smolnar82 opened a new pull request, #808:
URL: https://github.com/apache/knox/pull/808
## What changes were proposed in this pull request?
Updated the `api/v1/sessioninfo` REST API endpoint in {{SessionResouce}} in
a way such that it can generate a `logoutPageUrl` (used by the application
logout link in Knox's logout flow) with `profile` and `topologies` query
parameters in the `originalUrl` part.
## How was this patch tested?
Using `curl`:
1. Without any query params:
```
$ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo";
HTTP/1.1 200 OK
Date: Fri, 20 Oct 2023 10:47:30 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Type: application/xml
Content-Length: 574
<?xml version="1.0" encoding="UTF-8"?>
<sessioninfo>
<user>admin</user>
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home</logoutPageUrl>
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
<canSeeAllTokens>true</canSeeAllTokens>
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
</sessioninfo>
```
2. Only with the `logoutPageProfile` param:
```
$ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageProfile=token";
HTTP/1.1 200 OK
Date: Fri, 20 Oct 2023 10:48:05 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Type: application/xml
Content-Length: 588
<?xml version="1.0" encoding="UTF-8"?>
<sessioninfo>
<user>admin</user>
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Fprofile=token</logoutPageUrl>
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
<canSeeAllTokens>true</canSeeAllTokens>
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
</sessioninfo>
```
3. Only with the `logoutPageTopologies` param:
```
$ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageTopologies=sandbox";
HTTP/1.1 200 OK
Date: Fri, 20 Oct 2023 10:48:52 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Type: application/xml
Content-Length: 593
<?xml version="1.0" encoding="UTF-8"?>
<sessioninfo>
<user>admin</user>
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Ftopologies=sandbox</logoutPageUrl>
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
<canSeeAllTokens>true</canSeeAllTokens>
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
</sessioninfo>
```
4. Both with 'logoutPageProfile' and `logoutPageTopologies` params:
```
$ curl -ik --cookie "hadoop-jwt=eyJra...APA" -X GET
"https://localhost:8443/gateway/homepage/session/api/v1/sessioninfo?logoutPageTopologies=sandbox&logoutPageProfile=full";
HTTP/1.1 200 OK
Date: Fri, 20 Oct 2023 08:07:26 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Type: application/xml
Content-Length: 610
<?xml version="1.0" encoding="UTF-8"?>
<sessioninfo>
<user>admin</user>
<logoutUrl>https://localhost:8443/gateway/homepage/knoxssout/api/v1/webssout</logoutUrl>
<logoutPageUrl>https://localhost:8443/gateway/knoxsso/knoxauth/logout.jsp?originalUrl=https://localhost:8443/gateway/homepage/home%3Fprofile=full%26topologies=sandbox</logoutPageUrl>
<globalLogoutPageUrl>https://dev-p8gzwjyj66yvfble.eu.auth0.com/oidc/logout</globalLogoutPageUrl>
<canSeeAllTokens>true</canSeeAllTokens>
<currentKnoxSsoCookieTokenId>40005574-61f2-4507-aa9f-0171b787ed4c</currentKnoxSsoCookieTokenId>
</sessioninfo>
```
I also tested the entire flow by temporarily modifying the `home`
application. I updated the
[sessionUrl](https://github.com/apache/knox/blob/master/knox-homepage-ui/home/app/homepage.service.ts#L33)
variable:
```
sessionUrl = this.topologyContext + 'session/api/v1/sessioninfo'
```
became
```
sessionUrl = this.topologyContext +
'session/api/v1/sessioninfo?logoutPageProfile=token&logoutPageTopologies=sandbox'
```
After I redeployed Knox I confirmed that I got the correct link on the
logout page and after clicking the `Return to Application` link and logging in
again, the given query parameters were applied.
<img width="1787" alt="Screenshot 2023-10-20 at 15 12 42"
src="https://github.com/apache/knox/assets/34065904/43e20f67-0f26-47e6-b1d6-757c507a7b9c";>
<img width="1784" alt="Screenshot 2023-10-20 at 15 13 53"
src="https://github.com/apache/knox/assets/34065904/996bdb8a-0418-4138-84cc-45a52bd77f10";>
<img width="1787" alt="Screenshot 2023-10-20 at 15 14 13"
src="https://github.com/apache/knox/assets/34065904/2a0fb66f-227f-4055-8407-7446418cc621";>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
