Merge branch 'main' into BC-7995-node-22

hpi-schul-cloud · Nov 19, 2024 · e7df836 · e7df836
2 parents dd4a666 + 40f1203
commit e7df836
Show file tree

Hide file tree

Showing 15 changed files with 85 additions and 23 deletions.
diff --git a/config/default.schema.json b/config/default.schema.json
@@ -625,6 +625,11 @@
 			"type": "boolean",
 			"default": false,
 			"description": "Enables the rooms feature"
+		},
+		"FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED": {
+			"type": "boolean",
+			"default": false,
+			"description": "Enables the external system logout feature"
 		}
 	},
 	"allOf": [

diff --git a/controllers/courses.js b/controllers/courses.js
@@ -23,6 +23,10 @@ const router = express.Router();
 const { HOST } = require('../config/global');
 const { isUserHidden } = require('../helpers/users');
 
+const SYNC_ATTRIBUTE = Object.freeze({
+	TEACHERS: 'teachers',
+});
+
 const getSelectOptions = (req, service, query) => api(req).get(`/${service}`, {
 	qs: query,
 }).then((data) => data.data);
@@ -81,6 +85,7 @@ const getSyncedElements = 	(
 		untilDate,
 		syncedWithGroup,
 		excludeFromSync: course.excludeFromSync?.join(','),
+		areTeachersSynced: !course.excludeFromSync?.includes(SYNC_ATTRIBUTE.TEACHERS),
 	};
 	return selectedElements;
 };
@@ -310,7 +315,7 @@ const editCourseHandler = (req, res, next) => {
 			const isTeacherInGroup = teacherIds.some((tid) => tid === res.locals.currentUser._id);
 			const isTeacher = res.locals.currentUser.roles.map((role) => role.name).includes('teacher');
 			if (!isTeacherInGroup && isTeacher) {
-				course.excludeFromSync = ['teachers'];
+				course.excludeFromSync = [SYNC_ATTRIBUTE.TEACHERS];
 				course.teacherIds = [res.locals.currentUser._id];
 			} else {
 				course.teacherIds = teacherIds;

diff --git a/controllers/login.js b/controllers/login.js
@@ -484,4 +484,21 @@ router.get('/logout/', (req, res, next) => {
 		.catch(next);
 });
 
+router.get('/logout/external/', async (req, res, next) => {
+	let redirectUri = '/logout/';
+	if (Configuration.has('OAUTH2_LOGOUT_URI')) {
+		redirectUri = Configuration.get('OAUTH2_LOGOUT_URI');
+	}
+
+	if (res.locals.isExternalLogoutAllowed) {
+		try {
+			await api(req, { version: 'v3' }).post('/logout/external');
+		} catch (err) {
+			logger.error('error during external logout.', formatError(err));
+		}
+	}
+
+	res.redirect(redirectUri);
+});
+
 module.exports = router;
diff --git a/helpers/authentication.js b/helpers/authentication.js
@@ -64,7 +64,7 @@ const clearCookie = async (req, res, options = { destroySession: false }) => {
 			});
 		});
 	}
-	
+
 	res.clearCookie('jwt');
 	// this is deprecated and only used for cookie removal from now on,
 	// and can be removed after one month (max cookie lifetime from life systems)
@@ -101,6 +101,26 @@ const isAuthenticated = (req) => {
 };
 
 const populateCurrentUser = async (req, res) => {
+	async function setExternalSystemFromJwt(decodedJwt) {
+		if (!('systemId' in decodedJwt) && !decodedJwt.systemId) {
+			return;
+		}
+
+		try {
+			const response = await api(req, { version: 'v3' }).get(`/systems/public/${decodedJwt.systemId}`);
+			const hasEndSessionEndpoint = 'oauthConfig' in response
+				&& 'endSessionEndpoint' in response.oauthConfig
+				&& response.oauthConfig.endSessionEndpoint;
+
+			res.locals.isExternalLogoutAllowed = Configuration.get('FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED')
+				&& hasEndSessionEndpoint;
+			res.locals.systemName = response.displayName;
+		} catch (err) {
+			const metadata = { error: err.toString() };
+			logger.error('Unable to find out the external login system used by user', metadata);
+		}
+	}
+
 	let payload = {};
 	if (isJWT(req)) {
 		try {
@@ -129,6 +149,8 @@ const populateCurrentUser = async (req, res) => {
 	}
 
