From ab7b8e5e7d3b814bd5fadac2f372bb8d33db325a Mon Sep 17 00:00:00 2001
From: shekhar16 <shekharlaad1609@gmail.com>
Date: Wed, 5 Apr 2023 23:52:44 +0530
Subject: [PATCH] fix(oxtrust-server): add multiple front and back logout uri

---
 .../oxtrust/action/UpdateClientAction.java    | 115 ++++++++++++++----
 .../org/gluu/oxtrust/model/OxAuthClient.java  |   6 +-
 .../WEB-INF/incl/client/clientForm.xhtml      |  89 +++++++++++---
 server/src/main/webapp/client/addClient.xhtml |  10 ++
 .../src/main/webapp/client/updateClient.xhtml |  10 ++
 5 files changed, 190 insertions(+), 40 deletions(-)

diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
index edb85b249..d49003d41 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
@@ -155,6 +155,7 @@ public class UpdateClientAction implements Serializable {
     private List<String> loginUris = Lists.newArrayList();
     private List<String> logoutUris;
     private List<String> clientlogoutUris;
+    private List<String> clientBackChannellogoutUris;
     private List<String> claimRedirectURIList;
     private List<String> additionalAudienceList;
 
@@ -180,6 +181,7 @@ public class UpdateClientAction implements Serializable {
     private String availableLoginUri = HTTPS;
     private String availableLogoutUri = HTTPS;
     private String availableClientlogoutUri = HTTPS;
+    private String availableClientBacklogoutUri = HTTPS;
     private String availableContact = "";
     private String availableRequestUri = HTTPS;
     private String availableAuthorizedOrigin = HTTPS;
@@ -238,6 +240,8 @@ public String add() throws Exception {
         this.client.setSubjectType(OxAuthSubjectType.PAIRWISE);
         try {
             this.loginUris = getNonEmptyStringList(client.getOxAuthRedirectURIs());
+            this.clientlogoutUris = getNonEmptyStringList(client.getLogoutUri());
+            this.clientBackChannellogoutUris = getNonEmptyStringList(client.getAttributes().getBackchannelLogoutUri());
             this.scopes = getInitialEntries();
             this.claims = getInitialClaimDisplayNameEntries();
             this.responseTypes = getInitialResponseTypes();
@@ -264,7 +268,15 @@ public String add() throws Exception {
         return OxTrustConstants.RESULT_SUCCESS;
     }
 
-    private List<Scope> getInitialEntries() {
+	private List<String> getNonEmptyStringList(List<String> currentList) {
+    	        if (currentList != null && currentList.size() > 0) {
+    	            return new ArrayList<String>(currentList);
+    	        } else {
+    	            return new ArrayList<String>();
+    	        }
+	}
+
+	private List<Scope> getInitialEntries() {
         List<Scope> existingScopes = new ArrayList<Scope>();
         if ((client.getOxAuthScopes() == null) || (client.getOxAuthScopes().size() == 0)) {
             return existingScopes;
@@ -304,6 +316,9 @@ public String update() throws Exception {
         }
         try {
             this.loginUris = getNonEmptyStringList(client.getOxAuthRedirectURIs());
+
+            this.clientlogoutUris = getNonEmptyStringList(client.getLogoutUri());
+            this.clientBackChannellogoutUris = getNonEmptyStringList(client.getAttributes().getBackchannelLogoutUri());
             this.scopes = getInitialEntries();
             this.claims = getInitialClaimDisplayNameEntries();
             this.responseTypes = getInitialResponseTypes();
@@ -351,16 +366,6 @@ public String update() throws Exception {
 
         return OxTrustConstants.RESULT_SUCCESS;
     }
-
-   
-
-    private List<String> getNonEmptyStringList(List<String> currentList) {
-        if (currentList != null && currentList.size() > 0) {
-            return new ArrayList<String>(currentList);
-        } else {
-            return new ArrayList<String>();
-        }
-    }
     
     private String getStringFromList(List<String> currentList) {
         if (currentList != null && currentList.size() > 0) {
@@ -407,6 +412,8 @@ public String save() throws Exception {
             this.client.setExp(null);
         }
         updateLoginURIs();
+        updateLogoutURIs();
+        updateBackChannelLogoutURIs();
         updateScopes();
         updateClaims();
         updateResponseTypes();
@@ -417,7 +424,6 @@ public String save() throws Exception {
         updateAuthorizedOrigins();
         updateClaimredirectUri();
         updateAdditionalAudience();
-        updateBackchannelLogoutUri();
         trimUriProperties();
         client.getAttributes().setTlsClientAuthSubjectDn(tlsSubjectDn);
         this.client.setEncodedClientSecret(encryptionService.encrypt(this.client.getOxAuthClientSecret()));
@@ -525,6 +531,10 @@ public void removeClientLogoutURI(String uri) {
         removeFromList(this.clientlogoutUris, uri);
     }
 
