From 767662235b588c62432b8d6b5369a3d27aae5de9 Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Tue, 29 Oct 2024 14:00:27 +0100 Subject: [PATCH 01/10] N21-2136 moin.schule logout button --- locales/de.json | 8 ++++++-- locales/en.json | 8 ++++++-- locales/es.json | 8 ++++++-- locales/uk.json | 8 ++++++-- views/lib/topbar.hbs | 10 +++++++++- 5 files changed, 33 insertions(+), 9 deletions(-) diff --git a/locales/de.json b/locales/de.json index c2e7be541a..201e5c1fc9 100644 --- a/locales/de.json +++ b/locales/de.json @@ -2439,7 +2439,11 @@ }, "tab_label": { "settings": "Einstellungen", - "signOut": "Logout" + "signOut": "Logout", + "n21": { + "signOut": "Logout Bildungscloud", + "signOutWithMoinSchule": "Logout Bildungscloud & moin.schule" + } }, "text": { "allActionsThatCreate": "Sämtliche Aktionen, die Daten anlegen oder ändern, sind deaktiviert und nicht sichtbar.", @@ -3231,4 +3235,4 @@ "createAfterFirstSave": "H5P Inhalte können erst nach dem ersten Speichern erstellt werden." } } -} \ No newline at end of file +} diff --git a/locales/en.json b/locales/en.json index dd4761968e..009f2fd867 100644 --- a/locales/en.json +++ b/locales/en.json @@ -2439,7 +2439,11 @@ }, "tab_label": { "settings": "Settings", - "signOut": "Sign out" + "signOut": "Sign out", + "n21": { + "signOut": "Logout Bildungscloud", + "signOutWithMoinSchule": "Logout Bildungscloud & moin.schule" + } }, "text": { "allActionsThatCreate": "All actions that create or change data are deactivated and not visible.", @@ -3231,4 +3235,4 @@ "createAfterFirstSave": "H5P contents can only be created after the first save." } } -} \ No newline at end of file +} diff --git a/locales/es.json b/locales/es.json index 102d999ef0..e62b23e6b7 100644 --- a/locales/es.json +++ b/locales/es.json @@ -2439,7 +2439,11 @@ }, "tab_label": { "settings": "Configuración", - "signOut": "Cerrar sesión" + "signOut": "Cerrar sesión", + "n21": { + "signOut": "Cerrar sesión Bildungscloud", + "signOutWithMoinSchule": "Cerrar sesión Bildungscloud & moin.schule" + } }, "text": { "allActionsThatCreate": "Todas las acciones que crean o modifican datos están desactivadas y no son visibles.", @@ -3231,4 +3235,4 @@ "createAfterFirstSave": "Los contenidos H5P solo se pueden crear después del primer guardado." } } -} \ No newline at end of file +} diff --git a/locales/uk.json b/locales/uk.json index 2fa7939b44..da17759a47 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -2607,7 +2607,11 @@ "loggedin": { "tab_label": { "settings": "Налаштування", - "signOut": "Вийти з системи" + "signOut": "Вийти з системи", + "n21": { + "signOut": "Вийти з системи Bildungscloud", + "signOutWithMoinSchule": "Вийти з системи Bildungscloud & moin.schule" + } }, "text": { "allActionsThatCreate": "Усі дії, які створюють або змінюють дані, деактивовані та не показуються.", @@ -3240,4 +3244,4 @@ "createAfterFirstSave": "Вміст H5P можна створити лише після першого збереження." } } -} \ No newline at end of file +} diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs index bab2671335..a269e514ec 100644 --- a/views/lib/topbar.hbs +++ b/views/lib/topbar.hbs @@ -59,7 +59,15 @@
{{> "user/forms/language" language=@root.userLanguage }}
  • {{$t "lib.loggedin.tab_label.settings" }}
  • -
  • {{$t "lib.loggedin.tab_label.signOut"}}
  • + {{#ifeq @root.theme.name "n21"}} +
  • {{$t "lib.loggedin.tab_label.n21.signOutWithMoinSchule"}}
  • + {{/ifeq}} +
  • + {{#ifeq @root.theme.name "n21"}} {{$t 'lib.loggedin.tab_label.n21.signOut'}} {{else}} {{$t 'lib.loggedin.tab_label.signOut'}} {{/ifeq}} +
