URL-encode OIDC post_logout_uri query parameter

sberyozkin · sberyozkin · commit 642f0d3a121a · 2023-06-22T11:20:37.000+01:00
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
@@ -1134,8 +1134,8 @@ private String buildLogoutRedirectUri(TenantConfigContext configContext, String
 
         if (configContext.oidcConfig.logout.postLogoutPath.isPresent()) {
             logoutUri.append(AMP).append(configContext.oidcConfig.logout.getPostLogoutUriParam()).append(EQ).append(
-                    buildUri(context, isForceHttps(configContext.oidcConfig),
-                            configContext.oidcConfig.logout.postLogoutPath.get()));
+                    OidcCommonUtils.urlEncode(buildUri(context, isForceHttps(configContext.oidcConfig),
+                            configContext.oidcConfig.logout.postLogoutPath.get())));
             logoutUri.append(AMP).append(OidcConstants.LOGOUT_STATE).append(EQ)
                     .append(generatePostLogoutState(context, configContext));
         }
diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java
@@ -50,6 +50,6 @@ public String postLogout(@QueryParam("state") String postLogoutState) {
         if (!postLogoutState.equals(cookie.getValue())) {
             throw new InternalServerErrorException("'state' query parameter is not equal to the q_post_logout cookie value");
         }
-        return "You were logged out";
+        return "You were logged out, please login again";
     }
 }
diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java
@@ -444,7 +444,7 @@ public void testRPInitiatedLogout() throws IOException {
             assertNotNull(getSessionCookie(webClient, "tenant-logout"));
 
             page = webClient.getPage("http://localhost:8081/tenant-logout/logout");
-            assertTrue(page.asNormalizedText().contains("You were logged out"));
+            assertTrue(page.asNormalizedText().contains("You were logged out, please login again"));
             assertNull(getSessionCookie(webClient, "tenant-logout"));
 
             page = webClient.getPage("http://localhost:8081/tenant-logout");

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,6 @@ public String postLogout(@QueryParam("state") String postLogoutState) {`
`50`	`50`	`if (!postLogoutState.equals(cookie.getValue())) {`
`51`	`51`	`throw new InternalServerErrorException("'state' query parameter is not equal to the q_post_logout cookie value");`
`52`	`52`	`}`
`53`		`- return "You were logged out";`
	`53`	`+ return "You were logged out, please login again";`
`54`	`54`	`}`
`55`	`55`	`}`