WIP: Single SignOut for Geo

fe1288ff · Gabriel Mazetto · 6331bc87 · fe1288ff · fe1288ff · fe1288ff
Commit fe1288ff authored May 04, 2016 by Gabriel Mazetto
5 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -118,7 +118,7 @@ class ApplicationController < ActionController::Base

  def after_sign_out_path_for(resource)
    if Gitlab::Geo.secondary?
-      Gitlab::Geo.primary_node.url
+      Gitlab::Geo.primary_node.oauth_logout_url(session[:access_token])
    else
      current_application_settings.after_sign_out_path.presence || new_user_session_path
    end

--- a/app/controllers/oauth/geo_auth_controller.rb
+++ b/app/controllers/oauth/geo_auth_controller.rb
@@ -25,6 +25,7 @@ class Oauth::GeoAuthController < ActionController::Base
    user = User.find(remote_user['id'])

    if user && sign_in(user, bypass: true)
+      session[:access_token] = token
      return_to = oauth.get_oauth_state_return_to
      redirect_to(return_to || root_path)
    else
@@ -32,6 +33,16 @@ class Oauth::GeoAuthController < ActionController::Base
    end
  end

+  def logout
+    oauth = Gitlab::Geo::OauthSession.new(state: params[:state])
+
+    if oauth.is_logout_state_valid?(params[:token])
+      sign_out current_user
+    end
+
+    redirect_to root_path
+  end
+
  private

  def undefined_oauth_application

--- a/app/models/geo_node.rb
+++ b/app/models/geo_node.rb
@@ -69,6 +69,12 @@ class GeoNode < ActiveRecord::Base
    URI.join(uri, "#{uri.path}/", 'oauth/geo/callback').to_s
  end

+  def oauth_logout_url(access_token)
+    logout_uri = URI.join(uri, "#{uri.path}/", 'oauth/geo/logout')
+    logout_uri.query="token=#{access_token}"
+    logout_uri.to_s
+  end
+
  def missing_oauth_application?
    self.primary? ? false : !oauth_application.present?
  end

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -56,6 +56,7 @@ Rails.application.routes.draw do
  namespace :oauth do
    get 'geo/auth' => 'geo_auth#auth'
    get 'geo/callback' => 'geo_auth#callback'
+    get 'geo/logout' => 'geo_auth#logout'
  end

  # Autocomplete

--- a/lib/gitlab/geo/oauth_session.rb
+++ b/lib/gitlab/geo/oauth_session.rb
@@ -14,6 +14,12 @@ module Gitlab
        hmac == generate_oauth_hmac(salt, return_to)
      end

+      def is_logout_state_valid?(access_token)
+        return false unless state
+        salt, hmac = state.split(':', 2)
+        hmac == generate_oauth_hmac(salt, access_token)
+      end
+
      def generate_oauth_state
        return unless return_to
        hmac = generate_oauth_hmac(oauth_salt, return_to)