This repository was archived by the owner on Feb 25, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 84
/
Copy pathsignout.js
99 lines (79 loc) · 2.13 KB
/
signout.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/**
* Module dependencies
*/
var crypto = require('crypto')
, settings = require('../boot/settings')
, Client = require('../models/Client')
, IDToken = require('../models/IDToken')
, InvalidTokenError = require('../errors/InvalidTokenError')
;
/**
* Signout
*/
function signout (req, res, next) {
var uri = req.query.post_logout_redirect_uri
, hint = req.query.id_token_hint
;
// verify the uri using the hint
if (uri && hint) {
var token = IDToken.decode(hint, settings.publicKey);
// the token checks out
if (token && token instanceof Error === false) {
Client.get(token.payload.aud, function (err, client) {
// something smells bad
if (err) {
return next(err);
}
// unknown client
else if (!client) {
return next(new Error('Unknown client'));
}
// the uri is not registered.
// logout, but don't redirect.
else if (client.post_logout_redirect_uris.indexOf(uri) === -1) {
req.session.opbs = crypto.randomBytes(256).toString('hex');
delete req.session.amr;
req.logout();
res.set({
'Cache-Control': 'no-store',
'Pragma': 'no-cache'
});
res.sendStatus(204);
}
// logout and redirect
else {
req.session.opbs = crypto.randomBytes(256).toString('hex');
delete req.session.amr;
req.logout();
res.redirect(uri);
}
});
}
// can't decode the token
else {
return next(new InvalidTokenError("Can't decode id_token_hint"));
}
}
// there's no way to verify the uri
else if (uri) {
req.session.opbs = crypto.randomBytes(256).toString('hex');
delete req.session.amr;
req.logout();
res.redirect(uri);
}
// logout and respond without redirect
else {
req.session.opbs = crypto.randomBytes(256).toString('hex');
delete req.session.amr;
req.logout();
res.set({
'Cache-Control': 'no-store',
'Pragma': 'no-cache'
});
res.sendStatus(204);
}
}
/**
* Export
*/
module.exports = signout;