Redirects the user to Teams logout page (#2959)

2025-09-09 06:24:29 +08:00 · 2025-03-14 09:35:25 -03:00 · 2025-03-14 09:35:25 -03:00 · 3359f65a4c
commit 3359f65a4c
parent 0c58516a4e
6 changed files with 24 additions and 64 deletions
--- a/lib/livebook/teams/requests.ex
+++ b/lib/livebook/teams/requests.ex
@ -237,15 +237,6 @@ defmodule Livebook.Teams.Requests do
    get("/api/v1/org/identity", %{access_token: access_token}, team)
  end

-  @doc """
-  Send a request to Livebook Team API to revoke session from given access token.
-  """
-  @spec logout_identity_provider(Team.t(), String.t()) ::
-          {:ok, String.t()} | {:error, map()} | {:transport_error, String.t()}
-  def logout_identity_provider(team, access_token) do
-    post("/api/v1/org/identity/revoke", %{access_token: access_token}, team)
-  end
-
  @doc """
  Normalizes errors map into errors for the given schema.
  """
--- a/lib/livebook/zta/livebook_teams.ex
+++ b/lib/livebook/zta/livebook_teams.ex
@ -38,14 +38,19 @@ defmodule Livebook.ZTA.LivebookTeams do
  # Our extension to Livebook.ZTA to deal with logouts
  def logout(name, conn) do
    token = get_session(conn, :livebook_teams_access_token)
-
    team = Livebook.ZTA.get(name)

-    case Teams.Requests.logout_identity_provider(team, token) do
-      {:ok, _no_content} -> :ok
-      {:error, %{}} -> {:error, "You are already logged out."}
-      {:transport_error, reason} -> {:error, reason}
-    end
+    url =
+      Livebook.Config.teams_url()
+      |> URI.new!()
+      |> URI.append_path("/identity/logout")
+      |> URI.append_query("org_id=#{team.org_id}&access_token=#{token}")
+      |> URI.to_string()
+
+    conn
+    |> configure_session(renew: true)
+    |> clear_session()
+    |> redirect(external: url)
  end

  defp handle_request(conn, team, %{"teams_identity" => _, "code" => code}) do
--- a/lib/livebook_web/controllers/user_controller.ex
+++ b/lib/livebook_web/controllers/user_controller.ex
@ -17,15 +17,11 @@ defmodule LivebookWeb.UserController do
    conn
    |> configure_session(renew: true)
    |> clear_session()
-    |> render("logout.html")
+    |> redirect(to: ~p"/")
  end

  defp do_zta_logout(conn) do
    {_type, module, _key} = Livebook.Config.identity_provider()
-
-    case module.logout(LivebookWeb.ZTA, conn) do
-      :ok -> do_logout(conn)
-      {:error, reason} -> conn |> redirect(to: ~p"/") |> put_flash(:error, reason)
-    end
+    module.logout(LivebookWeb.ZTA, conn)
  end
 end
--- a/lib/livebook_web/controllers/user_html/logout.html.heex
+++ b/lib/livebook_web/controllers/user_html/logout.html.heex
@ -1,18 +0,0 @@
-<div class="h-screen w-full px-4 py-8 bg-gray-900 flex justify-center items-center">
-  <div class="max-w-[400px] w-full flex flex-col">
-    <a href={~p"/"} class="mb-2 -ml-2">
-      <img src={~p"/images/logo.png"} height="96" width="96" alt="livebook" />
-    </a>
-    <div class="mb-2 text-xl text-gray-100 font-medium">
-      You have been logged out
-    </div>
-
-    <div class="mb-8 text-sm text-gray-200">
-      Thank you for using <strong>Livebook</strong>
-    </div>
-
-    <div class="text-gray-50 w-full">
-      <.button navigate={~p"/"}>Sign in back</.button>
-    </div>
-  </div>
-</div>
--- a/test/livebook_teams/zta/livebook_teams_test.exs
+++ b/test/livebook_teams/zta/livebook_teams_test.exs
@ -128,12 +128,15 @@ defmodule Livebook.ZTA.LivebookTeamsTest do
        build_conn(:get, "/")
        |> init_test_session(Plug.Conn.get_session(conn))

-      assert LivebookTeams.logout(test, conn) == :ok
+      assert %{status: 302} = conn = LivebookTeams.logout(test, conn)
+      [url] = get_resp_header(conn, "location")
+      assert %{status: 200} = Req.get!(url)

-      # Step 5: If we try to revoke again, it should fail
-      assert {:error, _} = LivebookTeams.logout(test, conn)
+      # Step 5: It we try to authenticate again, it should redirect to Teams
+      conn =
+        build_conn(:get, "/")
+        |> init_test_session(Plug.Conn.get_session(conn))

-      # Step 6: It we try to authenticate again, it should redirect to Teams
      {conn, nil} = LivebookTeams.authenticate(test, conn, [])
      assert conn.halted
      assert html_response(conn, 200) =~ "window.location.href = "
--- a/test/livebook_web/controllers/user_controller_test.exs
+++ b/test/livebook_web/controllers/user_controller_test.exs
@ -2,28 +2,11 @@ defmodule LivebookWeb.UserControllerTest do
  use LivebookWeb.ConnCase, async: true

  describe "GET /logout" do
-    test "renders logout template when logged in", %{conn: conn} do
-      conn = login_user(conn)
-
-      conn = get(conn, ~p"/logout")
-
-      assert html_response(conn, 200) =~ "You have been logged out"
-    end
-
    test "redirects when already logged out", %{conn: conn} do
-      conn = logout_user(conn)
-
-      conn = get(conn, ~p"/logout")
-
-      assert redirected_to(conn) == ~p"/"
-    end
-
-    defp login_user(conn) do
-      Phoenix.ConnTest.init_test_session(conn, %{user_id: 1})
-    end
-
-    defp logout_user(conn) do
-      Phoenix.ConnTest.init_test_session(conn, %{})
+      assert conn
+             |> Phoenix.ConnTest.init_test_session(%{})
+             |> get(~p"/logout")
+             |> redirected_to() == ~p"/"
    end
  end
 end