From 01b5d145ace020157afe6e74906b0619a3000f48 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Fri, 1 Mar 2024 10:06:28 -0500 Subject: [PATCH 1/3] Updating cf configurations with right names --- cf/manifest.prod.yml | 2 +- cf/manifest.staging.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cf/manifest.prod.yml b/cf/manifest.prod.yml index 2d495da..0835375 100644 --- a/cf/manifest.prod.yml +++ b/cf/manifest.prod.yml @@ -1,6 +1,6 @@ --- applications: -- name: srt-server-prod +- name: srt-api-prod memory: 1024M disk_quota: 2048M # health-check-type: process # don't re-enable....move to port 8080 if you have problems diff --git a/cf/manifest.staging.yml b/cf/manifest.staging.yml index 487c37a..410c247 100644 --- a/cf/manifest.staging.yml +++ b/cf/manifest.staging.yml @@ -1,6 +1,6 @@ --- applications: -- name: srt-server-staging +- name: srt-api-staging memory: 1024M disk_quota: 2048M # health-check-type: process # don't re-enable....move to port 8080 if you have problems From 55119ce2b1a1f72bedf68605cfac2222443c940a Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Fri, 1 Mar 2024 10:07:57 -0500 Subject: [PATCH 2/3] Add logout method --- server/app.js | 13 +++++++++++++ server/config/config.js | 11 ++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/server/app.js b/server/app.js index 775771f..b888fec 100644 --- a/server/app.js +++ b/server/app.js @@ -17,6 +17,7 @@ const logger = require('./config/winston') const {cleanAwardNotices} = require('./cron/noticeAwardCleanup') const {CronJob} = require('cron') const pg = require('pg'); +const querystring = require('querystring'); const { Issuer, Strategy, generators } = require('openid-client'); @@ -223,6 +224,18 @@ module.exports = { app.get("/api/login", (req, res) => { res.redirect(login_gov_auth_url); }); + app.get("/api/logout", (req, res) => { + + const logoutEndPoint = config['login_gov_oidc']['logout_endpoint'] + + const params = { + client_id: config['login_gov_oidc']['client_id'], + post_logout_redirect_uri: config['srtClientUrl'] + '/auth', + } + + res.redirect(logoutEndPoint + '?' + querystring.stringify(params)) + + }); // Login.gov Failure to Proof URL: // For users who are unable to complete identity proofing and returning to the app app.get("odic/failure", (req, res) => { diff --git a/server/config/config.js b/server/config/config.js index af5bd83..eeeb61e 100644 --- a/server/config/config.js +++ b/server/config/config.js @@ -351,7 +351,9 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", - "redirect_uri": "http://localhost:3000/odic/callback" + "redirect_uri": "http://localhost:3000/odic/callback", + "logout_endpoint": "https://idp.int.identitysandbox.gov/openid_connect/logout", + }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", @@ -431,7 +433,8 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", - "redirect_uri": "http://srt-server-dev.app.cloud.gov/odic/callback" + "redirect_uri": "http://srt-server-dev.app.cloud.gov/odic/callback", + "logout_endpoint": "https://idp.int.identitysandbox.gov/openid_connect/logout", }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", @@ -472,7 +475,8 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", - "redirect_uri": "http://srt-server-staging.app.cloud.gov/odic/callback" + "redirect_uri": "http://srt-server-staging.app.cloud.gov/odic/callback", + "logout_endpoint": "https://idp.int.identitysandbox.gov/openid_connect/logout", }, "maxCas" : { "cas_url" : "https://login.test.max.gov/cas/", @@ -551,6 +555,7 @@ module.exports = { "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/token", "user_endpoint": "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo", + "logout_endpoint": "https://idp.int.identitysandbox.gov/openid_connect/logout", }, "maxCas" : { "cas_url" : "https://login.max.gov/cas/", From fb8a79050b3c400d2398c39f96742d4264f81455 Mon Sep 17 00:00:00 2001 From: Adam Buckingham Date: Fri, 1 Mar 2024 10:08:14 -0500 Subject: [PATCH 3/3] Fixing login.gov redirect issues --- server/routes/auth.routes.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/routes/auth.routes.js b/server/routes/auth.routes.js index c80a275..50be0cf 100644 --- a/server/routes/auth.routes.js +++ b/server/routes/auth.routes.js @@ -552,12 +552,13 @@ module.exports = { userRole: srt_userinfo.userRole, firstName: srt_userinfo.firstName || userInfo.given_name, lastName: srt_userinfo.lastName || userInfo.family_name, + loginMethod: "login.gov", } let location = `${config['srtClientUrl']}/auth?info=${jsonToURI(uri_components)}` + + //console.log("Redirecting to: ", location) - return res.status(302) - .set('Location', location) - .send(`Preparing login`) + return res.redirect(302, location); }) });