain.authstrategies != null)) {
+            const u = userid.split('/')[2];
+            if (u.startsWith('~twitter:') && (domain.authstrategies.twitter != null) && (typeof domain.authstrategies.twitter.logouturl == 'string')) { res.redirect(domain.authstrategies.twitter.logouturl); return; }
+            if (u.startsWith('~google:') && (domain.authstrategies.google != null) && (typeof domain.authstrategies.google.logouturl == 'string')) { res.redirect(domain.authstrategies.google.logouturl); return; }
+            if (u.startsWith('~github:') && (domain.authstrategies.github != null) && (typeof domain.authstrategies.github.logouturl == 'string')) { res.redirect(domain.authstrategies.github.logouturl); return; }
+            if (u.startsWith('~reddit:') && (domain.authstrategies.reddit != null) && (typeof domain.authstrategies.reddit.logouturl == 'string')) { res.redirect(domain.authstrategies.reddit.logouturl); return; }
+            if (u.startsWith('~azure:') && (domain.authstrategies.azure != null) && (typeof domain.authstrategies.azure.logouturl == 'string')) { res.redirect(domain.authstrategies.azure.logouturl); return; }
+            if (u.startsWith('~jumpcloud:') && (domain.authstrategies.jumpcloud != null) && (typeof domain.authstrategies.jumpcloud.logouturl == 'string')) { res.redirect(domain.authstrategies.jumpcloud.logouturl); return; }
+            if (u.startsWith('~saml:') && (domain.authstrategies.saml != null) && (typeof domain.authstrategies.saml.logouturl == 'string')) { res.redirect(domain.authstrategies.saml.logouturl); return; }
+        }
+
+        // This is the default logout redirect to the login page
+        if (req.query.key != null) { res.redirect(domain.url + '?key=' + req.query.key); } else { res.redirect(domain.url); }
    }

    // Return true if this user has 2-step auth active