Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-01-08 00:08:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Fix crash on missing logout URL

Browse Source 
When using OpenID
Also added debug information on openid errors
This commit is contained in:
Denis Arnst 2024-03-12 18:07:13 +01:00
parent 153f149d58
commit 2a722ab163
No known key found for this signature in database
GPG Key ID: D5866C58940197BF
1 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/Auth.js
View File

@ -429,7 +429,7 @@ class Auth {
// Depending on the error, it can also have a body // Depending on the error, it can also have a body
// We also log the request header the passport plugin sents for the URL // We also log the request header the passport plugin sents for the URL
const header = response.req?._header.replace(/Authorization: [^\r\n]*/i, 'Authorization: REDACTED') const header = response.req?._header.replace(/Authorization: [^\r\n]*/i, 'Authorization: REDACTED')
Logger.debug(header + '\n' + response.body?.toString()) Logger.debug(header + '\n' + response.body?.toString() + '\n' + JSON.stringify(response.body, null, 2))
} }
if (isMobile) { if (isMobile) {
@ -533,12 +533,15 @@ class Auth {
res.clearCookie('auth_method') res.clearCookie('auth_method')
let logoutUrl = null
if (authMethod === 'openid' || authMethod === 'openid-mobile') { if (authMethod === 'openid' || authMethod === 'openid-mobile') {
// If we are using openid, we need to redirect to the logout endpoint // If we are using openid, we need to redirect to the logout endpoint
// node-openid-client does not support doing it over passport // node-openid-client does not support doing it over passport
const oidcStrategy = passport._strategy('openid-client') const oidcStrategy = passport._strategy('openid-client')
const client = oidcStrategy._client const client = oidcStrategy._client
if (client.issuer.end_session_endpoint && client.issuer.end_session_endpoint.length > 0) {
let postLogoutRedirectUri = null let postLogoutRedirectUri = null
if (authMethod === 'openid') { if (authMethod === 'openid') {
@ -557,18 +560,18 @@ class Auth {
// &post_logout_redirect_uri=audiobookshelf://login to the received logout url by itself which is the simplest solution // &post_logout_redirect_uri=audiobookshelf://login to the received logout url by itself which is the simplest solution
// (The URL needs to be whitelisted in the config of the SSO/ID provider) // (The URL needs to be whitelisted in the config of the SSO/ID provider)
const logoutUrl = client.endSessionUrl({ logoutUrl = client.endSessionUrl({
id_token_hint: req.cookies.openid_id_token, id_token_hint: req.cookies.openid_id_token,
post_logout_redirect_uri: postLogoutRedirectUri post_logout_redirect_uri: postLogoutRedirectUri
}) })
}
res.clearCookie('openid_id_token') res.clearCookie('openid_id_token')
}
// Tell the user agent (browser) to redirect to the authentification provider's logout URL // Tell the user agent (browser) to redirect to the authentification provider's logout URL
// (or redirect_url: null if we don't have one)
res.send({ redirect_url: logoutUrl }) res.send({ redirect_url: logoutUrl })
} else {
res.sendStatus(200)
}
} }
}) })
}) })