auth: support redirecting to custom URL upon sign out (#8089)

Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ <[email protected]>

CHANGELOG.md

@@ -8,6 +8,7 @@ All notable changes to Gogs are documented in this file.
 
 - Support using TLS for Redis session provider using `[session] PROVIDER_CONFIG = ...,tls=true`. [#7860](https://github.com/gogs/gogs/pull/7860)
 - Support expanading values in `app.ini` from environment variables, e.g. `[database] PASSWORD = ${DATABASE_PASSWORD}`. [#8057](https://github.com/gogs/gogs/pull/8057)
+- Support custom logout URL that users get redirected to after sign out using `[auth] CUSTOM_LOGOUT_URL`. [#8089](https://github.com/gogs/gogs/pull/8089)
 - Start publishing next-generation, security-focused Docker image via `gogs/gogs:next-latest`, which will become the default image distribution (`gogs/gogs:latest`) starting 0.15.0. While not all container options support have been added in the next-generation image, the use of current legacy Docker image is deprecated, it will be published as `gogs/gogs:legacy-latest` starting 0.15.0, and be completely removed starting 0.16.0. [#8061](https://github.com/gogs/gogs/pull/8061)
 
 ### Changed

conf/locale/locale_en-US.ini

@@ -1274,6 +1274,7 @@ config.email.test_mail_failed = Failed to send test email to '%s': %v
 config.email.test_mail_sent = Test email has been sent to '%s'.
 
 config.auth_config = Authentication configuration
+config.auth_custom_logout_url = Custom logout URL
 config.auth.activate_code_lives = Activate code lives
 config.auth.reset_password_code_lives = Reset password code lives
 config.auth.require_email_confirm = Require email confirmation

internal/conf/static.go

@@ -249,6 +249,7 @@ type AuthOpts struct {
 	EnableReverseProxyAuthentication   bool
 	EnableReverseProxyAutoRegistration bool
 	ReverseProxyAuthenticationHeader   string
+	CustomLogoutURL                    string `ini:"CUSTOM_LOGOUT_URL"`
 }
 
 // Authentication settings

internal/conf/testdata/TestInit.golden.ini

@@ -107,6 +107,7 @@ ENABLE_REGISTRATION_CAPTCHA=true
 ENABLE_REVERSE_PROXY_AUTHENTICATION=false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=false
 REVERSE_PROXY_AUTHENTICATION_HEADER=X-FORWARDED-FOR
+CUSTOM_LOGOUT_URL=
 
 [user]
 ENABLE_EMAIL_NOTIFICATION=true

internal/route/user/auth.go

@@ -287,6 +287,10 @@ func SignOut(c *context.Context) {
 	c.SetCookie(conf.Security.CookieUsername, "", -1, conf.Server.Subpath)
 	c.SetCookie(conf.Security.CookieRememberName, "", -1, conf.Server.Subpath)
 	c.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
+	if conf.Auth.CustomLogoutURL != "" {
+		c.Redirect(conf.Auth.CustomLogoutURL)
+		return
+	}
 	c.RedirectSubpath("/")
 }
 

templates/admin/config.tmpl

@@ -308,6 +308,14 @@
 						<dd><i class="fa fa{{if .Auth.EnableReverseProxyAutoRegistration}}-check{{end}}-square-o"></i></dd>
 						<dt>{{.i18n.Tr "admin.config.auth.reverse_proxy_authentication_header"}}</dt>
 						<dd><code>{{.Auth.ReverseProxyAuthenticationHeader}}</code></dd>
+						<dt>{{.i18n.Tr "admin.config.auth_custom_logout_url"}}</dt>
+						<dd>
+							{{if .Auth.CustomLogoutURL}}
+								<code>{{.Auth.CustomLogoutURL}}</code>
+							{{else}}
+								<i>{{.i18n.Tr "admin.config.not_set"}}</i>
+							{{end}}
+						</dd>
 					</dl>
 				</div>