Compare commits

..

No commits in common. "809579aa64deea840c9cab9c6f5b54c4892b91c0" and "a27c06c5f6943805cd5e5bf2a4ba015283c8e1b5" have entirely different histories.

3 changed files with 16 additions and 24 deletions

View File

@ -148,10 +148,11 @@ public function handleMicrosoftCallback(Request $request)
return $this->redirectUserBasedOnRole($user);
}
/**
* Log the user out of the application.
*/
public function logout(Request $request)
{
$user = Auth::user();
Auth::logout();
$request->session()->invalidate();
@ -159,19 +160,7 @@ public function logout(Request $request)
// Redirect to Microsoft's logout URL to log the user out of Microsoft as well
try {
$tenant = config('services.microsoft.tenant', 'common');
$logoutUrl = "https://login.microsoftonline.com/{$tenant}/oauth2/v2.0/logout";
$params = [
'post_logout_redirect_uri' => route('login'),
];
if ($user && $user->email) {
// Pass logout_hint to bypass Microsoft's "Pick an account" selection screen
$params['logout_hint'] = $user->email;
}
$microsoftLogoutUrl = $logoutUrl . '?' . http_build_query($params);
$microsoftLogoutUrl = Socialite::driver('microsoft')->getLogoutUrl(route('login'));
return redirect($microsoftLogoutUrl);
} catch (\Exception $e) {
return redirect()->route('login')->with('success', 'Logged out successfully.');

Binary file not shown.

Before

Width:  |  Height:  |  Size: 25 KiB

View File

@ -189,6 +189,9 @@ public function test_admin_cannot_authenticate_via_microsoft_oauth_callback(): v
$this->assertFalse(auth()->check());
}
/**
* Test local logout redirects to Microsoft global logout endpoint.
*/
public function test_user_logout_redirects_to_microsoft_logout_page(): void
{
$user = User::create([
@ -197,16 +200,17 @@ public function test_user_logout_redirects_to_microsoft_logout_page(): void
'role' => 'user',
]);
$mockSocialite = \Mockery::mock('Laravel\Socialite\Contracts\Provider');
$mockSocialite->shouldReceive('getLogoutUrl')
->with(route('login'))
->andReturn('https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=' . urlencode(route('login')));
\Laravel\Socialite\Facades\Socialite::shouldReceive('driver')->with('microsoft')->andReturn($mockSocialite);
$response = $this->actingAs($user)
->get('/logout'); // supports GET for testing
$tenant = config('services.microsoft.tenant', 'common');
$expectedRedirect = "https://login.microsoftonline.com/{$tenant}/oauth2/v2.0/logout?" . http_build_query([
'post_logout_redirect_uri' => route('login'),
'logout_hint' => 'user@sentientgeeks.com',
]);
$response->assertRedirect($expectedRedirect);
$response->assertRedirect('https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=' . urlencode(route('login')));
$this->assertFalse(auth()->check());
}
@ -260,8 +264,7 @@ public function test_sso_launch_redirects_to_microsoft_for_all_services_if_user_
$mockSocialite->shouldReceive('redirectUrl')->with(route('sso.callback'))->andReturnSelf();
$mockSocialite->shouldReceive('with')->with([
'login_hint' => $user->email,
'domain_hint' => 'organizations',
'prompt' => 'none'
'domain_hint' => 'organizations'
])->andReturnSelf();
$mockSocialite->shouldReceive('redirect')
->andReturn(redirect('https://login.microsoftonline.com/common/oauth2/v2.0/authorize'));