  • From ffc9338b477981d654082a5584609aac396aa97d Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Tue, 29 Oct 2024 14:03:34 +0100 Subject: [PATCH 02/10] N21-2136 new client route for external logouts --- controllers/login.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/controllers/login.js b/controllers/login.js index 7e52b7f0f4..281cf2d2fa 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -484,4 +484,21 @@ router.get('/logout/', (req, res, next) => { .catch(next); }); +router.get('/logout/external/', (req, res, next) => { + let redirectUri = '/logout/'; + if (Configuration.has('OAUTH2_LOGOUT_URI')) { + redirectUri = Configuration.get('OAUTH2_LOGOUT_URI'); + } + + api(req, { version: 'v3' }) + .post('/logout/external') // async, ignore result + .catch((err) => { + logger.error('error during logout.', formatError(err)); + }) + .then(() => { + res.statusCode = 307; + res.redirect(redirectUri); + }); +}); + module.exports = router; From 6195d8de94cbc592c735086da9c1675c5ada781b Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Sun, 3 Nov 2024 21:18:29 +0100 Subject: [PATCH 03/10] N21-2136 show buttons only to moin.schule users --- helpers/authentication.js | 17 ++++++++++++++++- locales/de.json | 4 ++-- locales/en.json | 4 ++-- locales/es.json | 4 ++-- locales/uk.json | 4 ++-- views/lib/topbar.hbs | 15 ++++++++------- 6 files changed, 32 insertions(+), 16 deletions(-) diff --git a/helpers/authentication.js b/helpers/authentication.js index 3e0b02e32b..83d799c49c 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -64,7 +64,7 @@ const clearCookie = async (req, res, options = { destroySession: false }) => { }); }); } - + res.clearCookie('jwt'); // this is deprecated and only used for cookie removal from now on, // and can be removed after one month (max cookie lifetime from life systems) @@ -101,12 +101,27 @@ const isAuthenticated = (req) => { }; const populateCurrentUser = async (req, res) => { + async function setExternalSystemFromJwt(decodedJwt) { + if (!("systemId" in decodedJwt) && !decodedJwt.systemId) { + return; + } + + try { + const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); + res.locals.externalSystem = response.alias; + } catch (err) { + const metadata = { error: err.toString() }; + logger.error('Unable to find out the external login system used by user', metadata); + } + } + let payload = {}; if (isJWT(req)) { try { // eslint-disable-next-line prefer-destructuring payload = (jwt.decode(req.cookies.jwt, { complete: true }) || {}).payload; res.locals.currentPayload = payload; + await setExternalSystemFromJwt(payload); } catch (err) { logger.error('Broken JWT / JWT decoding failed', formatError(err)); return clearCookie(req, res, { destroySession: true }) diff --git a/locales/de.json b/locales/de.json index 201e5c1fc9..aaddf576bf 100644 --- a/locales/de.json +++ b/locales/de.json @@ -2440,9 +2440,9 @@ "tab_label": { "settings": "Einstellungen", "signOut": "Logout", - "n21": { + "sanis": { "signOut": "Logout Bildungscloud", - "signOutWithMoinSchule": "Logout Bildungscloud & moin.schule" + "externalSignOut": "Logout Bildungscloud & moin.schule" } }, "text": { diff --git a/locales/en.json b/locales/en.json index 009f2fd867..d35fb552eb 100644 --- a/locales/en.json +++ b/locales/en.json @@ -2440,9 +2440,9 @@ "tab_label": { "settings": "Settings", "signOut": "Sign out", - "n21": { + "sanis": { "signOut": "Logout Bildungscloud", - "signOutWithMoinSchule": "Logout Bildungscloud & moin.schule" + "externalSignOut": "Logout Bildungscloud & moin.schule" } }, "text": { diff --git a/locales/es.json b/locales/es.json