From 1e80995c7d8e5fc2bec15a3173f03550b2bd741c Mon Sep 17 00:00:00 2001 From: "Harpal, Sailinder" Date: Tue, 14 Jan 2025 14:59:28 +0100 Subject: [PATCH 1/3] Call audit log before ending calling all sessions --- oauthproxy.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index fc559e5c1c..832500b7b3 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -803,7 +803,7 @@ func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request, si if providerData.BackendLogoutAllSessionsURL == "" { return } - + p.picsAuditClient.CreateSuccessfulLogoutAuditEntry(session, req.RequestURI, req.Header.Get("edisp-org-id")) resp, err := PicsSignOutAllSessions(providerData.BackendLogoutAllSessionsURL, session.IntrospectClaims, session.AccessToken) if err != nil { logger.Errorf("error while calling backend logout all sessions: %v", err) @@ -813,8 +813,6 @@ func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request, si if resp.StatusCode() != 200 { logger.Errorf("error while calling backend logout url, returned error code %v", resp.StatusCode()) } - - p.picsAuditClient.CreateSuccessfulLogoutAuditEntry(session, req.RequestURI, req.Header.Get("edisp-org-id")) } else { if providerData.BackendLogoutURL == "" { return From acd05b771d076962bc7625f0eaeafd2b11412eb6 Mon Sep 17 00:00:00 2001 From: "Harpal, Sailinder" Date: Tue, 14 Jan 2025 15:43:41 +0100 Subject: [PATCH 2/3] use existing code for user authentication --- pkg/pics/audit/audit_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/pics/audit/audit_client.go b/pkg/pics/audit/audit_client.go index da92b20381..1e67217d9c 100644 --- a/pkg/pics/audit/audit_client.go +++ b/pkg/pics/audit/audit_client.go @@ -66,7 +66,7 @@ func (c *Client) CreateFailedLoginAuditEntry(ss *sessions.SessionState, appURL s func (c *Client) CreateSuccessfulLogoutAuditEntry(ss *sessions.SessionState, appURL string, tenantID string) { coding := Coding{ - System: "http://hl7.org/fhir/ValueSet/audit-event-type", Version: "1", Code: "110123", Display: "Logout", UserSelected: "All Sessions"} + System: "http://hl7.org/fhir/ValueSet/audit-event-type", Version: "1", Code: "110114", Display: "Logout", UserSelected: "All Sessions"} c.createAuditEntry(ss, appURL, tenantID, "0", "Success", &coding) } From c589d205aca7c6dfb1676bedab3b5b7845ac9486 Mon Sep 17 00:00:00 2001 From: "Harpal, Sailinder" Date: Tue, 14 Jan 2025 15:51:19 +0100 Subject: [PATCH 3/3] revert code --- oauthproxy.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oauthproxy.go b/oauthproxy.go index 832500b7b3..5efbd4cfb8 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -803,7 +803,7 @@ func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request, si if providerData.BackendLogoutAllSessionsURL == "" { return } - p.picsAuditClient.CreateSuccessfulLogoutAuditEntry(session, req.RequestURI, req.Header.Get("edisp-org-id")) + resp, err := PicsSignOutAllSessions(providerData.BackendLogoutAllSessionsURL, session.IntrospectClaims, session.AccessToken) if err != nil { logger.Errorf("error while calling backend logout all sessions: %v", err) @@ -813,6 +813,7 @@ func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request, si if resp.StatusCode() != 200 { logger.Errorf("error while calling backend logout url, returned error code %v", resp.StatusCode()) } + p.picsAuditClient.CreateSuccessfulLogoutAuditEntry(session, req.RequestURI, req.Header.Get("edisp-org-id")) } else { if providerData.BackendLogoutURL == "" { return