diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2025-05-21 09:21:42 +0200 |
---|---|---|
committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2025-07-18 11:57:34 +0200 |
commit | fcc6f60a019b77e1c76b3c6c0576bf3527d6689c (patch) | |
tree | 3c3a3b00b54498d94778bed4add86fd7b100ae8c | |
parent | daeb1e3a67121262c2a6d7b6fd96a9fdb11ad6f7 (diff) | |
download | nextcloud-server-fix/auth/logout-redirect-url.tar.gz nextcloud-server-fix/auth/logout-redirect-url.zip |
fix(auth): preserve redirect URL after logoutfix/auth/logout-redirect-url
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
-rw-r--r-- | core/Controller/LoginController.php | 7 | ||||
-rw-r--r-- | core/Controller/TwoFactorChallengeController.php | 12 | ||||
-rw-r--r-- | lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php | 14 | ||||
-rw-r--r-- | lib/private/legacy/OC_User.php | 11 |
4 files changed, 25 insertions, 19 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 5a21d27898f..1eb6276a324 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -77,7 +77,7 @@ class LoginController extends Controller { #[NoAdminRequired] #[UseSession] #[FrontpageRoute(verb: 'GET', url: '/logout')] - public function logout() { + public function logout(?string $redirect_url = null) { $loginToken = $this->request->getCookie('nc_token'); if (!is_null($loginToken)) { $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken); @@ -86,7 +86,10 @@ class LoginController extends Controller { $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute( 'core.login.showLoginForm', - ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + [ + 'clear' => true, // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + 'redirect_url' => $redirect_url, + ], )); $this->session->set('clearingExecutionContexts', '1'); diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php index 4791139bb12..32e3464aa67 100644 --- a/core/Controller/TwoFactorChallengeController.php +++ b/core/Controller/TwoFactorChallengeController.php @@ -45,8 +45,8 @@ class TwoFactorChallengeController extends Controller { /** * @return string */ - protected function getLogoutUrl() { - return OC_User::getLogoutUrl($this->urlGenerator); + protected function getLogoutUrl(?string $redirectUrl = null): string { + return OC_User::getLogoutUrl($this->urlGenerator, $redirectUrl); } /** @@ -87,7 +87,7 @@ class TwoFactorChallengeController extends Controller { 'backupProvider' => $backupProvider, 'providerMissing' => $providerSet->isProviderMissing(), 'redirect_url' => $redirect_url, - 'logout_url' => $this->getLogoutUrl(), + 'logout_url' => $this->getLogoutUrl($redirect_url), 'hasSetupProviders' => !empty($setupProviders), ]; Util::addScript('core', 'twofactor-request-token'); @@ -135,7 +135,7 @@ class TwoFactorChallengeController extends Controller { 'error_message' => $errorMessage, 'provider' => $provider, 'backupProvider' => $backupProvider, - 'logout_url' => $this->getLogoutUrl(), + 'logout_url' => $this->getLogoutUrl($redirect_url), 'redirect_url' => $redirect_url, 'template' => $tmpl->fetchPage(), ]; @@ -203,7 +203,7 @@ class TwoFactorChallengeController extends Controller { $data = [ 'providers' => $setupProviders, - 'logout_url' => $this->getLogoutUrl(), + 'logout_url' => $this->getLogoutUrl($redirect_url), 'redirect_url' => $redirect_url, ]; @@ -234,7 +234,7 @@ class TwoFactorChallengeController extends Controller { $tmpl = $provider->getLoginSetup($user)->getBody(); $data = [ 'provider' => $provider, - 'logout_url' => $this->getLogoutUrl(), + 'logout_url' => $this->getLogoutUrl($redirect_url), 'redirect_url' => $redirect_url, 'template' => $tmpl->fetchPage(), ]; diff --git a/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php index e770fa4cbff..e10ea63fed1 100644 --- a/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php @@ -11,6 +11,7 @@ namespace OC\AppFramework\Middleware\Security; use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Middleware; +use OCP\IRequest; use OCP\ISession; use OCP\IURLGenerator; @@ -19,12 +20,10 @@ use OCP\IURLGenerator; * a reload but if the session variable is set we properly redirect to the login page. */ class ReloadExecutionMiddleware extends Middleware { - /** @var ISession */ - private $session; - /** @var IURLGenerator */ - private $urlGenerator; - public function __construct(ISession $session, IURLGenerator $urlGenerator) { + public function __construct(private ISession $session, + private IURLGenerator $urlGenerator, + private IRequest $request) { $this->session = $session; $this->urlGenerator = $urlGenerator; } @@ -41,7 +40,10 @@ class ReloadExecutionMiddleware extends Middleware { return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute( 'core.login.showLoginForm', - ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + [ + 'clear' => true, // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + 'redirect_url' => $this->request->getParam('redirect_url'), + ], )); } diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php index e5343864c45..89cd4c4fa5f 100644 --- a/lib/private/legacy/OC_User.php +++ b/lib/private/legacy/OC_User.php @@ -284,7 +284,8 @@ class OC_User { * @param \OCP\IURLGenerator $urlGenerator * @return string */ - public static function getLogoutUrl(\OCP\IURLGenerator $urlGenerator) { + public static function getLogoutUrl(\OCP\IURLGenerator $urlGenerator, + ?string $redirectUrl = null): string { $backend = self::findFirstActiveUsedBackend(); if ($backend) { return $backend->getLogoutUrl(); @@ -298,10 +299,10 @@ class OC_User { } } - $logoutUrl = $urlGenerator->linkToRoute('core.login.logout'); - $logoutUrl .= '?requesttoken=' . urlencode(\OCP\Util::callRegister()); - - return $logoutUrl; + return $urlGenerator->linkToRoute('core.login.logout', [ + 'requesttoken' => \OCP\Util::callRegister(), + 'redirect_url' => $redirectUrl, + ]); } /** |