refactor: remove endSessionEndpoint from user schema and update logou…

…tController to use OpenID issuer's end_session_endpoint
danny-avila · Feb 3, 2025 · 9749db6 · 9749db6
1 parent c05af8f
commit 9749db6
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 12 deletions.
diff --git a/api/models/schema/userSchema.js b/api/models/schema/userSchema.js
@@ -124,9 +124,6 @@ const userSchema = mongoose.Schema(
     refreshToken: {
       type: [Session],
     },
-    endSessionEndpoint: {
-      type: String,
-    },
     expiresAt: {
       type: Date,
       expires: 604800, // 7 days in seconds

diff --git a/api/server/controllers/auth/LogoutController.js b/api/server/controllers/auth/LogoutController.js
@@ -1,5 +1,7 @@
 const cookies = require('cookie');
+const { Issuer } = require('openid-client');
 const { logoutUser } = require('~/server/services/AuthService');
+const { isEnabled } = require('~/server/utils');
 const { logger } = require('~/config');
 
 const logoutController = async (req, res) => {
@@ -9,9 +11,20 @@ const logoutController = async (req, res) => {
     const { status, message } = logout;
     res.clearCookie('refreshToken');
     const response = { message };
-
-    if (req.user.endSessionEndpoint != null && req.user.endSessionEndpoint !== '') {
-      response.redirect = req.user.endSessionEndpoint;
+    if (
+      req.user.openidId != null &&
+      isEnabled(process.env.OPENID_USE_END_SESSION_ENDPOINT) &&
+      process.env.OPENID_ISSUER
+    ) {
+      const issuer = await Issuer.discover(process.env.OPENID_ISSUER);
+      const redirect = issuer.end_session_endpoint;
+      if (!redirect) {
+        logger.warn(
+          '[logoutController] end_session_endpoint not found in OpenID issuer metadata. Please verify that the issuer is correct.',
+        );
+      } else {
+        response.redirect = redirect;
+      }
     }
     return res.status(status).send(response);
   } catch (err) {

diff --git a/api/strategies/openidStrategy.js b/api/strategies/openidStrategy.js
@@ -242,12 +242,6 @@ async function setupOpenId() {
               user.avatar = imagePath ?? '';
             }
           }
-          if (
-            isEnabled(process.env.OPENID_USE_END_SESSION_ENDPOINT) &&
-            issuer.end_session_endpoint
-          ) {
-            user.endSessionEndpoint = issuer.end_session_endpoint;
-          }
 
           user = await updateUser(user._id, user);