(w http.ResponseWriter, r *http.Request)
| 420 | } |
| 421 | |
| 422 | func (h *LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
| 423 | var idToken string |
| 424 | |
| 425 | // Retrieve saved session. |
| 426 | cookie, err := r.Cookie(authCookieName) |
| 427 | if err != nil { |
| 428 | echo(Log{"t": "logout_cookie", "error": "not found"}) |
| 429 | h.redirect(w, r, idToken) |
| 430 | return |
| 431 | } |
| 432 | |
| 433 | sessionID := cookie.Value |
| 434 | session, ok := h.auth.get(sessionID) |
| 435 | |
| 436 | // Delete cookie. |
| 437 | cookie.MaxAge = -1 |
| 438 | cookie.Secure = h.auth.secure |
| 439 | http.SetCookie(w, cookie) |
| 440 | |
| 441 | // Purge session |
| 442 | h.auth.remove(sessionID) |
| 443 | |
| 444 | if ok { |
| 445 | // Reload all of this user's browser tabs |
| 446 | h.broker.resetClients(session) |
| 447 | |
| 448 | // A token may not be present if the oauth2 workflow failed, so check before access. |
| 449 | if session.token != nil { |
| 450 | idToken, _ = session.token.Extra("id_token").(string) // raw id_token (required by Okta) |
| 451 | } |
| 452 | } |
| 453 | |
| 454 | h.redirect(w, r, idToken) |
| 455 | } |
| 456 | |
| 457 | func (h *LogoutHandler) redirect(w http.ResponseWriter, r *http.Request, idToken string) { |
| 458 | if h.auth.conf.EndSessionURL == "" { |
nothing calls this directly
no test coverage detected