Fixed logout without current user

but with valid id token

Change-Id: I424e60f8456ba53bb8fa990d9e2f54503b9160af
This commit is contained in:
Sebastian Marcet 2018-09-04 13:59:53 -03:00
parent 23aa90d68e
commit 865aefeaf1
2 changed files with 5 additions and 9 deletions

View File

@ -264,11 +264,6 @@ final class OAuth2ProviderController extends Controller
*/
public function endSession()
{
if(!$this->auth_service->isUserLogged()) {
Log::debug("OAuth2ProviderController::endSession user is not logged!");
return Response::view('errors.404', array(), 404);
}
$request = new OAuth2LogoutRequest
(
new OAuth2Message
@ -280,7 +275,7 @@ final class OAuth2ProviderController extends Controller
if(!$request->isValid())
{
Log::error('invalid OAuth2LogoutRequest!');
return Response::view('errors.404', array(), 404);
return Response::view('errors.404', [], 404);
}
if(Request::isMethod('get') )
@ -314,7 +309,6 @@ final class OAuth2ProviderController extends Controller
if (!is_null($response) && $response instanceof OAuth2Response) {
$strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
return $strategy->handle($response);
}

View File

@ -1428,14 +1428,16 @@ final class OAuth2Protocol implements IOAuth2Protocol
$this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
throw new InvalidOAuth2Request('user not found!');
}
$logged_user = $this->auth_service->getCurrentUser();
if(is_null($logged_user) || $logged_user->getId() !== $user->getId()) {
if(!is_null($logged_user) && $logged_user->getId() !== $user->getId()) {
$this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
throw new InvalidOAuth2Request('user does not match with current session!');
}
$this->auth_service->logout();
if(!is_null($logged_user))
$this->auth_service->logout();
if(!empty($redirect_logout_uri))
{