index e62b23e6b7..2c902f3e17 100644 --- a/locales/es.json +++ b/locales/es.json @@ -2440,9 +2440,9 @@ "tab_label": { "settings": "Configuración", "signOut": "Cerrar sesión", - "n21": { + "sanis": { "signOut": "Cerrar sesión Bildungscloud", - "signOutWithMoinSchule": "Cerrar sesión Bildungscloud & moin.schule" + "externalSignOut": "Cerrar sesión Bildungscloud & moin.schule" } }, "text": { diff --git a/locales/uk.json b/locales/uk.json index da17759a47..3a87fef3f5 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -2608,9 +2608,9 @@ "tab_label": { "settings": "Налаштування", "signOut": "Вийти з системи", - "n21": { + "sanis": { "signOut": "Вийти з системи Bildungscloud", - "signOutWithMoinSchule": "Вийти з системи Bildungscloud & moin.schule" + "externalSignOut": "Вийти з системи Bildungscloud & moin.schule" } }, "text": { diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs index a269e514ec..9e4adbe65f 100644 --- a/views/lib/topbar.hbs +++ b/views/lib/topbar.hbs @@ -59,15 +59,16 @@
    {{> "user/forms/language" language=@root.userLanguage }}
  • {{$t "lib.loggedin.tab_label.settings" }}
  • - {{#ifeq @root.theme.name "n21"}} -
  • {{$t "lib.loggedin.tab_label.n21.signOutWithMoinSchule"}}
  • - {{/ifeq}} -
  • {{$t "lib.loggedin.tab_label.sanis.externalSignOut"}}
  • +
  • {{$t 'lib.loggedin.tab_label.sanis.signOut'}}
  • + {{else}} +
  • - {{#ifeq @root.theme.name "n21"}} {{$t 'lib.loggedin.tab_label.n21.signOut'}} {{else}} {{$t 'lib.loggedin.tab_label.signOut'}} {{/ifeq}} -
  • + aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}"> + {{$t 'lib.loggedin.tab_label.signOut'}} + {{/ifeq}} From b126f0bf832c3ad5aaa9864e19b71b36a99c0a48 Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Mon, 4 Nov 2024 11:29:48 +0100 Subject: [PATCH 04/10] N21-2136 fix errors --- locales/de.json | 6 ++---- locales/en.json | 6 ++---- locales/es.json | 6 ++---- locales/uk.json | 6 ++---- views/lib/topbar.hbs | 11 ++++++++--- 5 files changed, 16 insertions(+), 19 deletions(-) diff --git a/locales/de.json b/locales/de.json index aaddf576bf..1730add363 100644 --- a/locales/de.json +++ b/locales/de.json @@ -2440,10 +2440,8 @@ "tab_label": { "settings": "Einstellungen", "signOut": "Logout", - "sanis": { - "signOut": "Logout Bildungscloud", - "externalSignOut": "Logout Bildungscloud & moin.schule" - } + "sanisSignOut": "Logout Bildungscloud", + "sanisExternalSignOut": "Logout Bildungscloud & moin.schule" }, "text": { "allActionsThatCreate": "Sämtliche Aktionen, die Daten anlegen oder ändern, sind deaktiviert und nicht sichtbar.", diff --git a/locales/en.json b/locales/en.json index d35fb552eb..204a59cb1f 100644 --- a/locales/en.json +++ b/locales/en.json @@ -2440,10 +2440,8 @@ "tab_label": { "settings": "Settings", "signOut": "Sign out", - "sanis": { - "signOut": "Logout Bildungscloud", - "externalSignOut": "Logout Bildungscloud & moin.schule" - } + "sanisSignOut": "Logout Bildungscloud", + "sanisExternalSignOut": "Logout Bildungscloud & moin.schule" }, "text": { "allActionsThatCreate": "All actions that create or change data are deactivated and not visible.", diff --git a/locales/es.json b/locales/es.json index 2c902f3e17..29a4e78a96 100644 --- a/locales/es.json +++ b/locales/es.json @@ -2440,10 +2440,8 @@ "tab_label": { "settings": "Configuración", "signOut": "Cerrar sesión", - "sanis": { - "signOut": "Cerrar sesión Bildungscloud", - "externalSignOut": "Cerrar sesión Bildungscloud & moin.schule" - } + "sanisSignOut": "Cerrar sesión Bildungscloud", + "sanisExternalSignOut": "Cerrar sesión Bildungscloud & moin.schule" }, "text": { "allActionsThatCreate": "Todas las acciones que crean o modifican datos están desactivadas y no son visibles.", diff --git a/locales/uk.json b/locales/uk.json index 3a87fef3f5..d90a4e3f36 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -2608,10 +2608,8 @@ "tab_label": { "settings": "Налаштування", "signOut": "Вийти з системи", - "sanis": { - "signOut": "Вийти з системи Bildungscloud", - "externalSignOut": "Вийти з системи Bildungscloud & moin.schule" - } + "sanisSignOut": "Вийти з системи Bildungscloud", + "sanisExternalSignOut": "Вийти з системи Bildungscloud & moin.schule" }, "text": { "allActionsThatCreate": "Усі дії, які створюють або змінюють дані, деактивовані та не показуються.", diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs index 9e4adbe65f..647e85d99b 100644 --- a/views/lib/topbar.hbs +++ b/views/lib/topbar.hbs @@ -60,12 +60,17 @@ {{> "user/forms/language" language=@root.userLanguage }}
  • {{$t "lib.loggedin.tab_label.settings" }}
  • {{#ifeq externalSystem "SANIS"}} -
  • {{$t "lib.loggedin.tab_label.sanis.externalSignOut"}}
  • -
  • {{$t 'lib.loggedin.tab_label.sanis.signOut'}}
  • +
  • {{$t "lib.loggedin.tab_label.sanisExternalSignOut"}}
  • +
  • {{$t 'lib.loggedin.tab_label.sanisSignOut'}}
  • {{else}}
  • {{$t 'lib.loggedin.tab_label.signOut'}}
  • {{/ifeq}} From 9ddacc5794960cebef3490d40cd2c4f8790c6cb8 Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Thu, 7 Nov 2024 13:32:19 +0100 Subject: [PATCH 05/10] N21-2136 error handling, adjusted text --- controllers/login.js | 13 ++++++++++--- helpers/authentication.js | 8 +++++--- locales/de.json | 9 ++++++--- locales/en.json | 9 ++++++--- locales/es.json | 9 ++++++--- locales/uk.json | 9 ++++++--- views/lib/topbar.hbs | 31 ++++++++++++++++--------------- 7 files changed, 55 insertions(+), 33 deletions(-) diff --git a/controllers/login.js b/controllers/login.js index 281cf2d2fa..f2a0d82065 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -492,12 +492,19 @@ router.get('/logout/external/', (req, res, next) => { api(req, { version: 'v3' }) .post('/logout/external') // async, ignore result - .catch((err) => { - logger.error('error during logout.', formatError(err)); - }) .then(() => { res.statusCode = 307; res.redirect(redirectUri); + }) + .catch((err) => { + logger.error('error during external logout.', formatError(err)); + req.session.notification = { + type: 'danger', + message: res.$t('logout.text.externalLogoutFailed', { systemName: res.locals.systemName ?? '' }), + statusCode: 500, + timeToWait: Configuration.get('LOGIN_BLOCK_TIME'), + }; + res.redirect(req.header('referrer') ?? '/dashboard'); }); }); diff --git a/helpers/authentication.js b/helpers/authentication.js index 83d799c49c..a9dd29539b 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -102,13 +102,14 @@ const isAuthenticated = (req) => { const populateCurrentUser = async (req, res) => { async function setExternalSystemFromJwt(decodedJwt) { - if (!("systemId" in decodedJwt) && !decodedJwt.systemId) { + if (!('systemId' in decodedJwt) && !decodedJwt.systemId) { return; } try { const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); - res.locals.externalSystem = response.alias; + res.locals.showExternalLogout = response.alias === 'SANIS'; + res.locals.systemName = response.displayName; } catch (err) { const metadata = { error: err.toString() }; logger.error('Unable to find out the external login system used by user', metadata); @@ -121,7 +122,6 @@ const populateCurrentUser = async (req, res) => { // eslint-disable-next-line prefer-destructuring