mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2025-02-25 18:55:31 -06:00
Ensure that the OAuth2 session is logged out when users log out from pgAdmin. #7193
This commit is contained in:
parent
7593bb98c1
commit
3425bc0349
@ -802,7 +802,12 @@ OAUTH2_CONFIG = [
|
|||||||
# for OAuth2 provider.
|
# for OAuth2 provider.
|
||||||
# This may need to set False, in case of self-signed certificates.
|
# This may need to set False, in case of self-signed certificates.
|
||||||
# Ref: https://github.com/psf/requests/issues/6071
|
# Ref: https://github.com/psf/requests/issues/6071
|
||||||
'OAUTH2_SSL_CERT_VERIFICATION': True
|
'OAUTH2_SSL_CERT_VERIFICATION': True,
|
||||||
|
# set this variable to invalidate the session of the oauth2 provider
|
||||||
|
# Example for keycloak:
|
||||||
|
# 'OAUTH2_LOGOUT_URL':
|
||||||
|
# 'https://example.com/realms/master/protocol/openid-connect/logout?post_logout_redirect_uri={redirect_uri}&id_token_hint={id_token}'
|
||||||
|
'OAUTH2_LOGOUT_URL': None
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -69,11 +69,21 @@ def init_app(app):
|
|||||||
methods=['GET', 'POST'])
|
methods=['GET', 'POST'])
|
||||||
@pgCSRFProtect.exempt
|
@pgCSRFProtect.exempt
|
||||||
def oauth_logout():
|
def oauth_logout():
|
||||||
|
id_token = session['oauth2_token']['id_token']
|
||||||
|
logout_url = None
|
||||||
|
if 'oauth2_logout_url' in session:
|
||||||
|
logout_url = session['oauth2_logout_url']
|
||||||
|
|
||||||
if not current_user.is_authenticated:
|
if not current_user.is_authenticated:
|
||||||
return redirect(get_safe_post_logout_redirect())
|
return redirect(get_safe_post_logout_redirect())
|
||||||
for key in list(session.keys()):
|
for key in list(session.keys()):
|
||||||
session.pop(key)
|
session.pop(key)
|
||||||
|
|
||||||
logout_user()
|
logout_user()
|
||||||
|
if logout_url:
|
||||||
|
return redirect(logout_url.format(
|
||||||
|
redirect_uri=request.url_root,
|
||||||
|
id_token=id_token))
|
||||||
return redirect(get_safe_post_logout_redirect())
|
return redirect(get_safe_post_logout_redirect())
|
||||||
|
|
||||||
app.register_blueprint(blueprint)
|
app.register_blueprint(blueprint)
|
||||||
@ -202,6 +212,11 @@ class OAuth2Authentication(BaseAuthentication):
|
|||||||
|
|
||||||
session['pass_enc_key'] = session['oauth2_token']['access_token']
|
session['pass_enc_key'] = session['oauth2_token']['access_token']
|
||||||
|
|
||||||
|
if 'OAUTH2_LOGOUT_URL' in self.oauth2_config[
|
||||||
|
self.oauth2_current_client]:
|
||||||
|
session['oauth2_logout_url'] = self.oauth2_config[
|
||||||
|
self.oauth2_current_client]['OAUTH2_LOGOUT_URL']
|
||||||
|
|
||||||
resp = self.oauth2_clients[self.oauth2_current_client].get(
|
resp = self.oauth2_clients[self.oauth2_current_client].get(
|
||||||
self.oauth2_config[
|
self.oauth2_config[
|
||||||
self.oauth2_current_client]['OAUTH2_USERINFO_ENDPOINT'],
|
self.oauth2_current_client]['OAUTH2_USERINFO_ENDPOINT'],
|
||||||
|
Loading…
Reference in New Issue
Block a user