From 97aeb3cc46c2e03c3187accd7c4561209be8be89 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 12 Mar 2021 17:19:02 +0100
Subject: Fix external on logout hook

---
 server/controllers/api/users/token.ts |  2 +-
 server/lib/auth/oauth-model.ts        | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'server')

diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts
index 3eae28b34..694bb0a92 100644
--- a/server/controllers/api/users/token.ts
+++ b/server/controllers/api/users/token.ts
@@ -88,7 +88,7 @@ async function handleToken (req: express.Request, res: express.Response, next: e
 async function handleTokenRevocation (req: express.Request, res: express.Response) {
   const token = res.locals.oauth.token
 
-  const result = await revokeToken(token, true)
+  const result = await revokeToken(token, { req, explicitLogout: true })
 
   return res.json(result)
 }
diff --git a/server/lib/auth/oauth-model.ts b/server/lib/auth/oauth-model.ts
index c74869ee2..b9c69eb2d 100644
--- a/server/lib/auth/oauth-model.ts
+++ b/server/lib/auth/oauth-model.ts
@@ -1,3 +1,4 @@
+import * as express from 'express'
 import { AccessDeniedError } from 'oauth2-server'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { ActorModel } from '@server/models/activitypub/actor'
@@ -125,15 +126,20 @@ async function getUser (usernameOrEmail?: string, password?: string, bypassLogin
 
 async function revokeToken (
   tokenInfo: { refreshToken: string },
-  explicitLogout?: boolean
+  options: {
+    req?: express.Request
+    explicitLogout?: boolean
+  } = {}
 ): Promise<{ success: boolean, redirectUrl?: string }> {
+  const { req, explicitLogout } = options
+
   const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken)
 
   if (token) {
     let redirectUrl: string
 
     if (explicitLogout === true && token.User.pluginAuth && token.authName) {
-      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, this.request)
+      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, req)
     }
 
     TokensCache.Instance.clearCacheByToken(token.accessToken)
-- 
cgit v1.2.3