CORE-277 post_logout_redirect_uri can't be a fragment (#5235)

DataBiosphere · Jan 27, 2025 · f24ac07 · f24ac07
1 parent 6fb1f01
commit f24ac07
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/src/auth/signout/sign-out.test.ts b/src/auth/signout/sign-out.test.ts
@@ -35,7 +35,7 @@ type NavExports = typeof import('src/libs/nav');
 jest.mock('src/libs/nav', (): NavExports => {
   return {
     ...jest.requireActual<NavExports>('src/libs/nav'),
-    getLink: jest.fn().mockReturnValue({ name: 'signout-callback', query: {} }),
+    getPath: jest.fn().mockReturnValue('/signout'),
     goToPath: jest.fn(),
     getWindowOrigin: jest.fn(),
     getCurrentRoute: jest.fn().mockReturnValue(currentRoute),
@@ -88,21 +88,21 @@ describe('sign-out', () => {
     const unsetCookiesFn = jest.fn();
     const signOutRedirectFn = jest.fn();
     const hostname = 'https://mycoolhost.horse';
-    const link = 'signout';
+    const link = '/signout';
     const expectedState = btoa(JSON.stringify({ signOutRedirect: currentRoute, signOutCause: 'unspecified' }));
     asMockedFn(oidcStore.get).mockReturnValue({
       userManager: { signoutRedirect: signOutRedirectFn },
     } as unknown as OidcState);
     asMockedFn(leoCookieProvider.unsetCookies).mockImplementation(unsetCookiesFn);
-    asMockedFn(Nav.getLink).mockReturnValue(link);
+    asMockedFn(Nav.getPath).mockReturnValue(link);
     asMockedFn(Nav.getWindowOrigin).mockReturnValue(hostname);
     asMockedFn(Nav.getCurrentRoute).mockReturnValue(currentRoute);
     // Act
     await doSignOut();
     // Assert
     expect(unsetCookiesFn).toHaveBeenCalled();
     expect(signOutRedirectFn).toHaveBeenCalledWith({
-      post_logout_redirect_uri: `${hostname}/${link}`,
+      post_logout_redirect_uri: `${hostname}${link}`,
       extraQueryParams: { state: expectedState },
     });
   });

diff --git a/src/auth/signout/sign-out.ts b/src/auth/signout/sign-out.ts
@@ -42,7 +42,7 @@ export const doSignOut = async (signOutCause: SignOutCause = 'unspecified'): Pro
   await leoCookieProvider.unsetCookies();
   try {
     const userManager = oidcStore.get().userManager;
-    const redirectUrl = `${Nav.getWindowOrigin()}/${Nav.getLink(signOutCallbackLinkName)}`;
+    const redirectUrl = `${Nav.getWindowOrigin()}${Nav.getPath(signOutCallbackLinkName)}`;
     // This will redirect to the logout callback page, which calls `userSignedOut` and then redirects to the homepage.
     const { name, query, params }: SignOutRedirect = Nav.getCurrentRoute();
     const signOutState: SignOutState = { signOutRedirect: { name, query, params }, signOutCause };