Merge pull request #2 from PrestaShopCorp/feat/get-session-logout-url

feat: get session logout url

Author: hschoenenberger

README.md

@@ -94,6 +94,46 @@ if (!empty($_GET['error'])) {
 
 For more information see the PHP League's general usage examples.
 
+## Logout flow 
+
+Going beyond the scope of this library we provide a helper function `getLogoutUrl` to logout from your oauth2 session.
+
+The only required parameter is `id_token_int` here, you can optionally provide `post_logout_redirect_uri` to override the one from the constructor.
+
+Also don't forget to provide `postLogoutCallbackUri` at construction time if you plan to use it.
+
+```php
+$prestaShopProvider = new \PrestaShop\OAuth2\Client\Provider\PrestaShop([
+    'clientId' => 'yourClientId', // The client ID assigned to you by PrestaShop
+    'clientSecret' => 'yourClientSecret', // The client password assigned to you by PrestaShop
+    'redirectUri' => 'yourClientRedirectUri', // The URL responding to the code flow implemented here
+    'postLogoutCallbackUri' => 'yourLogoutCallbackUri', // Logout url whitelisted among the ones defined with your client
+    // Optional parameters
+    'uiLocales' => ['fr-FR', 'en'],
+    'acrValues' => ['prompt:create'], // In that specific case we change the default prompt to the "register" page
+]);
+
+if (isset($_GET['oauth2Callback')) {
+    // your logout code
+    session_destroy();
+    
+} else {
+    /** @var \League\OAuth2\Client\Token\AccessToken $accessToken */
+    $accessToken = $_SESSION['accessToken'];
+    
+    // The only required parameter is "id_token_int" here, 
+    // you can optionally provide "post_logout_redirect_uri" to override the one from the constructor.
+    $logoutUrl = $prestaShopProvider->getLogoutUrl([
+        'id_token_hint' => $accessToken->getValues()['id_token'],
+        // (Optionnal here) Logout url whitelisted among the ones defined with your client
+        // 'post_logout_redirect_uri' => 'https://my-logout-url/?oauth2Callback',
+    ]);
+
+    header('Location: ' . $logoutUrl);
+    exit;
+}
+```
+
 ## Testing
 
 ``` bash

composer.json

@@ -37,5 +37,9 @@
         "psr-4": {
             "PrestaShop\\OAuth2\\Client\\Test\\": "tests/src/"
         }
+    },
+    "scripts": {
+        "phpunit": "./vendor/bin/phpunit --coverage-text",
+        "php-cs-fixer": "./vendor/bin/php-cs-fixer fix --config .php_cs.dist.php --diff"
     }
 }

src/Provider/LogoutTrait.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace PrestaShop\OAuth2\Client\Provider;
+
+trait LogoutTrait
+{
+    /**
+     * @var string
+     */
+    protected $postLogoutCallbackUri;
+
+    /**
+     * @return string
+     */
+    public function getBaseSessionLogoutUrl(): string
+    {
+        return 'https://oauth.prestashop.com/oauth2/sessions/logout';
+    }
+
+    /**
+     * Builds the session logout URL.
+     *
+     * @param array $options
+     *
+     * @return string Logout URL
+     *
+     * @throws \Exception
+     */
+    public function getLogoutUrl(array $options = []): string
+    {
+        $base = $this->getBaseSessionLogoutUrl();
+        $params = $this->getLogoutParameters($options);
+        $query = $this->getLogoutQuery($params);
+
+        return $this->appendQuery($base, $query);
+    }
+
+    /**
+     * @param array $options
+     *
+     * @return string[]
+     *
+     * @throws \Exception
+     */
+    protected function getLogoutParameters(array $options): array
+    {
+        if (empty($options['id_token_hint'])) {
+            // $options['id_token_hint'] = $this->getSessionAccessToken()->getValues()['id_token'];
+            throw new \Exception('Missing id_token_hint required parameter');
+        }
+
+        if (empty($options['post_logout_redirect_uri'])) {
+            if (!empty($this->postLogoutCallbackUri)) {