payload = (jwt.decode(req.cookies.jwt, { complete: true }) || {}).payload; res.locals.currentPayload = payload; - await setExternalSystemFromJwt(payload); } catch (err) { logger.error('Broken JWT / JWT decoding failed', formatError(err)); return clearCookie(req, res, { destroySession: true }) @@ -144,6 +144,8 @@ const populateCurrentUser = async (req, res) => { } if (payload && payload.userId) { + await setExternalSystemFromJwt(payload); + if (res.locals.currentUser && res.locals.currentSchoolData) { return Promise.resolve(res.locals.currentSchoolData); } diff --git a/locales/de.json b/locales/de.json index 1730add363..cb28184200 100644 --- a/locales/de.json +++ b/locales/de.json @@ -2439,9 +2439,7 @@ }, "tab_label": { "settings": "Einstellungen", - "signOut": "Logout", - "sanisSignOut": "Logout Bildungscloud", - "sanisExternalSignOut": "Logout Bildungscloud & moin.schule" + "signOut": "Logout" }, "text": { "allActionsThatCreate": "Sämtliche Aktionen, die Daten anlegen oder ändern, sind deaktiviert und nicht sichtbar.", @@ -2602,6 +2600,11 @@ "userAccountDeactivated": "Ihr Konto wurde deaktiviert. Bitte wenden Sie sich an Ihren Schuladministrator." } }, + "logout": { + "text": { + "externalLogoutFailed": "Die Abmeldung vom System {{systemName}} ist fehlgeschlagen. Bitte versuchen Sie es erneut oder kontaktieren Sie den Support." + } + }, "messenger": { "button": { "activate": "Aktivieren", diff --git a/locales/en.json b/locales/en.json index 204a59cb1f..bd2f2d1a49 100644 --- a/locales/en.json +++ b/locales/en.json @@ -2439,9 +2439,7 @@ }, "tab_label": { "settings": "Settings", - "signOut": "Sign out", - "sanisSignOut": "Logout Bildungscloud", - "sanisExternalSignOut": "Logout Bildungscloud & moin.schule" + "signOut": "Sign out" }, "text": { "allActionsThatCreate": "All actions that create or change data are deactivated and not visible.", @@ -2602,6 +2600,11 @@ "userAccountDeactivated": "Your account has been deactivated. Please contact your school administrator." } }, + "logout": { + "text": { + "externalLogoutFailed": "Logout from {{systemName}} had failed. Please try again or contact support." + } + }, "messenger": { "button": { "activate": "Activate", diff --git a/locales/es.json b/locales/es.json index 29a4e78a96..17500ad087 100644 --- a/locales/es.json +++ b/locales/es.json @@ -2439,9 +2439,7 @@ }, "tab_label": { "settings": "Configuración", - "signOut": "Cerrar sesión", - "sanisSignOut": "Cerrar sesión Bildungscloud", - "sanisExternalSignOut": "Cerrar sesión Bildungscloud & moin.schule" + "signOut": "Cerrar sesión" }, "text": { "allActionsThatCreate": "Todas las acciones que crean o modifican datos están desactivadas y no son visibles.", @@ -2602,6 +2600,11 @@ "userAccountDeactivated": "Su cuenta ha sido desactivada. Comuníquese con el administrador de su escuela." } }, + "logout": { + "text": { + "externalLogoutFailed": "El cierre de sesión del sistema {{systemName}} ha fallado. Inténtalo de nuevo o ponte en contacto con el servicio de asistencia." + } + }, "messenger": { "button": { "activate": "Activar", diff --git a/locales/uk.json b/locales/uk.json index d90a4e3f36..96f7540815 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -1869,6 +1869,11 @@ "loginForRegisteredUsers": "Вхід в систему для зареєстрованих користувачів" } }, + "logout": { + "text": { + "externalLogoutFailed": "Не вдалося вийти з системи {{SystemName}}. Спробуйте ще раз або зверніться до служби підтримки." + } + }, "teams": { "_team": { "edit": { @@ -2607,9 +2612,7 @@ "loggedin": { "tab_label": { "settings": "Налаштування", - "signOut": "Вийти з системи", - "sanisSignOut": "Вийти з системи Bildungscloud", - "sanisExternalSignOut": "Вийти з системи Bildungscloud & moin.schule" + "signOut": "Вийти з системи" }, "text": { "allActionsThatCreate": "Усі дії, які створюють або змінюють дані, деактивовані та не показуються.", diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs index 647e85d99b..ecc08a040b 100644 --- a/views/lib/topbar.hbs +++ b/views/lib/topbar.hbs @@ -59,21 +59,22 @@
