oidc-idp/internal/handlers/logout.go

/*
Copyright 2020-2023 CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package handlers

import (
	"bytes"
	"html/template"
	"net/http"
	"time"

	"github.com/nicksnyder/go-i18n/v2/i18n"
	"github.com/ory/hydra-client-go/client/admin"
	log "github.com/sirupsen/logrus"

	"code.cacert.org/cacert/oidc_idp/internal/services"
	"code.cacert.org/cacert/oidc_idp/ui"
)

type LogoutHandler struct {
	adminClient admin.ClientService
	logger      *log.Logger
}

func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	const Ten = 10 * time.Second

	challenge := r.URL.Query().Get("logout_challenge")
	h.logger.WithField("challenge", challenge).Debug("received logout challenge")

	logoutRequest, err := h.adminClient.GetLogoutRequest(
		admin.NewGetLogoutRequestParams().WithLogoutChallenge(challenge).WithTimeout(Ten))
	if err != nil {
		h.logger.WithError(err).Error("error getting logout requests")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

		return
	}

	h.logger.WithField("logout_request", logoutRequest.Payload).Debug("received logout request")

	acceptLogoutRequest, err := h.adminClient.AcceptLogoutRequest(
		admin.NewAcceptLogoutRequestParams().WithLogoutChallenge(challenge))
	if err != nil {
		h.logger.WithError(err).Error("accept logout request failed")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
	}

	w.Header().Set("Location", *acceptLogoutRequest.GetPayload().RedirectTo)
	w.WriteHeader(http.StatusFound)
}

func NewLogoutHandler(logger *log.Logger, adminClient admin.ClientService) *LogoutHandler {
	return &LogoutHandler{
		logger:      logger,
		adminClient: adminClient,
	}
}

type LogoutSuccessHandler struct {
	bundle         *i18n.Bundle
	logger         *log.Logger
	messageCatalog *services.MessageCatalog
	template       *template.Template
}

func (h *LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodGet {
		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)

		return
	}

	accept := r.Header.Get("Accept-Language")
	localizer := i18n.NewLocalizer(h.bundle, accept)

	rendered := bytes.NewBuffer(make([]byte, 0))

	err := h.template.Lookup("base").Execute(rendered, map[string]interface{}{
		"Title": h.messageCatalog.LookupMessage("LogoutSuccessfulTitle", nil, localizer),
		"Explanation": template.HTML(h.messageCatalog.LookupMarkdownMessage( //nolint:gosec
			"LogoutSuccessfulText",
			nil,
			localizer,
		)),
	})
	if err != nil {
		h.logger.WithError(err).Error("template rendering failed")
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

		return
	}

	_, _ = w.Write(rendered.Bytes())
}

func NewLogoutSuccessHandler(
	logger *log.Logger,
	bundle *i18n.Bundle,
	messageCatalog *services.MessageCatalog,
) *LogoutSuccessHandler {
	return &LogoutSuccessHandler{
		bundle:         bundle,
		logger:         logger,
		messageCatalog: messageCatalog,
		template: template.Must(template.ParseFS(ui.Templates,
			"templates/base.gohtml",
			"templates/logout_successful.gohtml",
		)),
	}
}
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`/*`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Copyright 2020-2023 CAcert Inc.`
			`SPDX-License-Identifier: Apache-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Small IDP refactoring - move internal code to internal directory - add translations for texts on missing email in client certificate page - add error handling for missing login_challenge request parameter - add Markdown support via goldmark - use https:// URLs in Apache license headers 2023-07-18 18:37:04 +00:00			`https://www.apache.org/licenses/LICENSE-2.0`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`*/`

			`package handlers`

			`import (`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"bytes"`
			`"html/template"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`"net/http"`
			`"time"`

Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`"github.com/nicksnyder/go-i18n/v2/i18n"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`"github.com/ory/hydra-client-go/client/admin"`
			`log "github.com/sirupsen/logrus"`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00
			`"code.cacert.org/cacert/oidc_idp/internal/services"`
			`"code.cacert.org/cacert/oidc_idp/ui"`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`)`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutHandler struct {`
			`adminClient admin.ClientService`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`logger *log.Logger`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`func (h LogoutHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`const Ten = 10 * time.Second`

Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`challenge := r.URL.Query().Get("logout_challenge")`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithField("challenge", challenge).Debug("received logout challenge")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
			`logoutRequest, err := h.adminClient.GetLogoutRequest(`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`admin.NewGetLogoutRequestParams().WithLogoutChallenge(challenge).WithTimeout(Ten))`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`if err != nil {`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithError(err).Error("error getting logout requests")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`return`
			`}`

Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithField("logout_request", logoutRequest.Payload).Debug("received logout request")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00
			`acceptLogoutRequest, err := h.adminClient.AcceptLogoutRequest(`
			`admin.NewAcceptLogoutRequestParams().WithLogoutChallenge(challenge))`
			`if err != nil {`
Improve logging - switch to structured logging - use JSON formatter - support log level and formatter configuration 2023-07-29 18:32:02 +00:00			`h.logger.WithError(err).Error("accept logout request failed")`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`

			`w.Header().Set("Location", *acceptLogoutRequest.GetPayload().RedirectTo)`
			`w.WriteHeader(http.StatusFound)`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`func NewLogoutHandler(logger log.Logger, adminClient admin.ClientService) LogoutHandler {`
			`return &LogoutHandler{`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`logger: logger,`
Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`adminClient: adminClient,`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`
			`}`

Fix linter warnings, modernize code 2023-05-13 11:27:19 +00:00			`type LogoutSuccessHandler struct {`
Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`bundle *i18n.Bundle`
			`logger *log.Logger`
			`messageCatalog *services.MessageCatalog`
			`template *template.Template`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`func (h LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`if r.Method != http.MethodGet {`
			`http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)`

			`return`
			`}`

			`accept := r.Header.Get("Accept-Language")`
			`localizer := i18n.NewLocalizer(h.bundle, accept)`

			`rendered := bytes.NewBuffer(make([]byte, 0))`

			`err := h.template.Lookup("base").Execute(rendered, map[string]interface{}{`
			`"Title": h.messageCatalog.LookupMessage("LogoutSuccessfulTitle", nil, localizer),`
			`"Explanation": template.HTML(h.messageCatalog.LookupMarkdownMessage( //nolint:gosec`
			`"LogoutSuccessfulText",`
			`nil,`
			`localizer,`
			`)),`
			`})`
			`if err != nil {`
			`h.logger.WithError(err).Error("template rendering failed")`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`

			`return`
			`}`

			`_, _ = w.Write(rendered.Bytes())`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`

Implement logout-successful handler 2023-07-24 19:09:35 +00:00			`func NewLogoutSuccessHandler(`
			`logger *log.Logger,`
			`bundle *i18n.Bundle,`
			`messageCatalog *services.MessageCatalog,`
			`) *LogoutSuccessHandler {`
			`return &LogoutSuccessHandler{`
			`bundle: bundle,`
			`logger: logger,`
			`messageCatalog: messageCatalog,`
			`template: template.Must(template.ParseFS(ui.Templates,`
			`"templates/base.gohtml",`
			`"templates/logout_successful.gohtml",`
			`)),`
			`}`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`}`