From 7bcb78e300163a583874e1e3f9ca00a940e384b4 Mon Sep 17 00:00:00 2001
From: Nathan Levesque <nlevesq@mit.edu>
Date: Tue, 9 Jul 2024 15:03:42 -0400
Subject: [PATCH 1/2] Fix logout redirect url

---
 authentication/views.py | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/authentication/views.py b/authentication/views.py
index 7e8114494f..0443574fef 100644
--- a/authentication/views.py
+++ b/authentication/views.py
@@ -4,7 +4,6 @@
 
 from django.conf import settings
 from django.contrib.auth import views
-from django.http import Http404
 from django.shortcuts import redirect
 from social_django.utils import load_strategy
 
@@ -37,25 +36,30 @@ def _keycloak_logout_url(self, user):
         qs = urlencode(
             {
                 "id_token_hint": id_token,
-                "post_logout_redirect_uri": settings.LOGOUT_REDIRECT_URL,
+                "post_logout_redirect_uri": self.request.build_absolute_uri(
+                    settings.LOGOUT_REDIRECT_URL
+                ),
             }
         )
-        return f"{settings.KEYCLOAK_BASE_URL}/realms/{settings.KEYCLOAK_REALM_NAME}/protocol/openid-connect/logout?{qs}"  # noqa: E501
+
+        return (
+            f"{settings.KEYCLOAK_BASE_URL}/realms/"
+            f"{settings.KEYCLOAK_REALM_NAME}/protocol/openid-connect/logout"
+            f"?{qs}"
+        )
 
     def get(
         self,
         request,
         *args,  # noqa: ARG002
         **kwargs,  # noqa: ARG002
-    ):  # pylint:disable=unused-argument
+    ):
         """
-        GET endpoint for loggin a user out.
-        Raises 404 if the user is not included in the request.
+        POST endpoint for loggin a user out.
         """
         user = getattr(request, "user", None)
         if user and user.is_authenticated:
-            super().get(request)
+            super().post(request)
             return redirect(self._keycloak_logout_url(user))
         else:
-            msg = "Not currently logged in."
-            raise Http404(msg)
+            return redirect("/app")

From bee9599d9b1a19395ff5eef1467c838f6e9d27ce Mon Sep 17 00:00:00 2001
From: Nathan Levesque <nlevesq@mit.edu>
Date: Wed, 10 Jul 2024 10:14:18 -0400
Subject: [PATCH 2/2] Fix typos and update docstring to be more descriptive

---
 authentication/views.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/authentication/views.py b/authentication/views.py
index 0443574fef..55f7cdd3cc 100644
--- a/authentication/views.py
+++ b/authentication/views.py
@@ -55,11 +55,19 @@ def get(
         **kwargs,  # noqa: ARG002
     ):
         """
-        POST endpoint for loggin a user out.
+        GET endpoint for loggin a user out.
+
+        The logout redirect path the user follows is:
+
+        - api.example.com/logout (this view)
+        - keycloak.example.com/realms/REALM/protocol/openid-connect/logout
+        - api.example.com/app (see main/urls.py)
+        - app.example.com
+
         """
         user = getattr(request, "user", None)
         if user and user.is_authenticated:
-            super().post(request)
+            super().get(request)
             return redirect(self._keycloak_logout_url(user))
         else:
             return redirect("/app")