| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Signs out the current user by removing their authentication cookie for the given scheme. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | Wraps SignOutAsync on the current HTTP context to remove a cookie-based session. |
| | | 6 | | Designed for use inside Kestrun route script blocks where $Context is available. |
| | | 7 | | .PARAMETER Scheme |
| | | 8 | | Authentication scheme to use (default 'Cookies'). |
| | | 9 | | .PARAMETER Redirect |
| | | 10 | | If specified, redirects the user to the login path after signing out. |
| | | 11 | | If the login path is not configured, redirects to '/'. |
| | | 12 | | .PARAMETER WhatIf |
| | | 13 | | Shows what would happen if the command runs. The command is not run. |
| | | 14 | | .PARAMETER Confirm |
| | | 15 | | Prompts you for confirmation before running the command. The command is not run unless you respond |
| | | 16 | | affirmatively. |
| | | 17 | | .EXAMPLE |
| | | 18 | | Invoke-KrCookieSignOut # Signs out the current user from the default 'Cookies' scheme. |
| | | 19 | | .EXAMPLE |
| | | 20 | | Invoke-KrCookieSignOut -Scheme 'MyCookieScheme' # Signs out the current user from the specified scheme. |
| | | 21 | | .OUTPUTS |
| | | 22 | | None |
| | | 23 | | #> |
| | | 24 | | function Invoke-KrCookieSignOut { |
| | | 25 | | [KestrunRuntimeApi('Route')] |
| | | 26 | | [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Low', DefaultParameterSetName = 'SimpleIdentity')] |
| | | 27 | | [OutputType([System.Security.Claims.ClaimsPrincipal])] |
| | | 28 | | param( |
| | | 29 | | [Parameter()] |
| | | 30 | | [string]$Scheme = 'Cookies', |
| | | 31 | | [switch]$Redirect |
| | | 32 | | ) |
| | | 33 | | # Only works inside a route script block where $Context is available |
| | 0 | 34 | | if ($null -ne $Context -and $null -ne $KrServer) { |
| | 0 | 35 | | if ($PSCmdlet.ShouldProcess($Scheme, 'SignOut')) { |
| | | 36 | | # Sign out the user |
| | 0 | 37 | | if ($Context.User -and $Context.User.Identity.IsAuthenticated) { |
| | 0 | 38 | | [Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions]::SignOutAsync($Context.HttpCon |
| | | 39 | | } |
| | | 40 | | |
| | 0 | 41 | | if ($Redirect) { |
| | 0 | 42 | | $cookiesAuth = $null |
| | 0 | 43 | | if ($KrServer.RegisteredAuthentications.Exists($Scheme, "Cookie")) { |
| | 0 | 44 | | $cookiesAuth = $KrServer.RegisteredAuthentications.Get($Scheme, "Cookie") |
| | | 45 | | } else { |
| | 0 | 46 | | Write-KrLog -Level Warning -Message 'Authentication scheme {scheme} not found in registered authenti |
| | 0 | 47 | | Write-KrErrorResponse -Message "Authentication scheme '$Scheme' not found." -StatusCode 400 |
| | | 48 | | return |
| | | 49 | | } |
| | 0 | 50 | | Write-KrLog -Level Information -Message 'User {@user} signed out from {scheme} authentication.' -Values |
| | | 51 | | # Redirect to login path or root |
| | | 52 | | |
| | 0 | 53 | | if ($null -ne $cookiesAuth -and $cookiesAuth.LoginPath -and $cookiesAuth.LoginPath.ToString().Trim()) { |
| | 0 | 54 | | $url = $cookiesAuth.LoginPath |
| | | 55 | | } else { |
| | 0 | 56 | | $url = '/' |
| | | 57 | | } |
| | 0 | 58 | | Write-KrLog -Level Information -Message 'Redirecting {user} after logout to {path}' -Values $Context.Use |
| | 0 | 59 | | Write-KrRedirectResponse -Url $url |
| | | 60 | | } |
| | | 61 | | } |
| | | 62 | | } else { |
| | 0 | 63 | | Write-KrOutsideRouteWarning |
| | | 64 | | } |
| | | 65 | | } |