+    public void removeClientBackLogoutURI(String uri) {
+        removeFromList(this.clientBackChannellogoutUris, uri);
+    }
+
     public void removeClaimRedirectURI(String uri) {
         removeFromList(this.claimRedirectURIList, uri);
     }
@@ -823,6 +833,19 @@ public void acceptSelectClientLogoutUri() {
         }
         this.availableClientlogoutUri = HTTPS;
     }
+    
+    public void acceptSelectClientBackLogoutUri() {
+        if (StringHelper.isEmpty(this.availableClientBacklogoutUri)) {
+            return;
+        }
+        if (this.availableClientBacklogoutUri.equalsIgnoreCase(HTTPS)) {
+            return;
+        }
+        if (!this.clientBackChannellogoutUris.contains(this.availableClientBacklogoutUri)) {
+            this.clientBackChannellogoutUris.add(this.availableClientBacklogoutUri);
+        }
+        this.availableClientBacklogoutUri = HTTPS;
+    }
 
     public void acceptSelectClaimRedirectUri() {
         if (StringHelper.isEmpty(this.availableClaimRedirectUri)) {
@@ -917,6 +940,10 @@ public void cancelSelectLogoutUri() {
     public void cancelClientLogoutUri() {
         this.availableClientlogoutUri = HTTPS;
     }
+    
+    public void cancelClientBackLogoutUri() {
+        this.availableClientBacklogoutUri = HTTPS;
+    }
 
     public void cancelClaimRedirectUri() {
         this.availableClaimRedirectUri = HTTPS;
@@ -950,6 +977,43 @@ private void updateLoginURIs() {
         }
         this.client.setOxAuthRedirectURIs(tmpUris);
     }
+    
+    private void updateLogoutURIs() {
+        if (this.clientlogoutUris == null || this.clientlogoutUris.size() == 0) {
+            this.client.setLogoutUri(null);
+            return;
+        }
+        List<String> tmpUris = new ArrayList<String>();
+        for (String uri : this.clientlogoutUris) {
+            tmpUris.add(StringHelper.trimAll(uri));
+        }
+        this.client.setLogoutUri(tmpUris);
+    }
+    
+    private void updateBackChannelLogoutURIs() {
+        if (this.clientBackChannellogoutUris == null || this.clientBackChannellogoutUris.size() == 0) {
+        	client.getAttributes().setBackchannelLogoutUri(new ArrayList<String>());
+            return;
+        }
+        List<String> tmpUris = new ArrayList<String>();
+        for (String uri : this.clientBackChannellogoutUris) {
+            tmpUris.add(StringHelper.trimAll(uri));
+        }
+        
+        client.getAttributes().getBackchannelLogoutUri().clear();
+        client.getAttributes().getBackchannelLogoutUri().addAll(tmpUris);
+    }
+    
+    private void updateBackchannelLogoutUri() {
+    	if(client.getAttributes().getBackchannelLogoutUri() == null) {
+    		client.getAttributes().setBackchannelLogoutUri(new ArrayList<String>());
+    	}
+    	
+    	if(!client.getAttributes().getBackchannelLogoutUri().contains(backchannelLogoutUri.trim())) {    	
+        client.getAttributes().getBackchannelLogoutUri().add(backchannelLogoutUri);
+    	}
+        
+    }
 
     private void updateContacts() {
         validateContacts();
@@ -1012,17 +1076,6 @@ private void updateAdditionalAudience() {
         client.getAttributes().setAdditionalAudience(tmpAdditionalAudience);
         
     }
-    
-    private void updateBackchannelLogoutUri() {
-    	if(client.getAttributes().getBackchannelLogoutUri() == null) {
-    		client.getAttributes().setBackchannelLogoutUri(new ArrayList<String>());
-    	}
-    	
-    	if(!client.getAttributes().getBackchannelLogoutUri().contains(backchannelLogoutUri.trim())) {    	
-        client.getAttributes().getBackchannelLogoutUri().add(backchannelLogoutUri);
-    	}
-        
-    }
 
     private void updateClaims() {
         if (this.claims == null || this.claims.size() == 0) {
@@ -2097,4 +2150,20 @@ public String getScopePattern() {
 	public void setScopePattern(String scopePattern) {
 		this.scopePattern = scopePattern;
 	}
+
+	public List<String> getClientBackChannellogoutUris() {
+		return clientBackChannellogoutUris;
+	}
+
+	public void setClientBackChannellogoutUris(List<String> clientBackChannellogoutUris) {
+		this.clientBackChannellogoutUris = clientBackChannellogoutUris;
+	}
+
+	public String getAvailableClientBacklogoutUri() {
+		return availableClientBacklogoutUri;
+	}
+
+	public void setAvailableClientBacklogoutUri(String availableClientBacklogoutUri) {
+		this.availableClientBacklogoutUri = availableClientBacklogoutUri;
+	}
 }
diff --git a/server/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java b/server/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
index 382ee44e9..d0dee9055 100644
--- a/server/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
+++ b/server/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
@@ -168,7 +168,7 @@ public class OxAuthClient extends Entry implements Serializable {
 	private String[] claimRedirectURI;
 
 	@AttributeName(name = "oxAuthLogoutURI")
-	private String logoutUri;
+	private List<String> logoutUri;
 
 	@AttributeName(name = "oxAuthLogoutSessionRequired")
 	private Boolean logoutSessionRequired = Boolean.FALSE;
@@ -573,11 +573,11 @@ public void setPostLogoutRedirectUris(String[] postLogoutRedirectUris) {
 		this.postLogoutRedirectUris = postLogoutRedirectUris;
 	}
 
-	public String getLogoutUri() {
+	public List<String> getLogoutUri() {
 		return logoutUri;
 	}
 
-	public void setLogoutUri(String logoutUri) {
+	public void setLogoutUri(List<String> logoutUri) {
 		this.logoutUri = logoutUri;
 	}
 
diff --git a/server/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml b/server/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
index 869645f64..3bedca316 100644
--- a/server/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
+++ b/server/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
@@ -656,26 +656,87 @@
 							<!-- Logout Tab -->
 							<div class="tab-pane box box-primary" id="logout">								
 								<h:panelGroup columns="1" width="100%">
-								<div class="col-sm-6 col-lg-6" style="padding: 0px;">									
-									<ox:decorate id="clientLogoutUrls" label="#{msgs['clientForm.frontChannelLogoutURI']}"
-												leftClass="col-sm-6" rightClass="col-sm-6">
-												<h:inputText id="clientLogoutUrlsId"
-													value="#{_client.logoutUri}" style="width:100%"
-													styleClass="form-control clientLogoutUrlsId" />
-									</ox:decorate>
+								<div class="col-sm-9 col-lg-9" style="padding: 0px;">									
+									
+									<b:panel title="Front Channel Logout URI"
+										id="clientLogoutUrls" look="primary">
+										<h:panelGroup id="selectedClientUrisId">
+											<h:panelGroup columns="1" width="100%" border="0"
+												cellpadding="0" cellspacing="0">
+												<a4j:repeat value="#{_clientAction.clientlogoutUris}"
+													rowKeyVar="_urisIdx" var="_uri" iterationStatusVar="loop">
+													<div class="row-fluid">
+														<div class="#{(loop.index % 2 == 0) ?'odd':'even'}"
+															style="overflow-x: scroll;">
+															<h:outputText value="#{empty _uri ? _uri : _uri}" />
+															<h:outputText value="&#160;" />
+															<div class="span6 pull-right">
+																<a4j:commandLink
+																	styleClass="glyphicon glyphicon-remove"
+																	action="#{_clientAction.removeClientLogoutURI(_uri)}"
+																	execute="@this" render="selectedClientUrisId"
+																	eventsQueue="clientQueue">
+																	<!-- <h:graphicImage value="/img/remove.gif" /> -->
+																</a4j:commandLink>
+															</div>
+														</div>
+													</div>
+													<br />
+												</a4j:repeat>
+												<p:spacer height="16" />
+												<a4j:commandButton
+													styleClass="btn btn-primary addLogoutUriButton"
+													style="margin-top:5px" value="Add Frontchannel Logout URI"
+													oncomplete="#{rich:component('clientLogoutUri:inputText')}.show();"
+													execute="@this" eventsQueue="clientQueue" />
+											</h:panelGroup>
+										</h:panelGroup>
+									</b:panel>
 									<ox:decorate id="redirectLogoutUrls" label="#{msgs['clientForm.redirectLogoutURIs']}"
 												leftClass="col-sm-6" rightClass="col-sm-6">
 												<h:inputText id="redirectLogoutUrlsId"
 													value="#{_client.oxAuthPostLogoutRedirectURIs}" style="width:100%"
 													styleClass="form-control redirectLogoutUrlsId" />
 									</ox:decorate>
-									<ox:decorate id="backchannelLogoutUri" label="#{msgs['clientForm.backChannelLogoutURI']}"
-												leftClass="col-sm-6" rightClass="col-sm-6">
-												<h:inputText id="backchannelLogoutUriId"
-													value="#{_clientAction.backchannelLogoutUri}" style="width:100%"
-													styleClass="form-control backchannelLogoutUriId" />
-									</ox:decorate>
-									<ox:decorate id="backChannellogoutSessionRequired"
+									
+										<b:panel title="Back Channel Logout URI"
+											id="backchannelLogoutUri" look="primary">
+											<h:panelGroup id="selectedClientBackLogoutUrisId">
+												<h:panelGroup columns="1" width="100%" border="0"
+													cellpadding="0" cellspacing="0">
+													<a4j:repeat
+														value="#{_clientAction.clientBackChannellogoutUris}"
+														rowKeyVar="_urisIdx" var="_uri" iterationStatusVar="loop">
+														<div class="row-fluid">
+															<div class="#{(loop.index % 2 == 0) ?'odd':'even'}"
+																style="overflow-x: scroll;">
+																<h:outputText value="#{empty _uri ? _uri : _uri}" />
+																<h:outputText value="&#160;" />
+																<div class="span6 pull-right">
+																	<a4j:commandLink
+																		styleClass="glyphicon glyphicon-remove"
+																		action="#{_clientAction.removeClientBackLogoutURI(_uri)}"
+																		execute="@this"
+																		render="selectedClientBackLogoutUrisId"
+																		eventsQueue="clientQueue">
+																		<!-- <h:graphicImage value="/img/remove.gif" /> -->
+																	</a4j:commandLink>
+																</div>
+															</div>
+														</div>
+														<br />
+													</a4j:repeat>
+													<p:spacer height="16" />
+													<a4j:commandButton
+														styleClass="btn btn-primary addLogoutUriButton"
+														style="margin-top:5px" value="Add Back channel Logout URI"
+														oncomplete="#{rich:component('backchannelLogoutUris:inputText')}.show();"
+														execute="@this" eventsQueue="clientQueue" />
+												</h:panelGroup>
+											</h:panelGroup>
+										</b:panel>
+										<p:spacer height="16" />
+										<ox:decorate id="backChannellogoutSessionRequired"
 												label="Back Channel logout Session Required"
 												leftClass="col-sm-6" rightClass="col-sm-6">
 												<h:selectBooleanCheckbox
diff --git a/server/src/main/webapp/client/addClient.xhtml b/server/src/main/webapp/client/addClient.xhtml
index e3b43f7c9..12a203fe7 100644
--- a/server/src/main/webapp/client/addClient.xhtml
+++ b/server/src/main/webapp/client/addClient.xhtml
@@ -152,6 +152,16 @@
 					queue="clientQueue" render="selectedClientUrisId"
 					text="#{updateClientAction.availableClientlogoutUri}"
 					textId="clientLogoutTextId" />
+				
+				<ox:inputTextDialog
+					acceptMethod="#{updateClientAction.acceptSelectClientBackLogoutUri()}"
+					cancelMethod="#{updateClientAction.cancelClientBackLogoutUri()}"
+					dialogWidth="600" id="backchannelLogoutUris"
+					inputLabel="#{msgs['client.logoutURI']}" inputWidth="80"
+					label="#{msgs['client.logoutURI']}" maxLength="256"
+					queue="clientQueue" render="selectedClientBackLogoutUrisId"
+					text="#{updateClientAction.availableClientBacklogoutUri}"
+					textId="clientBackLogoutTextId" />
 
 				<ox:inputTextDialog
 					acceptMethod="#{updateClientAction.acceptSelectClaimRedirectUri()}"
diff --git a/server/src/main/webapp/client/updateClient.xhtml b/server/src/main/webapp/client/updateClient.xhtml
index c50b7ff96..4c888ecbc 100644
--- a/server/src/main/webapp/client/updateClient.xhtml
+++ b/server/src/main/webapp/client/updateClient.xhtml
@@ -177,6 +177,16 @@
 				render="selectedClientUrisId"
 				text="#{updateClientAction.availableClientlogoutUri}"
 				textId="clientLogoutTextId" />
+			
+			<ox:inputTextDialog
+					acceptMethod="#{updateClientAction.acceptSelectClientBackLogoutUri()}"
+					cancelMethod="#{updateClientAction.cancelClientBackLogoutUri()}"
+					dialogWidth="600" id="backchannelLogoutUris"
+					inputLabel="#{msgs['client.logoutURI']}" inputWidth="80"
+					label="#{msgs['client.logoutURI']}" maxLength="256"
+					queue="clientQueue" render="selectedClientBackLogoutUrisId"
+					text="#{updateClientAction.availableClientBacklogoutUri}"
+					textId="clientBackLogoutTextId" />
 
 			<ox:changeClientPasswordDialog id="clientPassword"
 				label="#{msgs['client.changeClientSecret']}"