unleash.unleash/src/lib/routes/logout.ts

import { Response } from 'express';
import { promisify } from 'util';
import { IUnleashConfig } from '../types';
import Controller from './controller';
import { IAuthRequest } from './unleash-types';
import { IUnleashServices } from '../types';
import SessionService from '../services/session-service';

class LogoutController extends Controller {
    private clearSiteDataOnLogout: boolean;

    private cookieName: string;

    private baseUri: string;

    private sessionService: SessionService;

    constructor(
        config: IUnleashConfig,
        { sessionService }: Pick<IUnleashServices, 'sessionService'>,
    ) {
        super(config);
        this.sessionService = sessionService;
        this.baseUri = config.server.baseUriPath;
        this.clearSiteDataOnLogout = config.session.clearSiteDataOnLogout;
        this.cookieName = config.session.cookieName;
        this.get('/', this.logout);
    }

    async logout(req: IAuthRequest, res: Response): Promise<void> {
        if (req.session) {
            // Allow SSO to register custom logout logic.
            if (req.session.logoutUrl) {
                res.redirect(req.session.logoutUrl);
                return;
            }
        }

        if (req.logout) {
            if (this.isReqLogoutWithoutCallback(req.logout)) {
                // passport < 0.6.0
                req.logout();
            } else {
                // for passport >= 0.6.0, a callback function is expected as first argument.
                // to reuse controller error handling, function is turned into a promise
                const logoutAsyncFn = promisify(req.logout).bind(req);
                await logoutAsyncFn();
            }
        }

        if (req.session) {
            if (req.session.user?.id) {
                await this.sessionService.deleteSessionsForUser(
                    req.session.user.id,
                );
            }
            req.session.destroy();
        }
        res.clearCookie(this.cookieName);

        if (this.clearSiteDataOnLogout) {
            res.set('Clear-Site-Data', '"cookies", "storage"');
        }
        if (req.user?.id) {
            await this.sessionService.deleteSessionsForUser(req.user.id);
        }
        res.redirect(`${this.baseUri}/`);
    }

    private isReqLogoutWithoutCallback(
        logout: IAuthRequest['logout'],
    ): logout is () => void {
        return logout.length === 0;
    }
}

export default LogoutController;
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`import { Response } from 'express';`
Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`import { promisify } from 'util';`
Soft landing page on projects or last viewed project (#2499) Signed-off-by: andreas-unleash <andreas@getunleash.ai> This PR introduces a soft landing page to the last viewed project or to the project list (if there is more than 1 project) Changes: - Replaced clearing of `storage` with clearing `cache` in logout.ts :: REVERTED - Root redirects to `projects` instead of `features` <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> <!-- Does it close an issue? Multiple? --> Closes # <!-- (For internal contributors): Does it relate to an issue on public roadmap? --> <!-- Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item: # --> ### Important files <!-- PRs can contain a lot of changes, but not all changes are equally important. Where should a reviewer start looking to get an overview of the changes? Are any files particularly important? --> ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> Signed-off-by: andreas-unleash <andreas@getunleash.ai> 2022-11-23 14:58:02 +01:00			`import { IUnleashConfig } from '../types';`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`import Controller from './controller';`
			`import { IAuthRequest } from './unleash-types';`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`import { IUnleashServices } from '../types';`
			`import SessionService from '../services/session-service';`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00
			`class LogoutController extends Controller {`
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`private clearSiteDataOnLogout: boolean;`

			`private cookieName: string;`

fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`private baseUri: string;`

fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`private sessionService: SessionService;`

			`constructor(`
			`config: IUnleashConfig,`
			`{ sessionService }: Pick<IUnleashServices, 'sessionService'>,`
			`) {`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`super(config);`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`this.sessionService = sessionService;`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`this.baseUri = config.server.baseUriPath;`
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`this.clearSiteDataOnLogout = config.session.clearSiteDataOnLogout;`
			`this.cookieName = config.session.cookieName;`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`this.get('/', this.logout);`
			`}`

			`async logout(req: IAuthRequest, res: Response): Promise<void> {`
			`if (req.session) {`
			`// Allow SSO to register custom logout logic.`
			`if (req.session.logoutUrl) {`
			`res.redirect(req.session.logoutUrl);`
			`return;`
			`}`
			`}`

			`if (req.logout) {`
Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`if (this.isReqLogoutWithoutCallback(req.logout)) {`
			`// passport < 0.6.0`
			`req.logout();`
			`} else {`
			`// for passport >= 0.6.0, a callback function is expected as first argument.`
			`// to reuse controller error handling, function is turned into a promise`
			`const logoutAsyncFn = promisify(req.logout).bind(req);`
			`await logoutAsyncFn();`
			`}`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`}`

Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`if (req.session) {`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`if (req.session.user?.id) {`
			`await this.sessionService.deleteSessionsForUser(`
			`req.session.user.id,`
			`);`
			`}`
Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`req.session.destroy();`
			`}`
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`res.clearCookie(this.cookieName);`

			`if (this.clearSiteDataOnLogout) {`
			`res.set('Clear-Site-Data', '"cookies", "storage"');`
			`}`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`if (req.user?.id) {`
			`await this.sessionService.deleteSessionsForUser(req.user.id);`
			`}`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			res.redirect(`${this.baseUri}/`);
			`}`
Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00
			`private isReqLogoutWithoutCallback(`
			`logout: IAuthRequest['logout'],`
			`): logout is () => void {`
			`return logout.length === 0;`
			`}`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`}`

			`export default LogoutController;`