From 1a6bbfd10baa753ba760efae079b3ba2561cf098 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Wed, 27 Nov 2019 11:41:07 +0000 Subject: [PATCH] FIX: Do not start the login flow when logging out from SSO/Authenticator (#8423) This affects login_required sites which use SSO or have only one authenticator enabled. Previously, logging out would redirect to the homepage, which would then redirect to the identity provider. Now, users will be redirected to the Discourse login page. This avoids the confusing situation where a user appears to remain logged in after clicking logout. Sites which have explicitly defined a logout_redirect url are not affected by this change. For context, see https://meta.discourse.org/t/134138/2 --- .../javascripts/discourse/lib/logout.js.es6 | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/discourse/lib/logout.js.es6 b/app/assets/javascripts/discourse/lib/logout.js.es6 index 09986e892bf..23160f8e449 100644 --- a/app/assets/javascripts/discourse/lib/logout.js.es6 +++ b/app/assets/javascripts/discourse/lib/logout.js.es6 @@ -1,4 +1,6 @@ import { isEmpty } from "@ember/utils"; +import { findAll } from "discourse/models/login-method"; + export default function logout(siteSettings, keyValueStore) { if (!siteSettings || !keyValueStore) { const container = Discourse.__container__; @@ -9,9 +11,21 @@ export default function logout(siteSettings, keyValueStore) { keyValueStore.abandonLocal(); const redirect = siteSettings.logout_redirect; - if (isEmpty(redirect)) { - window.location = Discourse.getURL("/"); - } else { + if (!isEmpty(redirect)) { window.location.href = redirect; + return; } + + const sso = siteSettings.enable_sso; + const oneAuthenticator = + !siteSettings.enable_local_logins && findAll().length === 1; + + if (siteSettings.login_required && (sso || oneAuthenticator)) { + // In this situation visiting most URLs will start the auth process again + // Go to the `/login` page to avoid an immediate redirect + window.location.href = Discourse.getURL("/login"); + return; + } + + window.location.href = Discourse.getURL("/"); }