-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Fix #26622: Suppress auto-redirect after explicit logout for SSO providers #26757
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -177,6 +177,8 @@ export const AuthProvider = ({ | |
| const onLogoutHandler = useCallback(async () => { | ||
| clearTimeout(timeoutId); | ||
|
|
||
| sessionStorage.setItem('om_explicit_logout', 'true'); | ||
|
|
||
|
Comment on lines
+180
to
+181
|
||
| // Let SSO complete the logout process | ||
| await authenticatorRef.current?.invokeLogout(); | ||
|
Comment on lines
177
to
183
|
||
|
|
||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -139,6 +139,30 @@ describe('Test SignInPage Component', () => { | |
| expect(signinButton).toBeInTheDocument(); | ||
| }); | ||
|
|
||
| it('should NOT auto-redirect after explicit logout', async () => { | ||
| sessionStorage.setItem('om_explicit_logout', 'true'); | ||
|
|
||
|
Comment on lines
+142
to
+144
|
||
| const onLoginHandler = jest.fn(); | ||
| mockUseAuthProvider.mockReturnValue({ onLoginHandler }); | ||
|
|
||
| mockuseApplicationStore.mockReturnValue({ | ||
| isAuthDisabled: false, | ||
| authConfig: { provider: 'azure', enableAutoRedirect: true }, | ||
| onLogoutHandler: jest.fn(), | ||
| getOidcToken: jest.fn(), | ||
| }); | ||
|
|
||
| const { container } = render(<SignInPage />, { | ||
| wrapper: MemoryRouter, | ||
| }); | ||
|
|
||
| const signinButton = await findByText(container, /label.sign-in-with-sso/i); | ||
|
|
||
| expect(signinButton).toBeInTheDocument(); | ||
| expect(onLoginHandler).not.toHaveBeenCalled(); | ||
| expect(sessionStorage.getItem('om_explicit_logout')).toBeNull(); | ||
| }); | ||
|
|
||
| it('SSO providers should auto-redirect when enableAutoRedirect is true', async () => { | ||
| const onLoginHandler = jest.fn(); | ||
| mockUseAuthProvider.mockReturnValue({ onLoginHandler }); | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -68,6 +68,17 @@ const SignInPage = () => { | |
|
|
||
| const { handleLogin } = useBasicAuth(); | ||
|
|
||
| const isPostLogout = useMemo(() => { | ||
| const flag = sessionStorage.getItem('om_explicit_logout'); | ||
| if (flag) { | ||
| sessionStorage.removeItem('om_explicit_logout'); | ||
|
|
||
|
||
| return true; | ||
| } | ||
|
|
||
| return false; | ||
| }, []); | ||
gitar-bot[bot] marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| const handleSignIn = useCallback(() => { | ||
| onLoginHandler && onLoginHandler(); | ||
| }, [onLoginHandler]); | ||
|
|
@@ -76,7 +87,8 @@ const SignInPage = () => { | |
| authConfig?.enableAutoRedirect && | ||
| !isAuthProviderBasic && | ||
| !isAuthenticated && | ||
| Boolean(onLoginHandler); | ||
| Boolean(onLoginHandler) && | ||
| !isPostLogout; | ||
|
|
||
| useLayoutEffect(() => { | ||
| if (shouldAutoRedirect && !hasTriggeredAutoRedirect.current) { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sessionStorage.setItem(...)can throw (e.g., storage disabled, quota exceeded), which would abort the logout flow beforeinvokeLogout()runs and could leave the app in a partially logged-out state. Wrap this flag write in a try/catch (and optionally guard fortypeof window !== 'undefined') so logout remains reliable even if storage is unavailable.