[jira] [Work logged] (KNOX-2972) Logout page URL may take query parameters

Fri, 20 Oct 2023 06:15:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2972?focusedWorklogId=886402&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-886402
 ]

ASF GitHub Bot logged work on KNOX-2972:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/Oct/23 13:14
            Start Date: 20/Oct/23 13:14
    Worklog Time Spent: 10m 
      Work Description: smolnar82 opened a new pull request, #808:
URL: https://github.com/apache/knox/pull/808

   ## What changes were proposed in this pull request?
   
   Updated the `api/v1/sessioninfo` REST API endpoint in {{SessionResouce}} in 
a way such that it can generate a `logoutPageUrl` (used by the application 
logout link in Knox's logout flow) with `profile` and `topologies` query 
parameters in the `originalUrl` part.
   
   ## How was this patch tested?
   
   Using `curl`:
   
   1. Without any query params:
   ```
   $ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET 
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo";
   HTTP/1.1 200 OK
   Date: Fri, 20 Oct 2023 10:47:30 GMT
   X-Frame-Options: SAMEORIGIN
   X-XSS-Protection: 1;mode=block
   Content-Type: application/xml
   Content-Length: 574
   
   <?xml version="1.0" encoding="UTF-8"?>
   <sessioninfo>
      <user>admin</user>
      
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
      
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home</logoutPageUrl>
      
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
      <canSeeAllTokens>true</canSeeAllTokens>
      
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
   </sessioninfo>
   ```
   
   2. Only with the `logoutPageProfile` param:
   ```
   $ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET 
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageProfile=token";
   HTTP/1.1 200 OK
   Date: Fri, 20 Oct 2023 10:48:05 GMT
   X-Frame-Options: SAMEORIGIN
   X-XSS-Protection: 1;mode=block
   Content-Type: application/xml
   Content-Length: 588
   
   <?xml version="1.0" encoding="UTF-8"?>
   <sessioninfo>
      <user>admin</user>
      
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
      
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Fprofile=token</logoutPageUrl>
      
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
      <canSeeAllTokens>true</canSeeAllTokens>
      
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
   </sessioninfo>
   ```
   3. Only with the `logoutPageTopologies` param:
   ```
   $ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET 
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageTopologies=sandbox";
   HTTP/1.1 200 OK
   Date: Fri, 20 Oct 2023 10:48:52 GMT
   X-Frame-Options: SAMEORIGIN
   X-XSS-Protection: 1;mode=block
   Content-Type: application/xml
   Content-Length: 593
   
   <?xml version="1.0" encoding="UTF-8"?>
   <sessioninfo>
      <user>admin</user>
      
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
      
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Ftopologies=sandbox</logoutPageUrl>
      
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
      <canSeeAllTokens>true</canSeeAllTokens>
      
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
   </sessioninfo>
   ```
   4. Both with 'logoutPageProfile' and `logoutPageTopologies` params:
   ```
   $ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET 
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageTopologies=sandbox&logoutPageProfile=full";
   HTTP/1.1 200 OK
   Date: Fri, 20 Oct 2023 08:07:26 GMT
   X-Frame-Options: SAMEORIGIN
   X-XSS-Protection: 1;mode=block
   Content-Type: application/xml
   Content-Length: 610
   
   <?xml version="1.0" encoding="UTF-8"?>
   <sessioninfo>
      <user>admin</user>
      
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
      
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Fprofile=full%26topologies=sandbox</logoutPageUrl>
      
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
      <canSeeAllTokens>true</canSeeAllTokens>
      
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
   </sessioninfo>
   ```
   
   I also tested the entire flow by temporarily modifying the `home` 
application. I updated the 
[sessionUrl](https://github.com/apache/knox/blob/master/knox-homepage-ui/home/app/homepage.service.ts#L33)
 variable:
   ```
   sessionUrl = this.topologyContext + 'session/api/v1/sessioninfo'
   ```
   became
   ```
   sessionUrl = this.topologyContext + 
'session/api/v1/sessioninfo?logoutPageProfile=token&logoutPageTopologies=sandbox'
   ```
   After I redeployed Knox I confirmed that I got the correct link on the 
logout page and after clicking the `Return to Application` link and logging in 
again, the given query parameters were applied.
   <img width="1787" alt="Screenshot 2023-10-20 at 15 12 42" 
src="https://github.com/apache/knox/assets/34065904/43e20f67-0f26-47e6-b1d6-757c507a7b9c";>
   <img width="1784" alt="Screenshot 2023-10-20 at 15 13 53" 
src="https://github.com/apache/knox/assets/34065904/996bdb8a-0418-4138-84cc-45a52bd77f10";>
   <img width="1787" alt="Screenshot 2023-10-20 at 15 14 13" 
src="https://github.com/apache/knox/assets/34065904/2a0fb66f-227f-4055-8407-7446418cc621";>
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 886402)
    Remaining Estimate: 0h
            Time Spent: 10m

> Logout page URL may take query parameters
> -----------------------------------------
>
>                 Key: KNOX-2972
>                 URL: https://issues.apache.org/jira/browse/KNOX-2972
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Homepage
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 2.1.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently, the logout page URL contains a hard-coded {{originalUrl}} that 
> points to the Knox Home page without any {{profile}} or {{topologies}} query 
> parameter. In some cases, it would be beneficial to pass any of those params 
> when logging out from the application.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to