 	if (payload && payload.userId) {
+		await setExternalSystemFromJwt(payload);
+
 		if (res.locals.currentUser && res.locals.currentSchoolData) {
 			return Promise.resolve(res.locals.currentSchoolData);
 		}

diff --git a/locales/de.json b/locales/de.json
@@ -3231,4 +3231,4 @@
 			"createAfterFirstSave": "H5P Inhalte können erst nach dem ersten Speichern erstellt werden."
 		}
 	}
-}
+}
diff --git a/locales/en.json b/locales/en.json
@@ -3231,4 +3231,4 @@
 			"createAfterFirstSave": "H5P contents can only be created after the first save."
 		}
 	}
-}
+}
diff --git a/locales/es.json b/locales/es.json
@@ -3231,4 +3231,4 @@
 			"createAfterFirstSave": "Los contenidos H5P solo se pueden crear después del primer guardado."
 		}
 	}
-}
+}
diff --git a/locales/uk.json b/locales/uk.json
@@ -3240,4 +3240,4 @@
 			"createAfterFirstSave": "Вміст H5P можна створити лише після першого збереження."
 		}
 	}
-}
+}
diff --git a/theme/brb/style.scss b/theme/brb/style.scss
@@ -1,19 +1,14 @@
-$primaryColor: #0a9396;
-$primaryColorOverlay: rgba(10, 147, 150, 0.12);
-$secondaryColor: #294c5a;
+$primaryColor: #2876D0;
+$primaryColorOverlay: rgba(40, 118, 208, 0.12);
+$secondaryColor: #0F3551;
 $accentColor: #E4032E;
-$grayDarkColor: #294c5a;
-
-// :export {
-// primaryColor: $primaryColor;
-// secondaryColor: $secondaryColor;
-// accentColor: $accentColor;
-// };
+$grayDarkColor: #0F3551;
 
 $logoGradient: linear-gradient(45deg, $primaryColor 30%, $primaryColor);
 
 $colorBeige: #e6e2e2;
 $colorGrey: rgba(232, 232, 232, 0.5);
+
 $logoBackground: url("/images/logo/cloud-transparent-mono.svg") center / contain no-repeat;
 $logoBackgroundTablet: url("/images/logo/cloud-transparent-mono-48-48.svg") center / contain no-repeat;
 $logoBackgroundLanding: url("/images/logo/cloud-transparent-mono-long.svg") center / contain no-repeat;

diff --git a/theme/thr/style.scss b/theme/thr/style.scss
@@ -7,6 +7,9 @@ $grayDarkColor: #0f3551;
 
 $logoGradient: linear-gradient(45deg, $primaryColor, $primaryColor);
 
+$colorBeige: #e6e2e2;
+$colorGrey: rgba(232, 232, 232, 0.5);
+
 $logoBackground: url("/images/logo/cloud-transparent-mono.svg") center / contain no-repeat;
 $logoBackgroundTablet: url("/images/logo/cloud-transparent-mono-48-48.svg") center / contain no-repeat;
 $logoBackgroundLanding: url("/images/logo/cloud-transparent-mono-long.svg") center / contain no-repeat;

diff --git a/views/administration/users_edit.hbs b/views/administration/users_edit.hbs
@@ -161,7 +161,7 @@
                     <div class="pull-left">
                         {{#unless schoolUsesLdap}}
                         {{#ifCond isAdmin '|| !' editTeacher}}
-                        <button style="margin: 0 10px 20px 0" class="btn btn-secondary btn-pw"
+                        <button style="margin: 0 10px 20px 0" class="btn btn-secondary btn-pw" data-testid="button-change-password"
                             {{#if @root.hidePwChangeButton}}
                                 disabled
                                 {{#if @root.consentNecessary}}

diff --git a/views/authentication/forms/login.hbs b/views/authentication/forms/login.hbs
@@ -36,7 +36,7 @@
                     </div>
 
 
-                <button type="button" title="{{$t "login.button.moreOptions"}}" class="btn form-group toggle-btn btn-block btn-secondary btn-toggle-providers ">
+                <button type="button" title="{{$t "login.button.moreOptions"}}" class="btn form-group toggle-btn btn-block btn-secondary btn-toggle-providers " data-testid="login-more-options">
                     <i aria-hidden="true" class="fa fa-chevron-up"></i> {{$t "login.button.moreOptions"}}
                 </button>
 

