aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2025-05-21 09:21:42 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2025-07-18 11:57:34 +0200
commitfcc6f60a019b77e1c76b3c6c0576bf3527d6689c (patch)
tree3c3a3b00b54498d94778bed4add86fd7b100ae8c
parentdaeb1e3a67121262c2a6d7b6fd96a9fdb11ad6f7 (diff)
downloadnextcloud-server-fix/auth/logout-redirect-url.tar.gz
nextcloud-server-fix/auth/logout-redirect-url.zip
fix(auth): preserve redirect URL after logoutfix/auth/logout-redirect-url
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
-rw-r--r--core/Controller/LoginController.php7
-rw-r--r--core/Controller/TwoFactorChallengeController.php12
-rw-r--r--lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php14
-rw-r--r--lib/private/legacy/OC_User.php11
4 files changed, 25 insertions, 19 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 5a21d27898f..1eb6276a324 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -77,7 +77,7 @@ class LoginController extends Controller {
#[NoAdminRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/logout')]
- public function logout() {
+ public function logout(?string $redirect_url = null) {
$loginToken = $this->request->getCookie('nc_token');
if (!is_null($loginToken)) {
$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
@@ -86,7 +86,10 @@ class LoginController extends Controller {
$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
'core.login.showLoginForm',
- ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ [
+ 'clear' => true, // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ 'redirect_url' => $redirect_url,
+ ],
));
$this->session->set('clearingExecutionContexts', '1');
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index 4791139bb12..32e3464aa67 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -45,8 +45,8 @@ class TwoFactorChallengeController extends Controller {
/**
* @return string
*/
- protected function getLogoutUrl() {
- return OC_User::getLogoutUrl($this->urlGenerator);
+ protected function getLogoutUrl(?string $redirectUrl = null): string {
+ return OC_User::getLogoutUrl($this->urlGenerator, $redirectUrl);
}
/**
@@ -87,7 +87,7 @@ class TwoFactorChallengeController extends Controller {
'backupProvider' => $backupProvider,
'providerMissing' => $providerSet->isProviderMissing(),
'redirect_url' => $redirect_url,
- 'logout_url' => $this->getLogoutUrl(),
+ 'logout_url' => $this->getLogoutUrl($redirect_url),
'hasSetupProviders' => !empty($setupProviders),
];
Util::addScript('core', 'twofactor-request-token');
@@ -135,7 +135,7 @@ class TwoFactorChallengeController extends Controller {
'error_message' => $errorMessage,
'provider' => $provider,
'backupProvider' => $backupProvider,
- 'logout_url' => $this->getLogoutUrl(),
+ 'logout_url' => $this->getLogoutUrl($redirect_url),
'redirect_url' => $redirect_url,
'template' => $tmpl->fetchPage(),
];
@@ -203,7 +203,7 @@ class TwoFactorChallengeController extends Controller {
$data = [
'providers' => $setupProviders,
- 'logout_url' => $this->getLogoutUrl(),
+ 'logout_url' => $this->getLogoutUrl($redirect_url),
'redirect_url' => $redirect_url,
];
@@ -234,7 +234,7 @@ class TwoFactorChallengeController extends Controller {
$tmpl = $provider->getLoginSetup($user)->getBody();
$data = [
'provider' => $provider,
- 'logout_url' => $this->getLogoutUrl(),
+ 'logout_url' => $this->getLogoutUrl($redirect_url),
'redirect_url' => $redirect_url,
'template' => $tmpl->fetchPage(),
];
diff --git a/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php
index e770fa4cbff..e10ea63fed1 100644
--- a/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php
@@ -11,6 +11,7 @@ namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Middleware;
+use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator;
@@ -19,12 +20,10 @@ use OCP\IURLGenerator;
* a reload but if the session variable is set we properly redirect to the login page.
*/
class ReloadExecutionMiddleware extends Middleware {
- /** @var ISession */
- private $session;
- /** @var IURLGenerator */
- private $urlGenerator;
- public function __construct(ISession $session, IURLGenerator $urlGenerator) {
+ public function __construct(private ISession $session,
+ private IURLGenerator $urlGenerator,
+ private IRequest $request) {
$this->session = $session;
$this->urlGenerator = $urlGenerator;
}
@@ -41,7 +40,10 @@ class ReloadExecutionMiddleware extends Middleware {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
'core.login.showLoginForm',
- ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ [
+ 'clear' => true, // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ 'redirect_url' => $this->request->getParam('redirect_url'),
+ ],
));
}
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index e5343864c45..89cd4c4fa5f 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -284,7 +284,8 @@ class OC_User {
* @param \OCP\IURLGenerator $urlGenerator
* @return string
*/
- public static function getLogoutUrl(\OCP\IURLGenerator $urlGenerator) {
+ public static function getLogoutUrl(\OCP\IURLGenerator $urlGenerator,
+ ?string $redirectUrl = null): string {
$backend = self::findFirstActiveUsedBackend();
if ($backend) {
return $backend->getLogoutUrl();
@@ -298,10 +299,10 @@ class OC_User {
}
}
- $logoutUrl = $urlGenerator->linkToRoute('core.login.logout');
- $logoutUrl .= '?requesttoken=' . urlencode(\OCP\Util::callRegister());
-
- return $logoutUrl;
+ return $urlGenerator->linkToRoute('core.login.logout', [
+ 'requesttoken' => \OCP\Util::callRegister(),
+ 'redirect_url' => $redirectUrl,
+ ]);
}
/**