Merge pull request #34 from vshn/fix/logout

glrf · web-flow · commit e7751bd2289d · 2022-06-17T17:12:14.000+02:00
Fix logout call to not use privileged endpoint
diff --git a/keycloak/ZZ_mock_gocloak_test.go b/keycloak/ZZ_mock_gocloak_test.go
diff --git a/keycloak/client.go b/keycloak/client.go
@@ -114,7 +114,7 @@ func (errs *MembershipSyncErrors) Error() string {
 // This keeps the mock at a more reasonable size
 type GoCloak interface {
 	LoginAdmin(ctx context.Context, username, password, realm string) (*gocloak.JWT, error)
-	LogoutUserSession(ctx context.Context, accessToken, realm, session string) error
+	LogoutPublicClient(ctx context.Context, clientID, realm, accessToken, refreshToken string) error
 
 	CreateGroup(ctx context.Context, accessToken, realm string, group gocloak.Group) (string, error)
 	CreateChildGroup(ctx context.Context, accessToken, realm, groupID string, group gocloak.Group) (string, error)
@@ -302,7 +302,8 @@ func (c Client) login(ctx context.Context) (*gocloak.JWT, error) {
 }
 
 func (c Client) logout(ctx context.Context, token *gocloak.JWT) error {
-	return c.Client.LogoutUserSession(ctx, token.AccessToken, c.loginRealm(), token.SessionState)
+	// `admin-cli` is the client used when authenticating to the admin API
+	return c.Client.LogoutPublicClient(ctx, "admin-cli", c.loginRealm(), token.AccessToken, token.RefreshToken)
 }
 
 func (c Client) getGroup(ctx context.Context, token *gocloak.JWT, toSearch Group) (*gocloak.Group, error) {
diff --git a/keycloak/client_login_test.go b/keycloak/client_login_test.go
@@ -26,10 +26,11 @@ func TestLogin(t *testing.T) {
 		Return(&gocloak.JWT{
 			SessionState: "session",
 			AccessToken:  "token",
+			RefreshToken: "refresh",
 		}, nil).
 		AnyTimes()
 	mKeycloak.EXPECT().
-		LogoutUserSession(gomock.Any(), "token", "target-realm", "session").
+		LogoutPublicClient(gomock.Any(), "admin-cli", "target-realm", "token", "refresh").
 		Return(nil).
 		AnyTimes()
 
@@ -55,10 +56,11 @@ func TestLogin_WithLoginRealm(t *testing.T) {
 		Return(&gocloak.JWT{
 			SessionState: "session",
 			AccessToken:  "token",
+			RefreshToken: "refresh",
 		}, nil).
 		AnyTimes()
 	mKeycloak.EXPECT().
-		LogoutUserSession(gomock.Any(), "token", "login-realm", "session").
+		LogoutPublicClient(gomock.Any(), "admin-cli", "login-realm", "token", "refresh").
 		Return(nil).
 		AnyTimes()
 
diff --git a/keycloak/suite_test.go b/keycloak/suite_test.go
@@ -15,10 +15,11 @@ func mockLogin(mgc *MockGoCloak, c Client) {
 		Return(&gocloak.JWT{
 			SessionState: "session",
 			AccessToken:  "token",
+			RefreshToken: "refresh",
 		}, nil).
 		AnyTimes()
 	mgc.EXPECT().
-		LogoutUserSession(gomock.Any(), "token", c.Realm, "session").
+		LogoutPublicClient(gomock.Any(), "admin-cli", c.Realm, "token", "refresh").
 		Return(nil).
 		AnyTimes()
 }
