add logout route implementation

numerique-gouv · May 28, 2024 · 1daf23e · 1daf23e
1 parent c243e84
commit 1daf23e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/controllers/userController.js b/controllers/userController.js
@@ -1,4 +1,5 @@
 const oidcAuth = require("../lib/oidcAuth")
+const urls = require("../urls")
 
 module.exports.startAuth = async (req, res) => {
   const userTimezoneOffset = req.body.userTimezoneOffset
@@ -20,6 +21,13 @@ module.exports.startAuth = async (req, res) => {
 }
 
 module.exports.logout = async(req, res) => {
-  console.log(req.session)
-  return res.redirect(`/`)
+  const user = req.session.user
+  if(!user){
+    return res.redirect(urls.landing)
+  }
+  const {id_token_hint, state} = user
+  req.session.destroy()
+
+  const logoutUrl = oidcAuth.getLogoutUrl({id_token_hint, state})
+  return res.redirect(logoutUrl)
 }
diff --git a/lib/oidcAuth.js b/lib/oidcAuth.js
@@ -119,8 +119,9 @@ module.exports.finishAuth = async (req) => {
     return { error: "L'identification a échoué. Entrez votre adresse mail ci-dessous pour recommencer." }
   }
   const email = userinfo.email
+  const user = {id_token: tokenSet.id_token, state: request.state}
 
-  req.session.id_token_hint = tokenSet.id_token
+  req.session.user = user
 
   return {
     email,
@@ -130,3 +131,8 @@ module.exports.finishAuth = async (req) => {
   }
 }
 
+module.exports.getLogoutUrl = async({state, id_token_hint}) => {
+  const client = await this.getClient()
+
+  return client.endSessionUrl({id_token_hint,post_logout_redirect_uri: urls.landing,state})
+}