From 27271b1fe665e9d4e0acd686df245d3fa706d7b9 Mon Sep 17 00:00:00 2001
From: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Date: Tue, 9 Apr 2024 14:25:37 +0200
Subject: [PATCH] add /logout to post logout uri redirect in the signout method

---
 .../src/apps/app/app-auth.controller.ts                  | 9 +++++++--
 src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts    | 7 +++++++
 .../src/packages/core/auth/auth-flow.ts                  | 5 ++++-
 .../src/packages/core/auth/auth.context.ts               | 8 ++++++--
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/apps/app/app-auth.controller.ts b/src/Umbraco.Web.UI.Client/src/apps/app/app-auth.controller.ts
index 78f61dd40b..758803b65b 100644
--- a/src/Umbraco.Web.UI.Client/src/apps/app/app-auth.controller.ts
+++ b/src/Umbraco.Web.UI.Client/src/apps/app/app-auth.controller.ts
@@ -65,7 +65,9 @@ export class UmbAppAuthController extends UmbControllerBase {
 		}
 
 		// Save location.href so we can redirect to it after login
-		window.sessionStorage.setItem(UMB_STORAGE_REDIRECT_URL, location.href);
+		if (location.href !== this.#authContext.getPostLogoutRedirectUrl()) {
+			window.sessionStorage.setItem(UMB_STORAGE_REDIRECT_URL, location.href);
+		}
 
 		// If the user is timed out, we can show the login modal directly
 		if (userLoginState === 'timedOut') {
@@ -90,7 +92,10 @@ export class UmbAppAuthController extends UmbControllerBase {
 			this.#authContext.makeAuthorizationRequest();
 		} else {
 			// Check if any provider is redirecting directly to the provider
-			const redirectProvider = availableProviders.find((provider) => provider.meta?.behavior?.autoRedirect);
+			const redirectProvider =
+				userLoginState === 'loggingIn'
+					? availableProviders.find((provider) => provider.meta?.behavior?.autoRedirect)
+					: undefined;
 
 			if (redirectProvider) {
 				// Redirect directly to the provider
diff --git a/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts b/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
index e5a2a100ab..de8c4ee346 100644
--- a/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
+++ b/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
@@ -56,6 +56,13 @@ export class UmbAppElement extends UmbLitElement {
 			component: () => import('../upgrader/upgrader.element.js'),
 			guards: [this.#isAuthorizedGuard()],
 		},
+		{
+			path: 'logout',
+			resolve: () => {
+				this.#authContext?.clearTokenStorage();
+				this.#authController.makeAuthorizationRequest('loggedOut');
+			},
+		},
 		{
 			path: '**',
 			component: () => import('../backoffice/backoffice.element.js'),
diff --git a/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth-flow.ts b/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth-flow.ts
index 01b20582f9..82455be922 100644
--- a/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth-flow.ts
+++ b/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth-flow.ts
@@ -89,6 +89,7 @@ export class UmbAuthFlow {
 	// state
 	readonly #configuration: AuthorizationServiceConfiguration;
 	readonly #redirectUri: string;
+	readonly #postLogoutRedirectUri: string;
 	readonly #clientId: string;
 	readonly #scope: string;
 
@@ -99,10 +100,12 @@ export class UmbAuthFlow {
 	constructor(
 		openIdConnectUrl: string,
 		redirectUri: string,
+		postLogoutRedirectUri: string,
 		clientId = 'umbraco-back-office',
 		scope = 'offline_access',
 	) {
 		this.#redirectUri = redirectUri;
+		this.#postLogoutRedirectUri = postLogoutRedirectUri;
 		this.#clientId = clientId;
 		this.#scope = scope;
 
@@ -283,7 +286,7 @@ export class UmbAuthFlow {
 		// which will redirect the user back to the client
 		// and the client will then try and log in again (if the user is not logged in)
 		// which will redirect the user to the login page
-		location.href = `${this.#configuration.endSessionEndpoint}?post_logout_redirect_uri=${this.#redirectUri}`;
+		location.href = `${this.#configuration.endSessionEndpoint}?post_logout_redirect_uri=${this.#postLogoutRedirectUri}`;
 	}
 
 	/**
diff --git a/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth.context.ts b/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth.context.ts
index cf99b23c35..be37177cc0 100644
--- a/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth.context.ts
+++ b/src/Umbraco.Web.UI.Client/src/packages/core/auth/auth.context.ts
@@ -26,7 +26,7 @@ export class UmbAuthContext extends UmbContextBase<UmbAuthContext> {
 		this.#serverUrl = serverUrl;
 		this.#backofficePath = backofficePath;
 
-		this.#authFlow = new UmbAuthFlow(serverUrl, this.#getRedirectUrl());
+		this.#authFlow = new UmbAuthFlow(serverUrl, this.getRedirectUrl(), this.getPostLogoutRedirectUrl());
 	}
 
 	/**
@@ -166,7 +166,11 @@ export class UmbAuthContext extends UmbContextBase<UmbAuthContext> {
 		return this.isInitialized.pipe(switchMap(() => umbExtensionsRegistry.byType('authProvider')));
 	}
 
-	#getRedirectUrl() {
+	getRedirectUrl() {
 		return `${window.location.origin}${this.#backofficePath}`;
 	}
+
+	getPostLogoutRedirectUrl() {
+		return `${window.location.origin}${this.#backofficePath.endsWith('/') ? this.#backofficePath : this.#backofficePath + '/'}logout`;
+	}
 }