Make post_logout_redirect_uri configurable for legacy admin UI (#14324)

Closes #14246
2022-09-12 17:12:38 +08:00 · 2022-09-12 17:12:38 +08:00 · 320320f419
commit 320320f419
parent 1f9b6d9151
3 changed files with 54 additions and 2 deletions
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@ -380,6 +380,8 @@ root-url=Root URL
 root-url.tooltip=Root URL appended to relative URLs
 valid-redirect-uris=Valid Redirect URIs
 valid-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
+valid-post-logout-redirect-uris=Valid post logout redirect URIs
+valid-post-logout-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful logout. A value of '+' will use the list of valid redirect uris. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
 base-url.tooltip=Default URL to use when the auth server needs to redirect or link back to the client.
 admin-url=Admin URL
 admin-url.tooltip=URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.
--- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@ -1521,6 +1521,12 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, flows, $ro
            $scope.client.requestUris = [];
        }

+        if ($scope.client.attributes["post.logout.redirect.uris"] && $scope.client.attributes["post.logout.redirect.uris"].length > 0) {
+            $scope.postLogoutRedirectUris = $scope.client.attributes["post.logout.redirect.uris"].split("##");
+        } else {
+            $scope.postLogoutRedirectUris = [];
+        }
+
        if ($scope.client.attributes["default.acr.values"] && $scope.client.attributes["default.acr.values"].length > 0) {
            $scope.defaultAcrValues = $scope.client.attributes["default.acr.values"].split("##");
        } else {
@ -1733,6 +1739,9 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, flows, $ro
        if ($scope.newRedirectUri && $scope.newRedirectUri.length > 0) {
            return true;
        }
+        if ($scope.newPostLogoutRedirectUri && $scope.newPostLogoutRedirectUri.length > 0) {
+            return true;
+        }
        if ($scope.newWebOrigin && $scope.newWebOrigin.length > 0) {
            return true;
        }
@ -1849,6 +1858,9 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, flows, $ro
        $scope.changed = isChanged();
    }, true);

+    $scope.$watch('newPostLogoutRedirectUri', function() {
+        $scope.changed = isChanged();
+    }, true);

    $scope.$watch('newWebOrigin', function() {
        $scope.changed = isChanged();
@ -1894,6 +1906,15 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, flows, $ro
        $scope.newRedirectUri = "";
    }

+    $scope.deletePostLogoutRedirectUri = function(index) {
+        $scope.postLogoutRedirectUris.splice(index, 1);
+    }
+
+    $scope.addPostLogoutRedirectUri = function() {
+        $scope.postLogoutRedirectUris.push($scope.newPostLogoutRedirectUri);
+        $scope.newPostLogoutRedirectUri = "";
+    }
+
    $scope.save = function() {
        if ($scope.newRedirectUri && $scope.newRedirectUri.length > 0) {
            $scope.addRedirectUri();
@ -1911,6 +1932,13 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, flows, $ro
        } else {
            $scope.clientEdit.attributes["request.uris"] = null;
        }
+
+        if ($scope.postLogoutRedirectUris && $scope.postLogoutRedirectUris.length > 0) {
+            $scope.clientEdit.attributes["post.logout.redirect.uris"] = $scope.postLogoutRedirectUris.join("##");
+        } else {
+            $scope.clientEdit.attributes["post.logout.redirect.uris"] = null;
+        }
+
        if (!$scope.clientEdit.frontchannelLogout) {
            $scope.clientEdit.attributes["frontchannel.logout.url"] = null;
        }
@ -2242,7 +2270,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, $rout
        });
    }

-    
+
    $scope.selectedClient = null;

    $scope.selectClient = function(client) {
@ -3028,7 +3056,7 @@ module.controller('ClientClientScopesEvaluateCtrl', function($scope, Realm, User
    }

    clientSelectControl($scope, $route.current.params.realm, Client);
-    
+
    $scope.selectedClient = null;

    $scope.selectClient = function(client) {
--- a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
@ -350,6 +350,28 @@
                <kc-tooltip>{{:: 'valid-redirect-uris.tooltip' | translate}}</kc-tooltip>
            </div>

+            <div class="form-group clearfix block" data-ng-hide="clientEdit.bearerOnly || (!clientEdit.standardFlowEnabled && !clientEdit.implicitFlowEnabled) || protocol == 'docker-v2'">
+                <label class="col-md-2 control-label" for="newPostLogoutRedirectUri">{{:: 'valid-post-logout-redirect-uris' | translate}}</label>
+
+                <div class="col-sm-6">
+                    <div class="input-group" ng-repeat="(i, postLogoutRedirectUri) in postLogoutRedirectUris track by $index">
+                        <input class="form-control" ng-model="postLogoutRedirectUris[i]">
+                        <div class="input-group-btn">
+                            <button class="btn btn-default" type="button" data-ng-click="deletePostLogoutRedirectUri($index)"><span class="fa fa-minus"></span></button>
+                        </div>
+                    </div>
+
+                    <div class="input-group">
+                        <input class="form-control" ng-model="newPostLogoutRedirectUri" id="newPostLogoutRedirectUri">
+                        <div class="input-group-btn">
+                            <button class="btn btn-default" type="button" data-ng-click="newPostLogoutRedirectUri.length > 0 && addPostLogoutRedirectUri()"><span class="fa fa-plus"></span></button>
+                        </div>
+                    </div>
+                </div>
+
+                <kc-tooltip>{{:: 'valid-post-logout-redirect-uris.tooltip' | translate}}</kc-tooltip>
+            </div>
+
            <div class="form-group" data-ng-show="!clientEdit.bearerOnly && protocol != 'docker-v2'">
                <label class="col-md-2 control-label" for="baseUrl">{{:: 'base-url' | translate}}</label>
                <div class="col-sm-6">