+                $options['post_logout_redirect_uri'] = $this->postLogoutCallbackUri;
+            } else {
+                throw new \Exception('Missing post_logout_redirect_uri required parameter');
+            }
+        }
+
+        return $options;
+    }
+
+    /**
+     * Builds the logout URL's query string.
+     *
+     * @param array $params Query parameters
+     *
+     * @return string Query string
+     */
+    protected function getLogoutQuery(array $params): string
+    {
+        return $this->buildQueryString($params);
+    }
+}

src/Provider/PrestaShop.php

@@ -29,6 +29,7 @@
 class PrestaShop extends AbstractProvider
 {
     use BearerAuthorizationTrait;
+    use LogoutTrait;
 
     /**
      * @var string If set, will be sent as the "prompt" parameter
@@ -54,7 +55,7 @@ class PrestaShop extends AbstractProvider
     /**
      * @return string
      */
-    public function getBaseAuthorizationUrl()
+    public function getBaseAuthorizationUrl(): string
     {
         return 'https://oauth.prestashop.com/oauth2/auth';
     }
@@ -64,7 +65,7 @@ public function getBaseAuthorizationUrl()
      *
      * @return string
      */
-    public function getBaseAccessTokenUrl(array $params)
+    public function getBaseAccessTokenUrl(array $params): string
     {
         return 'https://oauth.prestashop.com/oauth2/token';
     }
@@ -74,7 +75,7 @@ public function getBaseAccessTokenUrl(array $params)
      *
      * @return string
      */
-    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    public function getResourceOwnerDetailsUrl(AccessToken $token): string
     {
         return 'https://oauth.prestashop.com/userinfo';
     }
@@ -84,7 +85,7 @@ public function getResourceOwnerDetailsUrl(AccessToken $token)
      *
      * @return string[]
      */
-    protected function getAuthorizationParameters(array $options)
+    protected function getAuthorizationParameters(array $options): array
     {
         if (empty($options['prompt']) && $this->prompt) {
             $options['prompt'] = $this->prompt;
@@ -106,7 +107,7 @@ protected function getAuthorizationParameters(array $options)
     /**
      * @return string[]
      */
-    public function getDefaultScopes()
+    public function getDefaultScopes(): array
     {
         return ['openid', 'offline_access'];
     }

tests/src/Provider/LogoutTraitTest.php

@@ -0,0 +1,180 @@
+<?php
+
+namespace PrestaShop\OAuth2\Client\Test\Provider;
+
+use PHPUnit\Framework\TestCase;
+use PrestaShop\OAuth2\Client\Provider\PrestaShop;
+
+class LogoutTraitTest extends TestCase
+{
+    /**
+     * @var PrestaShop
+     */
+    private $provider;
+
+    protected function setUp(): void
+    {
+        $this->provider = new PrestaShop([
+            'clientId' => 'test-client',
+            'clientSecret' => 'secret',
+            'redirectUri' => 'https://test-client-redirect.net',
+            'postLogoutCallbackUri' => 'https://test-client-redirect.net/logout?oauth2Callback',
+            'uiLocales' => ['fr-CA', 'en'],
+            'acrValues' => ['prompt:login'],
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldGenerateLogoutUrl(): void
+    {
+        $idToken = 'someRandomIdToken';
+
+        $url = $this->provider->getLogoutUrl([
+            'id_token_hint' => $idToken,
+        ]);
+        $uri = parse_url($url);
+        $query = [];
+
+        if (\is_array($uri) && isset($uri['query'])) {
+            parse_str($uri['query'], $query);
+        }
+
+        $this->assertEquals($idToken, $query['id_token_hint']);
+        $this->assertEquals('https://test-client-redirect.net/logout?oauth2Callback', $query['post_logout_redirect_uri']);
+        // $this->assertEquals('fr-CA en', $query['ui_locales']);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldGenerateLogoutUrlWithOptionalParameters(): void
+    {
+        $idToken = 'someRandomIdToken';
+        $postLogoutRedirectUri = 'https://overriden-post-logout-uri.net';
+
+        $url = $this->provider->getLogoutUrl([
+            'id_token_hint' => $idToken,
+            'post_logout_redirect_uri' => $postLogoutRedirectUri,
+        ]);
+        $uri = parse_url($url);
+        $query = [];
+
+        if (\is_array($uri) && isset($uri['query'])) {
+            parse_str($uri['query'], $query);
+        }
+
+        $this->assertEquals($idToken, $query['id_token_hint']);
+        $this->assertEquals($postLogoutRedirectUri, $query['post_logout_redirect_uri']);
+        // $this->assertEquals('fr-CA en', $query['ui_locales']);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldGenerateLogoutUrlWithOptionalOnlyParameters(): void
+    {
+        $idToken = 'someRandomIdToken';
+        $postLogoutRedirectUri = 'https://overriden-post-logout-uri.net';
+
+        $this->provider = new PrestaShop([
+            'clientId' => 'test-client',
+            'clientSecret' => 'secret',
+            'redirectUri' => 'https://test-client-redirect.net',
+            // 'postLogoutCallbackUri' => 'https://test-client-redirect.net/logout?oauth2Callback',
+            'uiLocales' => ['fr-CA', 'en'],
+            'acrValues' => ['prompt:login'],
+        ]);
+
+        $url = $this->provider->getLogoutUrl([
+            'id_token_hint' => $idToken,
+            'post_logout_redirect_uri' => $postLogoutRedirectUri,
+        ]);
+        $uri = parse_url($url);
+        $query = [];
+
+        if (\is_array($uri) && isset($uri['query'])) {
+            parse_str($uri['query'], $query);
+        }
+
+        $this->assertEquals($idToken, $query['id_token_hint']);
+        $this->assertEquals($postLogoutRedirectUri, $query['post_logout_redirect_uri']);
+        // $this->assertEquals('fr-CA en', $query['ui_locales']);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldGetBaseSessionLogoutUrl(): void
+    {
+        $url = $this->provider->getBaseSessionLogoutUrl();
+        $uri = parse_url($url);
+
+        $path = '';
+        if (\is_array($uri) && isset($uri['path'])) {
+            $path = $uri['path'];
+        }
+
+        $this->assertEquals('/oauth2/sessions/logout', $path);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldGetLogoutUrl(): void
+    {
+        $idToken = 'someRandomIdToken';
+
+        $url = $this->provider->getLogoutUrl([
+            'id_token_hint' => $idToken,
+        ]);
+        $uri = parse_url($url);
+
+        $path = '';
+        if (\is_array($uri) && isset($uri['path'])) {
+            $path = $uri['path'];
+        }
+
+        $this->assertEquals('/oauth2/sessions/logout', $path);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldThrowExceptionWhenIdTokenIsMissing(): void
+    {
+        $this->expectException(\Exception::class);
+
+        $this->expectExceptionMessage('Missing id_token_hint required parameter');
+
+        $this->provider->getLogoutUrl([
+            // 'id_token_hint' => $idToken
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function itShouldThrowExceptionWhenPostLogoutCallbackUriIsMissing(): void
+    {
+        $idToken = 'someRandomIdToken';
+
+        $this->provider = new PrestaShop([
+            'clientId' => 'test-client',
+            'clientSecret' => 'secret',
+            'redirectUri' => 'https://test-client-redirect.net',
+            // 'postLogoutCallbackUri' => 'https://test-client-redirect.net/logout?oauth2Callback',
+            'uiLocales' => ['fr-CA', 'en'],
+            'acrValues' => ['prompt:login'],
+        ]);
+
+        $this->expectException(\Exception::class);
+
+        $this->expectExceptionMessage('Missing post_logout_redirect_uri required parameter');
+
+        $this->provider->getLogoutUrl([
+            'id_token_hint' => $idToken,
+        ]);
+    }
+}