    {{> "user/forms/language" language=@root.userLanguage }}
  • {{$t "lib.loggedin.tab_label.settings" }}
  • - {{#ifeq externalSystem "SANIS"}} -
  • {{$t "lib.loggedin.tab_label.sanisExternalSignOut"}}
  • -
  • {{$t 'lib.loggedin.tab_label.sanisSignOut'}}
  • - {{else}} -
  • - {{$t 'lib.loggedin.tab_label.signOut'}}
  • - {{/ifeq}} + {{#if showExternalLogout}} +
  • + {{$t 'lib.loggedin.tab_label.signOut'}} Bildungscloud & {{ systemName }} +
  • + {{/if}} +
  • + {{$t 'lib.loggedin.tab_label.signOut'}}{{#if showExternalLogout}} Bildungscloud{{/if}} +
  • From 78a90a785a67349a6bbed6ae4d7a45fd206eb84c Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Thu, 7 Nov 2024 21:46:01 +0100 Subject: [PATCH 06/10] N21-2136 feature flag --- config/default.schema.json | 5 +++++ controllers/login.js | 4 +--- helpers/authentication.js | 3 ++- views/lib/topbar.hbs | 10 +++++----- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/config/default.schema.json b/config/default.schema.json index c3eeca73b4..a294dd051b 100644 --- a/config/default.schema.json +++ b/config/default.schema.json @@ -625,6 +625,11 @@ "type": "boolean", "default": false, "description": "Enables the rooms feature" + }, + "FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED": { + "type": "boolean", + "default": false, + "description": "Enables the external system logout feature" } }, "allOf": [ diff --git a/controllers/login.js b/controllers/login.js index f2a0d82065..4fd3161630 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -501,10 +501,8 @@ router.get('/logout/external/', (req, res, next) => { req.session.notification = { type: 'danger', message: res.$t('logout.text.externalLogoutFailed', { systemName: res.locals.systemName ?? '' }), - statusCode: 500, - timeToWait: Configuration.get('LOGIN_BLOCK_TIME'), }; - res.redirect(req.header('referrer') ?? '/dashboard'); + res.redirect('/dashboard'); }); }); diff --git a/helpers/authentication.js b/helpers/authentication.js index a9dd29539b..3f65b9232e 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -108,7 +108,8 @@ const populateCurrentUser = async (req, res) => { try { const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); - res.locals.showExternalLogout = response.alias === 'SANIS'; + res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED') + && response.alias === 'SANIS'; res.locals.systemName = response.displayName; } catch (err) { const metadata = { error: err.toString() }; diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs index ecc08a040b..33df1d2c38 100644 --- a/views/lib/topbar.hbs +++ b/views/lib/topbar.hbs @@ -59,9 +59,9 @@
    {{> "user/forms/language" language=@root.userLanguage }}
  • {{$t "lib.loggedin.tab_label.settings" }}
  • - {{#if showExternalLogout}} -
  • @@ -72,8 +72,8 @@ data-testid="logout" role="menuitem" href= {{#hasConfig "OAUTH2_LOGOUT_URI"}} {{getConfig "OAUTH2_LOGOUT_URI"}} {{else}} "/logout/" {{/hasConfig}} - aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}{{#if showExternalLogout}} Bildungscloud{{/if}}"> - {{$t 'lib.loggedin.tab_label.signOut'}}{{#if showExternalLogout}} Bildungscloud{{/if}} + aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}"> + {{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}
