1.2.0.1 logout (#1337)

* temp endpoint added for logout (#1324)

* temp endpoint added for logout (#1324)

* temp endpoint added for logout (#1324)

* Logout issue (#1326)

* temp endpoint added for logout

* logout modified for keycloak 14

* Logout issue (#1327)

* temp endpoint added for logout

* logout modified for keycloak 14

* changing delete to get api

* Logout issue (#1328)

* temp endpoint added for logout

* logout modified for keycloak 14

* changing delete to get api

* ut modified from delete to get

* Logout issue (#1329)

* merge commit

* merge commit

* Logout issue (#1330)

* merge commit

* merge commit

* changed method

* changed uri component builder (#1331)

* unused import removed

kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Errors.java

@@ -35,7 +35,8 @@ public enum Errors {
 	EXCEPTION("KER-ACP-500", "Exception occured "),
 	ALLOWED_URL_EXCEPTION("KER-ACP-009", "url not found in allowed url's"),
 	STATE_NULL_EXCEPTION("KER-ACP-010", "state is null or empty"),
-	STATE_NOT_UUID_EXCEPTION("KER-ACP-011", "state is not uuid");
+	STATE_NOT_UUID_EXCEPTION("KER-ACP-011", "state is not uuid"),
+	UNSUPPORTED_ENCODING_EXCEPTION("KER-ACP-012", "unsupported encoding exception :");
 
 	/**
 	 * The error code

kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java

@@ -1,6 +1,8 @@
 package io.mosip.kernel.authcodeflowproxy.api.controller;
 
 import java.io.IOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.UUID;
 
@@ -19,6 +21,10 @@
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
 
 import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
 import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
@@ -29,6 +35,7 @@
 import io.mosip.kernel.core.authmanager.model.AuthResponseDto;
 import io.mosip.kernel.core.http.ResponseFilter;
 import io.mosip.kernel.core.http.ResponseWrapper;
+import io.mosip.kernel.core.util.CryptoUtil;
 import io.mosip.kernel.core.util.EmptyCheckUtils;
 
 @RestController
@@ -127,14 +134,22 @@ public ResponseWrapper<MosipUserDto> validateAdminToken(HttpServletRequest reque
 		responseWrapper.setResponse(mosipUserDto);
 		return responseWrapper;
 	}
-
+	
 	@ResponseFilter
-	@DeleteMapping(value = "/logout/user")
-	public ResponseWrapper<AuthResponseDto> logoutUser(
-			@CookieValue(value = "Authorization", required = false) String token, HttpServletResponse res) {
-		AuthResponseDto authResponseDto = loginService.logoutUser(token);
-		ResponseWrapper<AuthResponseDto> responseWrapper = new ResponseWrapper<>();
-		responseWrapper.setResponse(authResponseDto);
-		return responseWrapper;
+	@GetMapping(value = "/logout/user")
+	public void logoutUser(
+			@CookieValue(value = "Authorization", required = false) String token,@RequestParam(name = "redirecturi", required = true) String redirectURI, HttpServletResponse res) throws IOException {
+		redirectURI = new String(Base64.decodeBase64(redirectURI));
+		if(redirectURI.contains("#")) {
+			redirectURI= redirectURI.split("#")[0];
+		}
+		if(!allowedUrls.contains(redirectURI)) {
+			LOGGER.error("Url {} was not part of allowed url's",redirectURI);
+			throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
+		}
+		String uri = loginService.logoutUser(token,redirectURI);
+		res.setStatus(302);
+		res.sendRedirect(uri);
 	}
+
 }

kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthCodeProxyExceptionHandler.java

@@ -11,6 +11,7 @@
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.util.ContentCachingRequestWrapper;
@@ -48,6 +49,14 @@ public ResponseEntity<ResponseWrapper<ServiceError>> servieException(
 		return new ResponseEntity<>(
 				getErrorResponse(httpServletRequest, e.getErrorCode(), e.getErrorText()), HttpStatus.OK);
 	}
+
+	@ExceptionHandler(AuthenticationServiceException.class)
+	public ResponseEntity<ResponseWrapper<ServiceError>> servieException(
+			HttpServletRequest httpServletRequest, final AuthenticationServiceException e) throws IOException {
+		ExceptionUtils.logRootCause(e);
+		return new ResponseEntity<>(
+				getErrorResponse(httpServletRequest,Errors.INVALID_TOKEN.getErrorCode(), e.getMessage()), HttpStatus.OK);
+	}
 
 	@ExceptionHandler(AuthRestException.class)
 	public ResponseEntity<ResponseWrapper<ServiceError>> authRestException(

kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/LoginService.java

@@ -6,7 +6,6 @@
 import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
 
 import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
-import io.mosip.kernel.core.authmanager.model.AuthResponseDto;
 
 public interface LoginService {
 
@@ -20,7 +19,7 @@ public interface LoginService {
 	AccessTokenResponseDTO loginRedirect(String state, String sessionState, String code, String stateCookie,
 			String redirectURI);
 
