From 865aefeaf117902ec787efe57ac81ca9356fdafe Mon Sep 17 00:00:00 2001
From: Sebastian Marcet <smarcet@gmail.com>
Date: Tue, 4 Sep 2018 13:59:53 -0300
Subject: [PATCH] Fixed logout without current user but with valid id token

Change-Id: I424e60f8456ba53bb8fa990d9e2f54503b9160af
---
 app/Http/Controllers/OAuth2/OAuth2ProviderController.php | 8 +-------
 app/libs/OAuth2/OAuth2Protocol.php                       | 6 ++++--
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/app/Http/Controllers/OAuth2/OAuth2ProviderController.php b/app/Http/Controllers/OAuth2/OAuth2ProviderController.php
index 2c743ca4..5810f08e 100644
--- a/app/Http/Controllers/OAuth2/OAuth2ProviderController.php
+++ b/app/Http/Controllers/OAuth2/OAuth2ProviderController.php
@@ -264,11 +264,6 @@ final class OAuth2ProviderController extends Controller
      */
     public function endSession()
     {
-        if(!$this->auth_service->isUserLogged()) {
-            Log::debug("OAuth2ProviderController::endSession user is not logged!");
-            return Response::view('errors.404', array(), 404);
-        }
-
         $request = new OAuth2LogoutRequest
         (
             new OAuth2Message
@@ -280,7 +275,7 @@ final class OAuth2ProviderController extends Controller
         if(!$request->isValid())
         {
             Log::error('invalid OAuth2LogoutRequest!');
-            return Response::view('errors.404', array(), 404);
+            return Response::view('errors.404', [], 404);
         }
 
         if(Request::isMethod('get') )
@@ -314,7 +309,6 @@ final class OAuth2ProviderController extends Controller
 
             if (!is_null($response) && $response instanceof OAuth2Response) {
                 $strategy = OAuth2ResponseStrategyFactoryMethod::buildStrategy($request, $response);
-
                 return $strategy->handle($response);
             }
 
diff --git a/app/libs/OAuth2/OAuth2Protocol.php b/app/libs/OAuth2/OAuth2Protocol.php
index 85eb5634..0c448c30 100644
--- a/app/libs/OAuth2/OAuth2Protocol.php
+++ b/app/libs/OAuth2/OAuth2Protocol.php
@@ -1428,14 +1428,16 @@ final class OAuth2Protocol implements IOAuth2Protocol
                 $this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
                 throw new InvalidOAuth2Request('user not found!');
             }
+
             $logged_user = $this->auth_service->getCurrentUser();
 
-            if(is_null($logged_user) || $logged_user->getId() !== $user->getId()) {
+            if(!is_null($logged_user) && $logged_user->getId() !== $user->getId()) {
                 $this->log_service->debug_msg("OAuth2Protocol::endSession user does not match with current session!");
                 throw new InvalidOAuth2Request('user does not match with current session!');
             }
 
-            $this->auth_service->logout();
+            if(!is_null($logged_user))
+                $this->auth_service->logout();
 
             if(!empty($redirect_logout_uri))
             {