Merge pull request #11064 from rabbitmq/make-end-session-endpoint-optional

michaelklishin · web-flow · commit 483a8244c282 · 2024-04-23T15:24:24.000-04:00
OAuth 2: log out from IDP only when an end_session_endpoint is available
diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js
@@ -167,7 +167,7 @@ function start_app_login () {
       });
     }
   })
-  // TODO REFACTOR: this code can be simplified
+  
   if (oauth.enabled) {
     if (has_auth_credentials()) {
       check_login();
diff --git a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js
@@ -243,11 +243,23 @@ function oauth_completeLogin() {
 
 function oauth_initiateLogout() {
   if (oauth.sp_initiated) {
-    mgr.signoutRedirect()
+    mgr.metadataService.getEndSessionEndpoint().then(endpoint => {
+      if (endpoint == undefined) {
+        // Logout only from management UI 
+        mgr.removeUser().then(res => {
+          clear_auth()
+          oauth_redirectToLogin()
+        })
+      }else {
+        // OpenId Connect RP-Initiated Logout
+        mgr.signoutRedirect()
+      }
+    })
   } else {
     go_to_authority()
   }
 }
+
 function oauth_completeLogout() {
     clear_auth()
     mgr.signoutRedirectCallback().then(_ => oauth_redirectToLogin())
@@ -265,8 +277,5 @@ function validate_openid_configuration(payload) {
   if (typeof payload.jwks_uri != 'string') {
     throw new Error("Missing jwks_uri")
   }
-  if (typeof payload.end_session_endpoint != 'string') {
-    throw new Error("Missing end_session_endpoint")
-  }
 
 }
diff --git a/deps/rabbitmq_management/selenium/bin/components/selenium b/deps/rabbitmq_management/selenium/bin/components/selenium
@@ -1,6 +1,11 @@
 #!/usr/bin/env bash
 
-SELENIUM_DOCKER_IMAGE=selenium/standalone-chrome:103.0
+arch=$(uname -i)
+if [[ $arch == arm* ]]; then
+  SELENIUM_DOCKER_IMAGE=selenium/standalone-chrome:123.0
+else
+  SELENIUM_DOCKER_IMAGE=seleniarm/standalone-chromium:123.0
+fi 
 
 start_selenium() {
   begin "Starting selenium  ..."
diff --git a/deps/rabbitmq_management/selenium/package.json b/deps/rabbitmq_management/selenium/package.json
@@ -14,20 +14,20 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^121.0.0",
+    "chromedriver": "^123.0.0",
     "ejs": "^3.1.8",
     "express": "^4.18.2",
     "geckodriver": "^3.0.2",
     "http-proxy": "^1.18.1",
     "mqtt": "^5.3.3",
     "path": "^0.12.7",
     "proxy": "^1.0.2",
-    "selenium-webdriver": "^4.15.0",
+    "selenium-webdriver": "^4.19.0",
     "xmlhttprequest": "^1.8.0"
   },
   "devDependencies": {
     "chai": "^4.3.6",
-    "mocha": "^10.0.0",
+    "mocha": "^10.4.0",
     "request": "^2.88.2",
     "standard": "^17.0.0"
   }

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ function start_app_login () {`
`167`	`167`	`});`
`168`	`168`	`}`
`169`	`169`	`})`
`170`		`- // TODO REFACTOR: this code can be simplified`
	`170`	`+`
`171`	`171`	`if (oauth.enabled) {`
`172`	`172`	`if (has_auth_credentials()) {`
`173`	`173`	`check_login();`