From ba02f861bf72b5488452046feec71d622e710c0f Mon Sep 17 00:00:00 2001
From: Wolfgang Knopki <wolfgang.knopki@hft-stuttgart.de>
Date: Fri, 18 Sep 2020 12:04:12 +0200
Subject: [PATCH] [slo] added slo functionality to main logoutbutton

---
 config/default.json |  3 ++-
 routes/root.js      | 51 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/config/default.json b/config/default.json
index cd012ee..ff977c2 100644
--- a/config/default.json
+++ b/config/default.json
@@ -33,5 +33,6 @@
 
   "path" : "http://localhost:9666/saml/SSO",
   "entryPoint" : "https://m4lab.hft-stuttgart.de/idp/saml2/idp/SSOService.php",
-  "issuer" : "spacedeck.m4lab.hft-stuttgart.de"
+  "issuer" : "spacedeck.m4lab.hft-stuttgart.de",
+  "logoutUrl": "https://m4lab.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php"
 }
diff --git a/routes/root.js b/routes/root.js
index ccbc544..81892e0 100644
--- a/routes/root.js
+++ b/routes/root.js
@@ -32,6 +32,7 @@ const uuidv4 = require('uuid/v4');
   var samlStrategy = new SamlStrategy({
       // URL that goes from the Identity Provider -> Service Provider
       callbackUrl: config.path,
+      logoutUrl: config.logoutUrl,
 
       entryPoint: config.entryPoint,
       issuer: config.issuer,
@@ -245,10 +246,58 @@ router.get('/login', passport.authenticate('saml',
 //  res.render('spacedeck', { config:config, user:req.user });
 //});
 
+function samlLogout(req,res){
+console.log("enter samlLogout")
+try{
+    samlStrategy.logout(req, function(err,uri){
+        if(err) console.log("can't generate logout URL: ${err}");
+        req.logout();
+        var token = req.cookies['sdsession'];
+        db.Session.findOne({where: {token: token}})
+            .then(session => {
+                session.destroy();
+            });
+        var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
+        res.clearCookie('sdsession', { domain: domain });
+        console.log("clear Cookie")
+        res.redirect(uri);
+    });
+}catch(err){
+    if(err) console.log(`Exception on URL: ${err}`);
+    req.logout();
+    var token = req.cookies['sdsession'];
+    db.Session.findOne({where: {token: token}})
+        .then(session => {
+            session.destroy();
+        });
+    var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
+    res.clearCookie('sdsession', { domain: domain });
+    console.log("clear Cookie on error")
+    res.redirect("/login");
+    }
+}
+
 router.get('/logout', (req, res) => {
-  res.render('spacedeck', { config:config, user:req.user });
+    console.log("logout pressed")
+    if (req.user == null) {
+        console.log("req.user == null");
+        return res.redirect('/');
+    }
+    samlLogout(req,res);
 });
 
+router.get('/saml/SLO', (req, res, next) => {
+        console.log("received logout request");
+        var token=req.cookies['sdsession'];
+        if(token) {
+            return next();
+        } else {
+            return res.redirect('/'); //best be landing page of everything
+        }
+    },
+    samlLogout
+);
+
 router.get('/t/:id', (req, res) => {
   res.cookie('spacedeck_locale', req.params.id, { maxAge: 900000, httpOnly: true });
   var path = "/";
-- 
GitLab