@yrpri/api 9.0.132 → 9.0.134

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/app.js +1 -0
  2. package/controllers/users.cjs +42 -7
  3. package/models/domain.cjs +3 -0
  4. package/package.json +1 -1
  5. package/scripts/domains/importDomainsFromXls.js +5 -3
  6. package/scripts/keys/addOidcToDomain.cjs +3 -1
package/app.js CHANGED
@@ -486,6 +486,7 @@ export class YourPrioritiesApi {
486
486
  this.app.use((req, res, next) => {
487
487
  if (req.url.indexOf("/auth") > -1 ||
488
488
  req.url.indexOf("/login") > -1 ||
489
+ req.url.indexOf("/logout") > -1 ||
489
490
  req.url.indexOf("saml_assertion") > -1) {
490
491
  sso.init(req.ypDomain?.loginHosts, req.ypDomain?.loginProviders, {
491
492
  authorize: this.bearerCallback,
package/controllers/users.cjs CHANGED
@@ -15,20 +15,35 @@ const randomstring = require('randomstring');
15
15
  const { sendPlausibleFavicon } = require("../services/engine/analytics/plausible/manager.cjs");
16
16
  var getAllModeratedItemsByUser = require('../services/engine/moderation/get_moderation_items.cjs').getAllModeratedItemsByUser;
17
17
  const performSingleModerationAction = require('../services/engine/moderation/process_moderation_items.cjs').performSingleModerationAction;
18
- const logoutFromSession = (req, res, statusCode = 200) => {
18
+ const logoutFromSession = (req, res, statusCode = 200, callback) => {
19
19
  if (req.session) {
20
20
  req.session.destroy((err) => {
21
21
  if (err) {
22
22
  log.error("Error on destroying session", { err });
23
- return res.sendStatus(500);
23
+ if (!callback) {
24
+ return res.sendStatus(500);
25
+ }
26
+ else {
27
+ return callback(err);
28
+ }
24
29
  }
25
30
  res.clearCookie('yrpri.sid', { path: '/' });
26
31
  log.info("Session destroyed successfully");
27
- res.sendStatus(statusCode);
32
+ if (callback) {
33
+ callback();
34
+ }
35
+ else {
36
+ res.sendStatus(statusCode);
37
+ }
28
38
  });
29
39
  }
30
40
  else {
31
- res.sendStatus(statusCode);
41
+ if (callback) {
42
+ callback();
43
+ }
44
+ else {
45
+ res.sendStatus(statusCode);
46
+ }
32
47
  }
33
48
  };
34
49
  var sendUserOrError = function (res, user, context, error, errorStatus) {
@@ -1422,14 +1437,31 @@ router.delete('/anonymize_current_user', function (req, res) {
1422
1437
  }
1423
1438
  });
1424
1439
  router.post('/logout', function (req, res) {
1425
- log.info("Anon debug logout");
1426
1440
  if (req.isAuthenticated()) {
1427
1441
  log.info('User Logging out', { userId: req.user.id, context: 'logout' });
1428
1442
  }
1429
1443
  else {
1430
1444
  log.warn('User Logging out but not logged in', { context: 'logout' });
1431
1445
  }
1432
- logoutFromSession(req, res);
1446
+ const oidcProvider = req.ypDomain &&
1447
+ req.ypDomain.loginProviders &&
1448
+ req.ypDomain.loginProviders.find((p) => p.provider === 'oidc');
1449
+ log.info("oidcProvider", { oidcProvider });
1450
+ if (req.sso && oidcProvider && oidcProvider.endSessionURL) {
1451
+ log.info("Logging out from OIDC");
1452
+ logoutFromSession(req, res, 200, () => {
1453
+ log.info("Logging out from OIDC", { oidcProvider });
1454
+ req.sso.logout(oidcProvider.name, { postLogoutRedirectUri: '/' }, req, res, (error) => {
1455
+ if (error) {
1456
+ log.error('Error logging out from OIDC', { err: error });
1457
+ res.sendStatus(500);
1458
+ }
1459
+ });
1460
+ });
1461
+ }
1462
+ else {
1463
+ logoutFromSession(req, res);
1464
+ }
1433
1465
  });
1434
1466
  // Reset password
1435
1467
  router.post('/forgot_password', function (req, res) {
@@ -2257,7 +2289,10 @@ router.get('/auth/audkenni/callback', async function (req, res) {
2257
2289
  }
2258
2290
  }
2259
2291
  else {
2260
- if (process.env.REDIRECT_TO_ROOT_AFTER_OIDC) {
2292
+ if (process.env.REDIRECT_AFTER_AUDKENNI_URL) {
2293
+ res.redirect(process.env.REDIRECT_AFTER_AUDKENNI_URL);
2294
+ }
2295
+ else if (process.env.REDIRECT_TO_ROOT_AFTER_OIDC) {
2261
2296
  res.redirect('/');
2262
2297
  }
2263
2298
  else {
package/models/domain.cjs CHANGED
@@ -237,6 +237,7 @@ module.exports = (sequelize, DataTypes) => {
237
237
  authorizationURL: domain.secret_api_keys.oidc.authorizationURL,
238
238
  tokenURL: domain.secret_api_keys.oidc.tokenURL,
239
239
  userInfoURL: domain.secret_api_keys.oidc.userInfoURL,
240
+ endSessionURL: domain.secret_api_keys.oidc.endSessionURL,
240
241
  callbackUrl: "https://" +
241
242
  callbackDomainName +
242
243
  "/api/users/auth/audkenni/callback",
@@ -337,6 +338,7 @@ module.exports = (sequelize, DataTypes) => {
337
338
  req.ypDomain = domain;
338
339
  if (req.url.indexOf("/auth") > -1 ||
339
340
  req.url.indexOf("/login") > -1 ||
341
+ req.url.indexOf("/logout") > -1 ||
340
342
  req.url.indexOf("saml_assertion") > -1) {
341
343
  sequelize.models.Domain.getLoginProviders(req, domain, (error, providers) => {
342
344
  req.ypDomain.loginProviders = providers;
@@ -363,6 +365,7 @@ module.exports = (sequelize, DataTypes) => {
363
365
  req.ypDomain = domain;
364
366
  if (req.url.indexOf("/auth") > -1 ||
365
367
  req.url.indexOf("/login") > -1 ||
368
+ req.url.indexOf("/logout") > -1 ||
366
369
  req.url.indexOf("saml_assertion") > -1) {
367
370
  sequelize.models.Domain.getLoginProviders(req, domain, (error, providers) => {
368
371
  log.info("Login Providers", { providers });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@yrpri/api",
3
- "version": "9.0.132",
3
+ "version": "9.0.134",
4
4
  "license": "MIT",
5
5
  "author": "Robert Bjarnason & Citizens Foundation",
6
6
  "repository": {
package/scripts/domains/importDomainsFromXls.js CHANGED
@@ -2,9 +2,9 @@ import ExcelJS from 'exceljs';
2
2
  import models from '../../models/index.cjs';
3
3
  (async () => {
4
4
  try {
5
- const [xlsPath, clientId, clientSecret, issuer, authorizationURL, tokenURL, userInfoURL,] = process.argv.slice(2);
5
+ const [xlsPath, clientId, clientSecret, issuer, authorizationURL, tokenURL, userInfoURL, endSessionURL,] = process.argv.slice(2);
6
6
  if (!xlsPath) {
7
- console.log('Usage: node importDomainsFromXls.js <path-to-xls> [clientId clientSecret issuer authorizationURL tokenURL userInfoURL]');
7
+ console.log('Usage: node importDomainsFromXls.js <path-to-xls> [clientId clientSecret issuer authorizationURL tokenURL userInfoURL endSessionURL]');
8
8
  process.exit(1);
9
9
  }
10
10
  const oidcProvided = clientId &&
@@ -12,7 +12,8 @@ import models from '../../models/index.cjs';
12
12
  issuer &&
13
13
  authorizationURL &&
14
14
  tokenURL &&
15
- userInfoURL;
15
+ userInfoURL &&
16
+ endSessionURL;
16
17
  const workbook = new ExcelJS.Workbook();
17
18
  await workbook.xlsx.readFile(xlsPath);
18
19
  const worksheet = workbook.getWorksheet(1);
@@ -29,6 +30,7 @@ import models from '../../models/index.cjs';
29
30
  authorizationURL,
30
31
  tokenURL,
31
32
  userInfoURL,
33
+ endSessionURL,
32
34
  }
33
35
  : null;
34
36
  for (let i = 2; i <= worksheet.rowCount; i++) {
package/scripts/keys/addOidcToDomain.cjs CHANGED
@@ -8,6 +8,7 @@ const issuer = process.argv[5];
8
8
  const authorizationURL = process.argv[6];
9
9
  const tokenURL = process.argv[7];
10
10
  const userInfoURL = process.argv[8];
11
+ const endSessionURL = process.argv[9];
11
12
  console.log(`Updating OIDC keys for domain ${domainId}`);
12
13
  async.series([
13
14
  function (callback) {
@@ -29,7 +30,8 @@ async.series([
29
30
  issuer: issuer,
30
31
  authorizationURL: authorizationURL,
31
32
  tokenURL: tokenURL,
32
- userInfoURL: userInfoURL
33
+ userInfoURL: userInfoURL,
34
+ endSessionURL: endSessionURL
33
35
  };
34
36
  console.log("Updated secret_api_keys:", JSON.stringify(domain.secret_api_keys, null, 2));
35
37
  domain.changed('secret_api_keys', true);