  • From 230e813501b23e9b0895f4e4783ee12eb29d31af Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Fri, 8 Nov 2024 10:28:12 +0100 Subject: [PATCH 07/10] N21-2136 cleanup --- controllers/login.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/controllers/login.js b/controllers/login.js index 4fd3161630..fab40d8ce0 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -484,26 +484,27 @@ router.get('/logout/', (req, res, next) => { .catch(next); }); -router.get('/logout/external/', (req, res, next) => { +router.get('/logout/external/', async (req, res, next) => { let redirectUri = '/logout/'; if (Configuration.has('OAUTH2_LOGOUT_URI')) { redirectUri = Configuration.get('OAUTH2_LOGOUT_URI'); } - api(req, { version: 'v3' }) - .post('/logout/external') // async, ignore result - .then(() => { - res.statusCode = 307; - res.redirect(redirectUri); - }) - .catch((err) => { + if (res.locals.isExternalLogoutAllowed) { + try { + await api(req, { version: 'v3' }).post('/logout/external'); + } catch (err) { logger.error('error during external logout.', formatError(err)); req.session.notification = { type: 'danger', message: res.$t('logout.text.externalLogoutFailed', { systemName: res.locals.systemName ?? '' }), }; res.redirect('/dashboard'); - }); + } + } + + res.statusCode = 307; + res.redirect(redirectUri); }); module.exports = router; From c88fcf9193159783b9138f7ba4c3dda51561079c Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Fri, 8 Nov 2024 12:51:19 +0100 Subject: [PATCH 08/10] N21-2136 debugging --- helpers/authentication.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helpers/authentication.js b/helpers/authentication.js index 3f65b9232e..9d51a6918e 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -108,9 +108,12 @@ const populateCurrentUser = async (req, res) => { try { const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); + const featureFlag = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED'); res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED') && response.alias === 'SANIS'; res.locals.systemName = response.displayName; + logger.info('response: ', response.alias, response.displayName); + logger.info('feature: ', featureFlag); } catch (err) { const metadata = { error: err.toString() }; logger.error('Unable to find out the external login system used by user', metadata); From cb282a2e5e0aa09fcff8086af7e759ad7fede3fc Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Fri, 8 Nov 2024 13:11:36 +0100 Subject: [PATCH 09/10] Revert "N21-2136 debugging" This reverts commit c88fcf9193159783b9138f7ba4c3dda51561079c. --- helpers/authentication.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/helpers/authentication.js b/helpers/authentication.js index 9d51a6918e..3f65b9232e 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -108,12 +108,9 @@ const populateCurrentUser = async (req, res) => { try { const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); - const featureFlag = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED'); res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED') && response.alias === 'SANIS'; res.locals.systemName = response.displayName; - logger.info('response: ', response.alias, response.displayName); - logger.info('feature: ', featureFlag); } catch (err) { const metadata = { error: err.toString() }; logger.error('Unable to find out the external login system used by user', metadata); From 37687532ecdc24513bd94592a4f0e48fee2060e8 