Add redirect parameter to logout URL
The logout page of UAA has the capability to redirect back to an
arbitrary URL [1]. Change the init step to write a logout URL
with a redirect parameter pointing to the canonical web URL of
Gerrit, so that a user can sign in again immediately.
Note, recent versions of UAA switch off the redirect by default
for security reasons. Make sure to uncomment the "logout" section
in the login.yml configuration file of the UAA and add the
Gerrit canonical web URL to the whitelisted redirect URLs.
[1] https://github.com/cloudfoundry/uaa/blob/master/docs/login/Login-APIs.md#logout-get-logoutdo
Change-Id: I0f581ff6897e77ffc5ec5677ab39a366b1685d2c
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java
index c532357..c2c54ff 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/InitOAuthConfig.java
@@ -36,6 +36,7 @@
private final InitFlags flags;
private final ConsoleUI ui;
private final Section cfg;
+ private final String redirectUrl;
@Inject
InitOAuthConfig(InitFlags flags, ConsoleUI ui,
@@ -44,6 +45,7 @@
this.flags = flags;
this.ui = ui;
this.cfg = sections.get(PLUGIN_SECTION, pluginName);
+ this.redirectUrl = getRedirectUrl(sections);
}
@Override
@@ -60,7 +62,13 @@
cfg.set(VERIFIY_SIGNATURES, Boolean.toString(
ui.yesno(true, "Verify token signatures", VERIFIY_SIGNATURES)));
flags.cfg.setString("auth", null, "logouturl", CharMatcher.is('/')
- .trimTrailingFrom(cfg.get(SERVER_URL)) + "/logout.do");
+ .trimTrailingFrom(cfg.get(SERVER_URL)) + "/logout.do?redirect="
+ + redirectUrl);
+ }
+
+ private static String getRedirectUrl(Section.Factory sections) {
+ Section gerrit = sections.get("gerrit", null);
+ return CharMatcher.is('/').trimTrailingFrom(gerrit.get("canonicalWebUrl"));
}
@Override