diff --git a/views/courses/create-course.hbs b/views/courses/create-course.hbs
@@ -109,7 +109,7 @@
                 <div class="form-group col-md-6" data-testid="teachers_container">
                   <label for="courseTeacher">{{$t "administration.global.label.teachingTeacher"}}</label>
                   <select id="courseTeacher" name="teacherIds[]" required multiple data-placeholder="{{$t "courses.global.input.chooseTeacher"}}" data-testid="teachersearch" autocomplete="off"
-                    aria-describedby="courseTeacherErr" {{#if syncedWithGroup}}disabled{{/if}}>
+                    aria-describedby="courseTeacherErr" {{#if areTeachersSynced}}disabled{{/if}}>
                     {{#each teachers}}
                     <option data-testid="teacher" value="{{this._id}}" {{#if this.selected}}selected{{/if}} {{#if this.isHidden}}hidden{{/if}}>
                       {{#if this.displayName}}
@@ -120,7 +120,7 @@
                     </option>
                     {{/each}}
                   </select>
-                  {{#if syncedWithGroup}}
+                  {{#if areTeachersSynced}}
                     <input type="hidden" id="courseTeacherSync" name="teacherIds" value="{{teachersSelected}}">
                   {{/if}}
                   <span class="small course-validation-error" id="courseTeacherErr">

diff --git a/views/courses/edit-course.hbs b/views/courses/edit-course.hbs
@@ -138,14 +138,14 @@
 				<div class="form-group">
 					<label for="teacherId">{{$t "administration.global.label.teachingTeacher"}}</label>
                     <select id="teacherId" name="teacherIds[]" data-testid="teachersearch" required multiple data-placeholder="{{$t "courses.global.input.chooseTeacher"}}"
-                            {{#ifCond course.isArchived '||' course.syncedWithGroup}}disabled{{/ifCond}}>
+                            {{#ifCond course.isArchived '||' areTeachersSynced}}disabled{{/ifCond}}>
                         {{#each teachers}}
                             <option value="{{this._id}}" {{#if this.selected}}selected{{/if}} {{#if this.isHidden}}hidden{{/if}}>
                                 {{this.lastName}}, {{this.firstName}}{{#if this.outdatedSince}} ~~{{/if}}
                             </option>
                         {{/each}}
                     </select>
-                    {{#if course.syncedWithGroup}}
+                    {{#if areTeachersSynced}}
                         <input type="hidden" id="teacherIdSync" name="teacherIds" value="{{teachersSelected}}">
                     {{/if}}
 					<span class="small course-validation-error" id="courseTeacherErr">

diff --git a/views/lib/topbar.hbs b/views/lib/topbar.hbs
@@ -59,7 +59,22 @@
                   <hr>
                   {{> "user/forms/language" language=@root.userLanguage }}
                   <li><a class="dropdown-item" data-testid="settings" href="/account/" role="menuitem" aria-label="{{$t 'lib.loggedin.tab_label.settings' }}">{{$t "lib.loggedin.tab_label.settings" }}</a></li>
-                  <li><a class="dropdown-item localstorageclear" data-testid="logout" href= {{#hasConfig "OAUTH2_LOGOUT_URI"}} {{getConfig "OAUTH2_LOGOUT_URI"}} {{else}} "/logout/" {{/hasConfig}} role="menuitem" aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}">{{$t "lib.loggedin.tab_label.signOut"}}</a></li>
+                  {{#if isExternalLogoutAllowed}}
+                      <li><a class="dropdown-item"
+                          data-testid="external-logout"
+                          href="/logout/external/"
+                          role="menuitem"
+                          aria-label="{{$t 'lib.loggedin.tab_label.signOut'}} Bildungscloud & {{ systemName }}">
+                              {{$t 'lib.loggedin.tab_label.signOut'}} Bildungscloud & {{ systemName }}
+                      </a></li>
+                  {{/if}}
+                  <li><a class="dropdown-item localstorageclear"
+                      data-testid="logout"
+                      role="menuitem"
+                      href= {{#hasConfig "OAUTH2_LOGOUT_URI"}} {{getConfig "OAUTH2_LOGOUT_URI"}} {{else}} "/logout/" {{/hasConfig}}
+                      aria-label="{{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}">
+                          {{$t 'lib.loggedin.tab_label.signOut'}}{{#if isExternalLogoutAllowed}} Bildungscloud{{/if}}
+                  </a></li>
               </ul>
           </div>
       </li>
-Original file line number
+Diff line change
@@ Expand Up / @@ -3231,4 +3231,4 @@ @@
     			"createAfterFirstSave": "H5P Inhalte können erst nach dem ersten Speichern erstellt werden."
     		}
     	}
-    }
+    }