Merge branch '10.0.x' of https://github.com/macite/doubtfire-api into 10.0.x

Author: macite

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [10.0.0-6](https://github.com/macite/doubtfire-deploy/compare/v10.0.0-5...v10.0.0-6) (2025-05-30)
+
+
+### Bug Fixes
+
+* adjust cookie function name to clarify purpose ([729efb6](https://github.com/macite/doubtfire-deploy/commit/729efb622b1257a14e28999a61e3a6343c4b2937))
+
+## [10.0.0-5](https://github.com/macite/doubtfire-deploy/compare/v10.0.0-4...v10.0.0-5) (2025-05-30)
+
+
+### Features
+
+* add saml signout url ([1f079b9](https://github.com/macite/doubtfire-deploy/commit/1f079b990b5bcc099f945ed15abfad0dc05f9701))
+* allow database auth to simulate token signin ([4e4873c](https://github.com/macite/doubtfire-deploy/commit/4e4873c2a5eeffa0fa3f9546c38f4d4870dba7b8))
+
 ## [10.0.0-4](https://github.com/macite/doubtfire-deploy/compare/v10.0.0-3...v10.0.0-4) (2025-04-11)
 
 ## [10.0.0-3](https://github.com/macite/doubtfire-deploy/compare/v10.0.0-2...v10.0.0-3) (2025-04-10)

app/api/authentication_api.rb

@@ -80,7 +80,7 @@ class AuthenticationApi < Grape::API
       # Return user details
       present :user, user, with: Entities::UserEntity
       present :auth_token, token.authentication_token
-      add_refresh_cookie_to_response(remember)
+      set_refresh_cookie_in_response(remember)
     end
   end
 
@@ -153,6 +153,23 @@ class AuthenticationApi < Grape::API
       end
       redirect "#{host}/sign_in?authToken=#{onetime_token.authentication_token}&username=#{user.username}"
     end
+
+    # Saml 2 logout callback
+    desc 'SAML2.0 logout callback'
+    params do
+      requires :SAMLResponse, type: String, desc: 'SAML logout response data.'
+    end
+    post '/auth/saml_logout' do
+      response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], allowed_clock_drift: 1.second,
+                                                                               settings: AuthenticationHelpers.saml_settings)
+
+      # Check if the SAML response is valid - if not log an error
+      unless response.is_valid?
+        logger.error "Invalid SAML logout response: #{response.errors.join(', ')}"
+      end
+
+      redirect "#{host}/sign_in"
+    end
   end
 
   #
@@ -261,7 +278,7 @@ class AuthenticationApi < Grape::API
         # Respond user details with new auth token
         present :user, user, with: Entities::UserEntity
         present :auth_token, token.authentication_token
-        add_refresh_cookie_to_response(params[:remember])
+        set_refresh_cookie_in_response(params[:remember])
       end
     end
   end
@@ -343,7 +360,7 @@ class AuthenticationApi < Grape::API
     end
 
     # Remove the refresh token cookie - if remember is false
-    add_refresh_cookie_to_response(false) unless params[:remember]
+    set_refresh_cookie_in_response(false) unless params[:remember]
     present nil
   end
 

app/helpers/authentication_helpers.rb

@@ -62,7 +62,7 @@ def authenticated_via_refresh_token?
       true
     when :token_expired, :error, :missing_details
       # Token expired - remove cookies
-      add_refresh_cookie_to_response(false)
+      set_refresh_cookie_in_response(false)
       false
     end
   end
@@ -205,7 +205,10 @@ def db_auth?
     Doubtfire::Application.config.auth_method == :database
   end
 
-  def add_refresh_cookie_to_response(remember)
+  # rubocop:disable Naming/AccessorMethodName
+  def set_refresh_cookie_in_response(remember)
+    # rubocop:enable Naming/AccessorMethodName
+
     if remember
       token = current_user.auth_tokens.where(token_type: :refresh_token).last