Merge pull request #141 from ibm-cloud-security/taimorSSO

add logoutSSO

Author: motyd

lib/strategies/webapp-strategy.js

@@ -528,4 +528,28 @@ function logAction(req, url, activity) {
 	});
 }
 
+/**
+ * This method will trigger a REST HTTP call to the AppID server logoutSSO endpoint.
+ * Bare in mind that SSO feature must be activated in the server side.
+ * Calling the server SSO APIs will do nothing if you forgot to enable SSO in the server (tenant) configuration.
+ * Once you enabled SSO login in the server side you can try the logout in the client side:
+ * If you use the sample application , add a logout SSO UI widget , add to the app.js an express routing such as
+ * app.get("/logoutSSO", function(req, res, next) {
+ *	res.clearCookie("refreshToken");
+ *	webAppStrategy.logoutSSO(req,res, { redirect_uri: "http://localhost:3000/niceGoodbyePage" , all_sessions: false });
+ * });
+ * @param req - the HTTP request
+ * @param res - the HTTP response object (will be used to redirect)
+ * @param options - need to contain at least the redirect_uri. all_sessions can logout all the users sessions at once.
+ */
+WebAppStrategy.prototype.logoutSSO = function (req, res, options = {}) {
+	options.client_id = this.serviceConfig.getClientId();
+	let queryParams = Object.keys(options).map(e => encodeURIComponent(e) + '=' + encodeURIComponent(options[e])).join('&');
+	let oauthServerUrl = this.serviceConfig.getOAuthServerUrl();
+	let url = `${oauthServerUrl}/cloud_directory/sso/logout?${queryParams}`;
+	logger.debug('cleaning client session and calling server url:'+url);
+	WebAppStrategy.logout(req);  // without logging to activity tracker since the server will be reporting it .
+	res.redirect(url);
+};
+
 module.exports = WebAppStrategy;

test/webapp-strategy-test.js

@@ -37,6 +37,36 @@ describe("/lib/strategies/webapp-strategy", function () {
 			redirectUri: "https://redirectUri"
 		});
 	});
+
+	describe("#SSO ", () => {
+		let resultRedirect='';
+		const redirectURL =  "http://localhost:3000/somethingElse";
+
+		beforeEach( () => {
+			resultRedirect='';
+		});
+
+		it("good callback" , () => {
+			let req = {
+				session: { returnTo : 'ssss'},
+				logout : function(req) {}
+			};
+			let res = {
+				redirect : function (url) {
+					resultRedirect = url;
+				}
+			};
+
+			let options = { redirect_uri: redirectURL};
+			webAppStrategy.logoutSSO(req,res, options);
+			const uriEncodedCallBack = encodeURIComponent(redirectURL);
+			const excpected = `https://oauthServerUrlMock/cloud_directory/sso/logout?redirect_uri=${uriEncodedCallBack}&client_id=clientId`;
+			assert.equal(resultRedirect, excpected);
+			assert.equal(req.session.returnTo , undefined); // expect session to be cleaned.
+		});
+
+	});
+
 
 	describe("#setPreferredLocale", function () {
 		it("Should fail if request doesn't have session", function (done) {