From 9b5d6c6525309acc343f815c5b2e32c1839c1747 Mon Sep 17 00:00:00 2001 From: Julien Veyssier Date: Tue, 1 Oct 2024 11:34:42 +0200 Subject: [PATCH] fix: backchannel logout endpoint should only return 200 or 400 Signed-off-by: Julien Veyssier --- lib/Controller/LoginController.php | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index c2eff47c..7dd585f9 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -671,7 +671,6 @@ public function singleLogoutService() { * * @PublicPage * @NoCSRFRequired - * @BruteForceProtection(action=userOidcBackchannelLogout) * * @param string $providerIdentifier * @param string $logout_token @@ -788,23 +787,19 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok * @param string $error * @param string $description * @param array $throttleMetadata - * @param bool|null $throttle * @return JSONResponse */ - private function getBackchannelLogoutErrorResponse(string $error, string $description, - array $throttleMetadata = [], ?bool $throttle = null): JSONResponse { + private function getBackchannelLogoutErrorResponse( + string $error, string $description, array $throttleMetadata = [], + ): JSONResponse { $this->logger->debug('Backchannel logout error. ' . $error . ' ; ' . $description); - $response = new JSONResponse( + return new JSONResponse( [ 'error' => $error, 'error_description' => $description, ], Http::STATUS_BAD_REQUEST, ); - if (($throttle === null && !$this->isDebugModeEnabled()) || $throttle) { - $response->throttle($throttleMetadata); - } - return $response; } private function toCodeChallenge(string $data): string {