14440650663

Committed 14 Apr 2025 08:09AM UTC coverage: 4.425% (-0.3%) from 4.739%

Build # 14440650663

Build Type

push

github

Committed by

web-flow

Commit Message

[BUGFIX] Redirect to Symfony's logout route (#20)

The logout behavior was implemented in a reverse manner. The bundle
assumed that Symfony's logout will first call the OpenID logout handling
and then logout the user from Symfony, which is not the case.

The bundle now expects a dedicated logout route (defaulting to
`logout`), which _may_ need adjustments in the implementing application.

Also, the OpenID configuration is now fetched from Keycloak to obtain
the logout URL in order to avoid hard-coded URLs.

Note: since Symfony 6.4, the `LogoutRouteLoader` may be used, allowing
to configure the logout route to `_logout_main` [1].

[1] https://symfony.com/doc/6.4/security.html#logging-out

Run Details

0 of 22 new or added lines in 5 files covered. (0.0%)

10 of 226 relevant lines covered (4.42%)

9.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Service/RedirectService.php

<?php
declare(strict_types=1);

/*
 * This file is part of the package t3g/symfony-keycloak-bundle.
 *
 * For the full copyright and license information, please read the
 * LICENSE file that was distributed with this source code.
 */

namespace T3G\Bundle\Keycloak\Service;

use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use KnpU\OAuth2ClientBundle\Client\OAuth2Client;
use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Routing\RouterInterface;

class RedirectService
{
    public const DEFAULT_SCOPES = ['openid', 'profile', 'roles', 'email'];
    private ClientRegistry $clientRegistry;
    private RouterInterface $router;
    private OpenIdService $openIdService;
    private string $clientId;

    public function __construct(ClientRegistry $clientRegistry, RouterInterface $router, OpenIdService $openIdService, string $clientId)
    {
        $this->clientRegistry = $clientRegistry;
        $this->clientId = $clientId;
        $this->openIdService = $openIdService;
        $this->router = $router;
    }

    /**
     * @param string[] $scopes
     */
    public function generateLoginRedirectResponse(array $scopes = self::DEFAULT_SCOPES): RedirectResponse
    {
        /** @var OAuth2Client $client */
        $client = $this->clientRegistry->getClient('keycloak');

        return $client->redirect($scopes);
    }

    public function generateLogoutRedirectResponse($logoutRoute): RedirectResponse
    {
        $redirectAfterOAuthLogout = rtrim($this->router->generate($logoutRoute, [], UrlGeneratorInterface::ABSOLUTE_URL), '/');
        /** @var Keycloak $provider */
        $provider = $this->clientRegistry->getClient('keycloak')->getOAuth2Provider();
        $openIdConfiguration = $this->openIdService->getOpenIdConfiguration(sprintf('%s/realms/%s', $provider->authServerUrl, $provider->realm));
        $redirectTarget = sprintf(
            '%s?client_id=%s&post_logout_redirect_uri=%s',
            $openIdConfiguration['end_session_endpoint'],
            $this->clientId,
            urlencode($redirectAfterOAuthLogout)
        );

        return new RedirectResponse($redirectTarget, Response::HTTP_TEMPORARY_REDIRECT);
    }
}

1	<?php
2	declare(strict_types=1);
3
4	/*
5	* This file is part of the package t3g/symfony-keycloak-bundle.
6	*
7	* For the full copyright and license information, please read the
8	* LICENSE file that was distributed with this source code.
9	*/
10
11	namespace T3G\Bundle\Keycloak\Service;
12
13	use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
14	use KnpU\OAuth2ClientBundle\Client\OAuth2Client;
15	use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
16	use Symfony\Component\HttpFoundation\RedirectResponse;
17	use Symfony\Component\HttpFoundation\Response;
18	use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
19	use Symfony\Component\Routing\RouterInterface;
20
21	class RedirectService
22	{
23	public const DEFAULT_SCOPES = ['openid', 'profile', 'roles', 'email'];
24	private ClientRegistry $clientRegistry;
25	private RouterInterface $router;
26	private OpenIdService $openIdService;
27	private string $clientId;
28
29	public function __construct(ClientRegistry $clientRegistry, RouterInterface $router, OpenIdService $openIdService, string $clientId)
30	{
31	$this->clientRegistry = $clientRegistry;	×
32	$this->clientId = $clientId;	×
NEW 33	$this->openIdService = $openIdService;	×
NEW 34	$this->router = $router;	×
35	}
36
37	/**
38	* @param string[] $scopes
39	*/
40	public function generateLoginRedirectResponse(array $scopes = self::DEFAULT_SCOPES): RedirectResponse
41	{
42	/** @var OAuth2Client $client */
43	$client = $this->clientRegistry->getClient('keycloak');	×
44
45	return $client->redirect($scopes);	×
46	}
47
48	public function generateLogoutRedirectResponse($logoutRoute): RedirectResponse
49	{
NEW 50	$redirectAfterOAuthLogout = rtrim($this->router->generate($logoutRoute, [], UrlGeneratorInterface::ABSOLUTE_URL), '/');	×
51	/** @var Keycloak $provider */
52	$provider = $this->clientRegistry->getClient('keycloak')->getOAuth2Provider();	×
NEW 53	$openIdConfiguration = $this->openIdService->getOpenIdConfiguration(sprintf('%s/realms/%s', $provider->authServerUrl, $provider->realm));	×
54	$redirectTarget = sprintf(	×
NEW 55	'%s?client_id=%s&post_logout_redirect_uri=%s',	×
NEW 56	$openIdConfiguration['end_session_endpoint'],	×
57	$this->clientId,	×
58	urlencode($redirectAfterOAuthLogout)	×
59	);	×
60
61	return new RedirectResponse($redirectTarget, Response::HTTP_TEMPORARY_REDIRECT);	×
62	}
63	}

TYPO3GmbH / symfony-keycloak-bundle / 14440650663

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous