Fix: Proper logout

- add proper logout url - proof that with firefox, somehow, the RequireAuth plug gets called after logout
fschoenfeldt · Jun 29, 2023 · fdc2ac0 · fdc2ac0
1 parent 74aa5c4
commit fdc2ac0
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 10 deletions.
diff --git a/auth0/clients/Fotohaecker Uberspace.json b/auth0/clients/Fotohaecker Uberspace.json
@@ -16,9 +16,12 @@
   },
   "allowed_clients": [],
   "allowed_logout_urls": [
-    "http://localhost:1337/fh/auth/logout",
-    "http://localhost:1338/fh/auth/logout",
-    "https://fschoenf.uber.space/fh/auth/logout"
+    "http://localhost:1337/fh/de_DE",
+    "http://localhost:1337/fh/en_US",
+    "http://localhost:1338/fh/de_DE",
+    "http://localhost:1338/fh/en_US",
+    "https://fschoenf.uber.space/fh/de_DE",
+    "https://fschoenf.uber.space/fh/en_US"
   ],
   "callbacks": [
     "http://localhost:1337/fh/auth/auth0/callback",
@@ -48,6 +51,10 @@
     "refresh_token",
     "client_credentials"
   ],
-  "web_origins": ["http://localhost:1337", "http://localhost:1338", "https://fschoenf.uber.space/"],
+  "web_origins": [
+    "http://localhost:1337",
+    "http://localhost:1338",
+    "https://fschoenf.uber.space/"
+  ],
   "custom_login_page_on": true
 }
diff --git a/lib/fotohaecker_web/controllers/auth_controller.ex b/lib/fotohaecker_web/controllers/auth_controller.ex
@@ -19,13 +19,22 @@ defmodule FotohaeckerWeb.AuthController do
     |> redirect(external: Helpers.auth_path(conn, :request, provider))
   end
 
-  def delete(conn, _params) do
+  def logout(conn, _params) do
     locale = locale_from_session(conn)
+    domain = System.get_env("AUTH0_DOMAIN")
+    client_id = System.get_env("AUTH0_CLIENT_ID")
+
+    return_to =
+      conn
+      |> Helpers.index_home_url(:home, locale)
+      |> URI.encode_www_form()
+
+    logout_url = "https://#{domain}/v2/logout?returnTo=#{return_to}&client_id=#{client_id}"
 
     conn
     |> put_flash(:info, FotohaeckerWeb.Gettext.gettext("You have been logged out!"))
     |> clear_session()
-    |> redirect(to: Helpers.index_home_path(conn, :home, locale))
+    |> redirect(external: logout_url)
   end
 
   def callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
@@ -90,7 +99,7 @@ defmodule FotohaeckerWeb.AuthController do
     end
   end
 
-  defp locale_from_session(conn) do
+  def locale_from_session(conn) do
     fallback_locale = Gettext.get_locale(FotohaeckerWeb.Gettext)
 
     conn

diff --git a/lib/fotohaecker_web/controllers/page_controller.ex b/lib/fotohaecker_web/controllers/page_controller.ex
@@ -1,7 +1,29 @@
 defmodule FotohaeckerWeb.PageController do
   use FotohaeckerWeb, :controller
 
+  import FotohaeckerWeb.AuthController, only: [locale_from_session: 1]
+
+  alias FotohaeckerWeb.Router.Helpers
+
   def index(conn, _params) do
     render(conn, "index.html")
   end
+
+  def logout(conn, _params) do
+    locale = locale_from_session(conn)
+    domain = System.get_env("AUTH0_DOMAIN")
+    client_id = System.get_env("AUTH0_CLIENT_ID")
+
+    return_to =
+      conn
+      |> Helpers.index_home_url(:home, locale)
+      |> URI.encode_www_form()
+
+    logout_url = "https://#{domain}/v2/logout?returnTo=#{return_to}&client_id=#{client_id}"
+
+    conn
+    |> put_flash(:info, FotohaeckerWeb.Gettext.gettext("You have been logged out!"))
+    |> clear_session()
+    |> redirect(external: logout_url)
+  end
 end
diff --git a/lib/fotohaecker_web/live/user_live/index.ex b/lib/fotohaecker_web/live/user_live/index.ex
@@ -32,7 +32,13 @@ defmodule FotohaeckerWeb.UserLive.Index do
       </.form>
       <.link
         class="btn btn--red flex items-center gap-2 max-w-max"
-        href={Routes.auth_path(FotohaeckerWeb.Endpoint, :delete)}
+        href={
+          Routes.page_path(
+            FotohaeckerWeb.Endpoint,
+            :logout,
+            Gettext.get_locale(FotohaeckerWeb.Gettext)
+          )
+        }
       >
         <span class="text-white">
           <%= gettext("logout") %>

diff --git a/lib/fotohaecker_web/plugs/require_auth.ex b/lib/fotohaecker_web/plugs/require_auth.ex
@@ -24,7 +24,7 @@ defmodule FotohaeckerWeb.Plugs.RequireAuth do
         :error,
         "You must be logged in to access this page."
       )
-      |> Phoenix.Controller.redirect(to: Routes.index_home_path(conn, :home))
+      |> Phoenix.Controller.redirect(external: "https://google.com")
     end
   end
 end
diff --git a/lib/fotohaecker_web/router.ex b/lib/fotohaecker_web/router.ex
@@ -37,10 +37,10 @@ defmodule FotohaeckerWeb.Router do
     live "/:locale/photos/:id", PhotoLive.Show, :show
     post "/:locale/search", SearchController, :search
     live "/:locale/search", SearchLive.Search, :index
+    get "/:locale/logout", PageController, :logout
 
     scope "/auth" do
       get "/login", AuthController, :login
-      get "/logout", AuthController, :delete
       get "/:provider", AuthController, :request
       get "/:provider/callback", AuthController, :callback
       post "/:provider/callback", AuthController, :callback