Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

OIDC: disable multi session signout for OIDC-aware servers in session manager #11431

Merged
merged 9 commits into from
Aug 22, 2023

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented Aug 21, 2023

For element-hq/element-web#26000

In the case of OIDC-aware clients, you cannot sign out of other sessions via the device manager in EW anymore. Instead, users will need to be guided towards the MAS UI to take this actions.

MSC3824 now describes this requirement.

ACs

  • When the HS has a MAS deployment configured:
    • Clicking the sign-out button in the EW device manager for sessions other than the current redirects to MAS
    • There is an interstitial dialog that explains that the user will be redirected to perform the action on MAS
    • The redirection lands the user on a deep-link (query hash as per the MSC) into the respective session's details page on MAS
      • Making the deep link URL actually work is not part of this issue
    • Multi-session signout is disabled
  • Otherwise, things stay as they are

(Other ACs in next PR)

Changes:

  • Adds small util for getting account management url from client well known
  • For OIDC-aware servers:
    • Removes session selection in other sessions list
    • Removes 'select all' from header in other sessions list
    • Removes sign out all other sessions from current session context menu
    • Removes sign out all sessions from other sessions section context menu
Screenshot 2023-08-21 at 15 16 53

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

Here's what your changelog entry will look like:

✨ Features

  • OIDC: disable multi session signout for OIDC-aware servers in session manager (#11431). Contributed by @kerryarchibald.

@kerryarchibald kerryarchibald added the T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements label Aug 21, 2023
@kerryarchibald kerryarchibald requested a review from a team as a code owner August 21, 2023 03:35
Copy link
Member

@andybalaam andybalaam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - 1 typo.

@@ -1012,6 +1033,138 @@ describe("<SessionManagerTab />", () => {
);
});
});

describe("for and OIDC-aware server", () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and -> an

@kerryarchibald kerryarchibald added this pull request to the merge queue Aug 22, 2023
Merged via the queue into develop with commit dfded8d Aug 22, 2023
@kerryarchibald kerryarchibald deleted the kerry/26000/mas-signout-disable-multi branch August 22, 2023 02:58
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Aug 31, 2023
Changes in [1.11.40](https://github.com/vector-im/element-web/releases/tag/v1.11.40) (2023-08-29)
=================================================================================================

## ✨ Features
 * Hide account deactivation for externally managed accounts ([\#11445](matrix-org/matrix-react-sdk#11445)). Fixes #26022. Contributed by @kerryarchibald.
 * OIDC: Redirect to delegated auth provider when signing out ([\#11432](matrix-org/matrix-react-sdk#11432)). Fixes #26000. Contributed by @kerryarchibald.
 * Disable 3pid fields in settings when `m.3pid_changes` capability is disabled ([\#11430](matrix-org/matrix-react-sdk#11430)). Fixes #25995. Contributed by @kerryarchibald.
 * OIDC: disable multi session signout for OIDC-aware servers in session manager ([\#11431](matrix-org/matrix-react-sdk#11431)). Contributed by @kerryarchibald.
 * Implement updated open dialog method of the Module API ([\#11395](matrix-org/matrix-react-sdk#11395)). Contributed by @dhenneke.
 * Polish & delabs `Exploring public spaces` feature ([\#11423](matrix-org/matrix-react-sdk#11423)).
 * Treat lists with a single empty item as plain text, not Markdown. ([\#6833](matrix-org/matrix-react-sdk#6833)). Fixes element-hq/element-meta#1265.
 * Allow managing room knocks ([\#11404](matrix-org/matrix-react-sdk#11404)). Contributed by @charlynguyen.
 * Pin the action buttons to the bottom of the scrollable dialogs ([\#11407](matrix-org/matrix-react-sdk#11407)). Contributed by @dhenneke.
 * Support Matrix 1.1 (drop legacy r0 versions) ([\#9819](matrix-org/matrix-react-sdk#9819)).

## 🐛 Bug Fixes
 * Fix path separator for Windows based systems ([\#25997](element-hq/element-web#25997)).
 * Fix instances of double translation and guard translation calls using typescript ([\#11443](matrix-org/matrix-react-sdk#11443)).
 * Fix export type "Current timeline" to match its behaviour to its name ([\#11426](matrix-org/matrix-react-sdk#11426)). Fixes #25988.
 * Fix Room Settings > Notifications file upload input being shown superfluously ([\#11415](matrix-org/matrix-react-sdk#11415)). Fixes #18392.
 * Simplify registration with email validation ([\#11398](matrix-org/matrix-react-sdk#11398)). Fixes #25832 #23601 and #22297.
 * correct home server URL ([\#11391](matrix-org/matrix-react-sdk#11391)). Fixes #25931. Contributed by @NSV1991.
 * Include non-matching DMs in Spotlight recent conversations when the DM's userId is part of the search API results ([\#11374](matrix-org/matrix-react-sdk#11374)). Contributed by @mgcm.
 * Fix useRoomMembers missing updates causing incorrect membership counts ([\#11392](matrix-org/matrix-react-sdk#11392)). Fixes #17096.
 * Show error when searching public rooms fails ([\#11378](matrix-org/matrix-react-sdk#11378)).
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants