oidc-idp/internal/handlers/logout.go

/*
Copyright 2020-2023 CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package handlers

import (
	"html/template"
	"net/http"

	client "github.com/ory/hydra-client-go/v2"
	log "github.com/sirupsen/logrus"

	"code.cacert.org/cacert/oidc-idp/internal/services"
)

type LogoutHandler struct {
	adminClient client.OAuth2Api
	logger      *log.Logger
}

func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	challenge := r.URL.Query().Get("logout_challenge")
	h.logger.WithField("challenge", challenge).Debug("received logout challenge")

	logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest(
		r.Context(),
	).LogoutChallenge(challenge).Execute()
	if err != nil {
		h.logger.WithError(err).Error("error getting logout requests")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

		return
	}

	defer func() { _ = response.Body.Close() }()

	h.logger.WithFields(
		log.Fields{"response": response.Status, "logout_request": logoutRequest},
	).Debug("got response for GetOAuth2LogoutRequest")

	acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest(
		r.Context(),
	).LogoutChallenge(challenge).Execute()
	if err != nil {
		h.logger.WithError(err).Error("accept logout request failed")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
	}

	defer func() { _ = response.Body.Close() }()

	h.logger.WithFields(
		log.Fields{"response": response.Status, "accept_logout_request": acceptLogoutRequest},
	).Debug("got response for AcceptOAuth2LogoutRequest")

	w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo())
	w.WriteHeader(http.StatusFound)
}

func NewLogout(logger *log.Logger, adminClient client.OAuth2Api) *LogoutHandler {
	return &LogoutHandler{
		logger:      logger,
		adminClient: adminClient,
	}
}

type LogoutSuccessHandler struct {
	logger    *log.Logger
	trans     *services.I18NService
	templates TemplateCache
}

func (h *LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodGet {
		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)

		return
	}

	localizer := getLocalizer(h.trans, r)

	h.templates.render(h.logger, w, LogoutSuccessful, map[string]interface{}{
		"Title": h.trans.LookupMessage("LogoutSuccessfulTitle", nil, localizer),
		"Explanation": template.HTML(h.trans.LookupMarkdownMessage( //nolint:gosec
			"LogoutSuccessfulText",
			nil,
			localizer,
		)),
	})
}

func NewLogoutSuccess(
	logger *log.Logger,
	templateCache TemplateCache,
	trans *services.I18NService,
) *LogoutSuccessHandler {
	return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache}
}
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`/*`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Copyright 2020-2023 CAcert Inc.`
			`SPDX-License-Identifier: Apache-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Small IDP refactoring - move internal code to internal directory - add translations for texts on missing email in client certificate page - add error handling for missing login_challenge request parameter - add Markdown support via goldmark - use https:// URLs in Apache license headers 2023-07-18 18:37:04 +00:00			`https://www.apache.org/licenses/LICENSE-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`*/`

			`package handlers`

			`import (`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"html/template"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`"net/http"`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`client "github.com/ory/hydra-client-go/v2"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`log "github.com/sirupsen/logrus"`
Fix golangci-lint config 2023-07-29 20:00:53 +00:00
			`"code.cacert.org/cacert/oidc-idp/internal/services"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`)`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutHandler struct {`
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`adminClient client.OAuth2Api`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`logger *log.Logger`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`func (h LogoutHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`challenge := r.URL.Query().Get("logout_challenge")`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithField("challenge", challenge).Debug("received logout challenge")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`logoutRequest, response, err := h.adminClient.GetOAuth2LogoutRequest(`
			`r.Context(),`
			`).LogoutChallenge(challenge).Execute()`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`if err != nil {`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithError(err).Error("error getting logout requests")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`return`
			`}`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`defer func() { _ = response.Body.Close() }()`

			`h.logger.WithFields(`
			`log.Fields{"response": response.Status, "logout_request": logoutRequest},`
			`).Debug("got response for GetOAuth2LogoutRequest")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`acceptLogoutRequest, response, err := h.adminClient.AcceptOAuth2LogoutRequest(`
			`r.Context(),`
			`).LogoutChallenge(challenge).Execute()`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`if err != nil {`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithError(err).Error("accept logout request failed")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`

Adapt to Hydra 2.x - use new SDK package - add session to transport user information from login to consent 2023-08-03 21:49:57 +00:00			`defer func() { _ = response.Body.Close() }()`

			`h.logger.WithFields(`
			`log.Fields{"response": response.Status, "accept_logout_request": acceptLogoutRequest},`
			`).Debug("got response for AcceptOAuth2LogoutRequest")`

			`w.Header().Set("Location", acceptLogoutRequest.GetRedirectTo())`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`w.WriteHeader(http.StatusFound)`
			`}`

Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`func NewLogout(logger log.Logger, adminClient client.OAuth2Api) LogoutHandler {`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`return &LogoutHandler{`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`logger: logger,`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`adminClient: adminClient,`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutSuccessHandler struct {`
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`logger *log.Logger`
			`trans *services.I18NService`
			`templates TemplateCache`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`func (h LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`if r.Method != http.MethodGet {`
			`http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)`

			`return`
			`}`

Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`localizer := getLocalizer(h.trans, r)`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`h.templates.render(h.logger, w, LogoutSuccessful, map[string]interface{}{`
			`"Title": h.trans.LookupMessage("LogoutSuccessfulTitle", nil, localizer),`
			`"Explanation": template.HTML(h.trans.LookupMarkdownMessage( //nolint:gosec`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"LogoutSuccessfulText",`
			`nil,`
			`localizer,`
			`)),`
			`})`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`func NewLogoutSuccess(`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`logger *log.Logger,`
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`templateCache TemplateCache,`
			`trans *services.I18NService,`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`) *LogoutSuccessHandler {`
Implement consent management The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages 2023-08-07 13:15:45 +00:00			`return &LogoutSuccessHandler{logger: logger, trans: trans, templates: templateCache}`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`