Merge pull request #11584 from mvdbeek/backport_oidc_logout

[21.01] Backport oidc logout fix
galaxyproject · Mar 10, 2021 · 3cafcfd · 3cafcfd
2 parents 90e4f0c + a8a581b
commit 3cafcfd
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/client/src/components/User/ExternalIdentities/ExternalLogin.vue b/client/src/components/User/ExternalIdentities/ExternalLogin.vue
@@ -173,6 +173,7 @@ export default {
             axios
                 .post(`${rootUrl}authnz/${idp}/login/?idphint=${this.selected.EntityID}`)
                 .then((response) => {
+                    localStorage.setItem("galaxy-provider", idp);
                     if (response.data.redirect_uri) {
                         window.location = response.data.redirect_uri;
                     }

diff --git a/client/src/layout/menu.js b/client/src/layout/menu.js
@@ -20,6 +20,11 @@ export function userLogout(logoutAll = false) {
             }
             // Check if we need to logout of OIDC IDP
             if (galaxy.config.enable_oidc) {
+                const provider = localStorage.getItem("galaxy-provider");
+                if (provider) {
+                    localStorage.removeItem("galaxy-provider");
+                    return axios.get(`${galaxy.root}authnz/logout?provider=${provider}`);
+                }
                 return axios.get(`${galaxy.root}authnz/logout`);
             } else {
                 // Otherwise pass through the initial logout response

diff --git a/lib/galaxy/webapps/galaxy/controllers/authnz.py b/lib/galaxy/webapps/galaxy/controllers/authnz.py
@@ -142,6 +142,7 @@ def disconnect(self, trans, provider, email=None, **kwargs):
         return trans.response.send_redirect(redirect_url)
 
     @web.json
+    @web.expose
     def logout(self, trans, provider, **kwargs):
         post_logout_redirect_url = trans.request.base + url_for('/') + 'root/login?is_logout_redirect=true'
         success, message, redirect_uri = trans.app.authnz_manager.logout(provider,
@@ -153,8 +154,8 @@ def logout(self, trans, provider, **kwargs):
             return {'message': message}
 
     @web.expose
-    def get_logout_url(self, trans, **kwargs):
-        idp_provider = trans.get_cookie(name=PROVIDER_COOKIE_NAME)
+    def get_logout_url(self, trans, provider=None, **kwargs):
+        idp_provider = provider if provider else trans.get_cookie(name=PROVIDER_COOKIE_NAME)
         if idp_provider:
             return trans.response.send_redirect(url_for(controller='authnz', action='logout', provider=idp_provider))