projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
16159: Adds tests checking token expiration at logout.
[arvados.git] / lib / controller / localdb / login.go
diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index 4bf515fc3f1113b6a240e991ecc3e236c8b49ee3..01fa84ea4fe885ba59e7f56099cdfb41d21e2a8c 100644 (file)
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -47,6 +47,7 @@ func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginControll
                        Issuer:             "https://accounts.google.com",
                        ClientID:           cluster.Login.Google.ClientID,
                        ClientSecret:       cluster.Login.Google.ClientSecret,
+                       AuthParams:         cluster.Login.Google.AuthenticationRequestParameters,
                        UseGooglePeopleAPI: cluster.Login.Google.AlternateEmailAddresses,
                        EmailClaim:         "email",
                        EmailVerifiedClaim: "email_verified",
@@ -58,6 +59,7 @@ func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginControll
                        Issuer:             cluster.Login.OpenIDConnect.Issuer,
                        ClientID:           cluster.Login.OpenIDConnect.ClientID,
                        ClientSecret:       cluster.Login.OpenIDConnect.ClientSecret,
+                       AuthParams:         cluster.Login.OpenIDConnect.AuthenticationRequestParameters,
                        EmailClaim:         cluster.Login.OpenIDConnect.EmailClaim,
                        EmailVerifiedClaim: cluster.Login.OpenIDConnect.EmailVerifiedClaim,
                        UsernameClaim:      cluster.Login.OpenIDConnect.UsernameClaim,
@@ -122,25 +124,13 @@ type federatedLoginController struct {
 func (ctrl federatedLoginController) Login(context.Context, arvados.LoginOptions) (arvados.LoginResponse, error) {
        return arvados.LoginResponse{}, httpserver.ErrorWithStatus(errors.New("Should have been redirected to login cluster"), http.StatusBadRequest)
 }
-func (ctrl federatedLoginController) Logout(_ context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
-       return noopLogout(ctrl.Cluster, opts)
+func (ctrl federatedLoginController) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
+       return logout(ctx, ctrl.Cluster, opts)
 }
 func (ctrl federatedLoginController) UserAuthenticate(context.Context, arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
        return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
 }
 
-func noopLogout(cluster *arvados.Cluster, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
-       target := opts.ReturnTo
-       if target == "" {
-               if cluster.Services.Workbench2.ExternalURL.Host != "" {
-                       target = cluster.Services.Workbench2.ExternalURL.String()
-               } else {
-                       target = cluster.Services.Workbench1.ExternalURL.String()
-               }
-       }
-       return arvados.LogoutResponse{RedirectLocation: target}, nil
-}
-
 func (conn *Conn) CreateAPIClientAuthorization(ctx context.Context, rootToken string, authinfo rpc.UserSessionAuthInfo) (resp arvados.APIClientAuthorization, err error) {
        if rootToken == "" {
                return arvados.APIClientAuthorization{}, errors.New("configuration error: empty SystemRootToken")