search

ajnart / homarr

Customizable browser's home page to interact with your homeserver's Docker containers (e.g. Sonarr/Radarr)
https://homarr.dev
MIT License
5.45k stars 252 forks source link

Add logout callback URL and session expiration environment variables #2023

Closed SeDemal closed 1 month ago

SeDemal commented 2 months ago

Category

Feature

Overview

Add logout callback URL Add Session expiration (Which was hardcoded to 30 days)

Issue Number

Closes #2010

New Variables

NEXT_PUBLIC_LOGOUT_REDIRECT_URL

URL Format

AUTH_SESSION_EXPIRY_TIME

number as seconds or add s, m, h or d for seconds, minutes, hours or days multiplier valid input: "120" -> 120 seconds valid input: "30m" -> 30 minutes -> 1800 seconds

SeDemal commented 2 months ago

@yulinhuang could you try it out? You can try it in docker directly using the image SeDemal/homarr:v91 Env variable is AUTH_OIDC_REDIRECT_LOGOUT_URL

yulinhuang commented 2 months ago

@SeDemal

I've tried but there are some bugs.

First bug is related to env var AUTH_OIDC_TIMEOUT

AUTH_OIDC_TIMEOUT: [ 'Expected string, received number' ]

this can be quick fixed by manually setting it with a string in docker.

Secondly, the dashboard keep reloading every second when logged in, it seems not related to oidc feature because it also happens when I disable the oidc and use credential login.

Concerning the logout feature, I did try to stop the loading and click on the logout but it has the same behaviour as before (return to the login page and not redirect to the specified url from Env var).

SeDemal commented 2 months ago

@yulinhuang Thanks for testing, I made some modification to the session expiry parsing. It's actually still doing the looping I don't know why. Sorry for the wait I mistakenly deleted the modification for the callback URL after the merge conflict...

nvm it's still not working at all, I rushed things it seems. I'll ping you again once it's clear

SeDemal commented 2 months ago

@yulinhuang Alright. I got things working properly now. The timeout has a 32bit limit, which resulted in a session timeout max age of 24 days. Any input above that would trigger instantly. Hence the constant reload. the signOut function can only redirect to the same baseUrl, not an external website, so I just had to set it in the "then" function. The variable had to be named with NEXTPUBLIC from every step, so the new name will be NEXT_PUBLIC_LOGOUT_REDIRECT_URL. New version for testing: sedemal/homarr:94

yulinhuang commented 2 months ago

@SeDemal I just tried for the image v94, it doesn't seem to work. Logout still redirect to the homarr login page.

SeDemal commented 2 months ago

This is so tiresome... It works in a dev environment but not in production Edit: local production build from code works too, wth is happening

yulinhuang commented 2 months ago

I believe we had same pb, i.e. yarn build and docker build is working in dev. But not in production. I have no idea on why it behaves like this and how to fix it.

SeDemal commented 2 months ago

v97, use AUTH_LOGOUT_REDIRECT_URL. Tested thoroughly now so should be alright.

yulinhuang commented 2 months ago

Yes v97 is working now. Thx very much !