-	AuthResponseDto logoutUser(String token);
+	String logoutUser(String token, String redirectURI);
 
 
 }

kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/impl/LoginServiceImpl.java

@@ -1,6 +1,9 @@
 package io.mosip.kernel.authcodeflowproxy.api.service.impl;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -30,7 +33,6 @@
 
 import io.mosip.kernel.authcodeflowproxy.api.constants.Constants;
 import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
-import io.mosip.kernel.authcodeflowproxy.api.constants.IAMConstants;
 import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponse;
 import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
 import io.mosip.kernel.authcodeflowproxy.api.dto.IAMErrorResponseDto;
@@ -39,7 +41,6 @@
 import io.mosip.kernel.authcodeflowproxy.api.exception.ClientException;
 import io.mosip.kernel.authcodeflowproxy.api.exception.ServiceException;
 import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
-import io.mosip.kernel.core.authmanager.model.AuthResponseDto;
 import io.mosip.kernel.core.exception.ExceptionUtils;
 import io.mosip.kernel.core.exception.ServiceError;
 import io.mosip.kernel.core.http.ResponseWrapper;
@@ -89,21 +90,21 @@ public class LoginServiceImpl implements LoginService {
 
 	@Value("${auth.server.admin.validate.url}")
 	private String validateUrl;
+
+
+	@Value("${mosip.iam.post-logout-uri-param-key:post_logout_redirect_uri}")
+	private String postLogoutRedirectURIParamKey;
+
+	@Value("${mosip.iam.end-session-endpoint-path:/protocol/openid-connect/logout}")
+	private String endSessionEndpointPath;
+
 
 	@Autowired
 	private RestTemplate restTemplate;
 
 	@Autowired
 	private ObjectMapper objectMapper;
 
-	private static final String LOG_OUT_FAILED = "log out failed";
-
-	private static final String FAILED = "Failed";
-
-	private static final String SUCCESS = "Success";
-
-	private static final String SUCCESSFULLY_LOGGED_OUT = "successfully loggedout";
-
 	@Override
 	public String login(String redirectURI, String state) {
 		Map<String, String> pathParam = new HashMap<>();
@@ -225,35 +226,21 @@ private IAMErrorResponseDto parseKeyClockErrorResponse(HttpStatusCodeException e
 	}
 
 	@Override
-	public AuthResponseDto logoutUser(String token) {
+	public String logoutUser(String token,String redirectURI) {
 		if (EmptyCheckUtils.isNullEmpty(token)) {
 			throw new AuthenticationServiceException(Errors.INVALID_TOKEN.getErrorMessage());
 		}
-		Map<String, String> pathparams = new HashMap<>();
 		String issuer = getissuer(token);
-		ResponseEntity<String> response = null;
-		AuthResponseDto authResponseDto = new AuthResponseDto();
-		StringBuilder urlBuilder = new StringBuilder().append(issuer).append("/protocol/openid-connect/logout");
-		UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(urlBuilder.toString())
-				.queryParam(IAMConstants.ID_TOKEN_HINT, token);
-
+		StringBuilder urlBuilder = new StringBuilder().append(issuer).append(endSessionEndpointPath);
+		UriComponentsBuilder uriComponentsBuilder;
 		try {
-			response = restTemplate.getForEntity(uriComponentsBuilder.buildAndExpand(pathparams).toUriString(),
-					String.class);
-
-		} catch (HttpClientErrorException | HttpServerErrorException e) {
-			throw new ServiceException(Errors.REST_EXCEPTION.getErrorCode(),
-					Errors.REST_EXCEPTION.getErrorMessage() + e.getResponseBodyAsString());
-		}
-
-		if (response.getStatusCode().is2xxSuccessful()) {
-			authResponseDto.setMessage(SUCCESSFULLY_LOGGED_OUT);
-			authResponseDto.setStatus(SUCCESS);
-		} else {
-			authResponseDto.setMessage(LOG_OUT_FAILED);
-			authResponseDto.setStatus(FAILED);
+			uriComponentsBuilder = UriComponentsBuilder.fromUriString(urlBuilder.toString())
+					.queryParam(postLogoutRedirectURIParamKey, URLEncoder.encode(redirectURI, StandardCharsets.UTF_8.toString()));
+		} catch (UnsupportedEncodingException e) {
+			throw new ServiceException(Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorCode(),
+					Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorMessage() + Constants.WHITESPACE + e.getMessage());
 		}
-		return authResponseDto;
+		return uriComponentsBuilder.build().toString();
 	}
 
 	public String getissuer(String token) {