|
46 | 46 | use OCP\AppFramework\Utility\ITimeFactory; |
47 | 47 | use OCP\Authentication\Exceptions\InvalidTokenException; |
48 | 48 | use OCP\Authentication\Token\IToken; |
| 49 | +use OCP\DB\Exception; |
49 | 50 | use OCP\EventDispatcher\IEventDispatcher; |
50 | 51 | use OCP\IAppConfig; |
51 | 52 | use OCP\IConfig; |
@@ -852,6 +853,8 @@ public function singleLogoutService() { |
852 | 853 | * |
853 | 854 | * @param string $providerIdentifier |
854 | 855 | * @param string $logout_token |
| 856 | + * @throws Exception |
| 857 | + * @throws \JsonException |
855 | 858 | * @return JSONResponse |
856 | 859 | */ |
857 | 860 | #[PublicPage] |
@@ -928,18 +931,24 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok |
928 | 931 | $sid = $logoutTokenPayload->sid; |
929 | 932 | $sub = $logoutTokenPayload->sub ?? null; |
930 | 933 | try { |
931 | | - $oidcSession = $this->sessionMapper->findSessionBySid($sid, $sub, $iss); |
932 | | - $oidcSessionsToKill[] = $oidcSession; |
| 934 | + $oidcSessionsToKill[] = $this->sessionMapper->findSessionBySid($sid, $sub, $iss); |
933 | 935 | } catch (DoesNotExistException $e) { |
934 | | - $this->logger->debug("[BackchannelLogout] OIDC session not found (expected for a RP-initiated logout)"); |
| 936 | + $this->logger->debug('[BackchannelLogout] OIDC session not found with sid+sub+iss (expected for a RP-initiated logout)'); |
| 937 | + } catch (MultipleObjectsReturnedException $e) { |
| 938 | + $this->logger->warning('[BackchannelLogout] Multiple OIDC sessions retrieved (sid+sub+iss). ' . |
| 939 | + 'This should not happen. Please check that you have created your DB indexes') |
935 | 940 | } |
936 | 941 | } else { |
937 | 942 | // here we know the sid is not set so the sub is set |
938 | 943 | $sub = $logoutTokenPayload->sub; |
939 | 944 | try { |
940 | | - $oidcSessionsToKill = $this->sessionMapper->findSessionsBySubAndIss($sub, $iss); |
941 | | - } catch (DoesNotExistException $e) { |
942 | | - $this->logger->debug("[BackchannelLogout] OIDC session not found (expected for a RP-initiated logout)"); |
| 945 | + $oidcSessionsToKill[] = $this->sessionMapper->findSessionsBySubAndIss($sub, $iss); |
| 946 | + } catch (\OCP\Db\Exception $e) { |
| 947 | + $this->logger->debug('[BackchannelLogout] Database failure while trying to retrieve user session (sub+iss)'); |
| 948 | + } |
| 949 | + |
| 950 | + if (empty($oidcSessionsToKill)) { |
| 951 | + $this->logger->debug('[BackchannelLogout] OIDC session not found with sub+iss (expected for a RP-initiated logout)'); |
943 | 952 | } |
944 | 953 | } |
945 | 954 |
|
|
0 commit comments