Mon Sep 17 00:00:00 2001 From: Gordon Nicholas Date: Mon, 11 Nov 2024 08:46:44 +0100 Subject: [PATCH 10/10] N21-2136 logout error handling, review changes --- controllers/login.js | 6 ------ helpers/authentication.js | 6 +++++- locales/de.json | 5 ----- locales/en.json | 5 ----- locales/es.json | 5 ----- locales/uk.json | 5 ----- 6 files changed, 5 insertions(+), 27 deletions(-) diff --git a/controllers/login.js b/controllers/login.js index fab40d8ce0..cf0c744b9d 100644 --- a/controllers/login.js +++ b/controllers/login.js @@ -495,15 +495,9 @@ router.get('/logout/external/', async (req, res, next) => { await api(req, { version: 'v3' }).post('/logout/external'); } catch (err) { logger.error('error during external logout.', formatError(err)); - req.session.notification = { - type: 'danger', - message: res.$t('logout.text.externalLogoutFailed', { systemName: res.locals.systemName ?? '' }), - }; - res.redirect('/dashboard'); } } - res.statusCode = 307; res.redirect(redirectUri); }); diff --git a/helpers/authentication.js b/helpers/authentication.js index 3f65b9232e..854287989a 100644 --- a/helpers/authentication.js +++ b/helpers/authentication.js @@ -108,8 +108,12 @@ const populateCurrentUser = async (req, res) => { try { const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`); + const hasEndSessionEndpoint = 'oauthConfig' in response + && 'endSessionEndpoint' in response.oauthConfig + && response.oauthConfig.endSessionEndpoint; + res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED') - && response.alias === 'SANIS'; + && hasEndSessionEndpoint; res.locals.systemName = response.displayName; } catch (err) { const metadata = { error: err.toString() }; diff --git a/locales/de.json b/locales/de.json index cb28184200..22ae8f8630 100644 --- a/locales/de.json +++ b/locales/de.json @@ -2600,11 +2600,6 @@ "userAccountDeactivated": "Ihr Konto wurde deaktiviert. Bitte wenden Sie sich an Ihren Schuladministrator." } }, - "logout": { - "text": { - "externalLogoutFailed": "Die Abmeldung vom System {{systemName}} ist fehlgeschlagen. Bitte versuchen Sie es erneut oder kontaktieren Sie den Support." - } - }, "messenger": { "button": { "activate": "Aktivieren", diff --git a/locales/en.json b/locales/en.json index bd2f2d1a49..459a04f9d8 100644 --- a/locales/en.json +++ b/locales/en.json @@ -2600,11 +2600,6 @@ "userAccountDeactivated": "Your account has been deactivated. Please contact your school administrator." } }, - "logout": { - "text": { - "externalLogoutFailed": "Logout from {{systemName}} had failed. Please try again or contact support." - } - }, "messenger": { "button": { "activate": "Activate", diff --git a/locales/es.json b/locales/es.json index 17500ad087..3c79f69d26 100644 --- a/locales/es.json +++ b/locales/es.json @@ -2600,11 +2600,6 @@ "userAccountDeactivated": "Su cuenta ha sido desactivada. Comuníquese con el administrador de su escuela." } }, - "logout": { - "text": { - "externalLogoutFailed": "El cierre de sesión del sistema {{systemName}} ha fallado. Inténtalo de nuevo o ponte en contacto con el servicio de asistencia." - } - }, "messenger": { "button": { "activate": "Activar", diff --git a/locales/uk.json b/locales/uk.json index 96f7540815..7cbab54ba3 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -1869,11 +1869,6 @@ "loginForRegisteredUsers": "Вхід в систему для зареєстрованих користувачів" } }, - "logout": { - "text": { - "externalLogoutFailed": "Не вдалося вийти з системи {{SystemName}}. Спробуйте ще раз або зверніться до служби підтримки." - } - }, "teams": { "_team": { "edit": {