Graceful handling of no sessions available for a user.

rohe · rohe · commit c5dd9ec5f9e9 · 2020-04-14T20:05:51.000+02:00
diff --git a/src/oidcendpoint/oidc/session.py b/src/oidcendpoint/oidc/session.py
@@ -134,8 +134,16 @@ def logout_all_clients(self, sid, client_id):
 
         # Find all RPs this user has logged it from
         uid = _sso_db.get_uid_by_sid(sid)
+        if uid is None:
+            logger.debug("Can not translate sid:%s into a user id", sid)
+            return {}
+
         _client_sid = {}
         usids = _sso_db.get_sids_by_uid(uid)
+        if usids is None:
+            logger.debug("No sessions found for uid: %s", uid)
+            return {}
+
         for usid in usids:
             _client_sid[_sdb[usid]["authn_req"]["client_id"]] = usid
 
diff --git a/tests/test_30_oidc_end_session.py b/tests/test_30_oidc_end_session.py
@@ -530,3 +530,43 @@ def test_do_verified_logout(self):
 
             res = self.session_endpoint.do_verified_logout(_sid, "client_1")
             assert res == []
+
+    def test_logout_from_client_unknow_sid(self):
+        self._code_auth("1234567")
+        self._code_auth2("abcdefg")
+
+        # client0
+        self.session_endpoint.endpoint_context.cdb["client_1"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.session_endpoint.endpoint_context.cdb["client_1"]["client_id"] = "client_1"
+        self.session_endpoint.endpoint_context.cdb["client_2"][
+            "frontchannel_logout_uri"
+        ] = "https://example.com/fc_logout"
+        self.session_endpoint.endpoint_context.cdb["client_2"]["client_id"] = "client_2"
+
+        _sid = 'sid'
+
+        res = self.session_endpoint.logout_all_clients(_sid, "client_1")
+        assert res == {}
+
+    def test_logout_from_client_no_session(self):
+        self._code_auth("1234567")
+        self._code_auth2("abcdefg")
+
+        # client0
+        self.session_endpoint.endpoint_context.cdb["client_1"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.session_endpoint.endpoint_context.cdb["client_1"]["client_id"] = "client_1"
+        self.session_endpoint.endpoint_context.cdb["client_2"][
+            "frontchannel_logout_uri"
+        ] = "https://example.com/fc_logout"
+        self.session_endpoint.endpoint_context.cdb["client_2"]["client_id"] = "client_2"
+
+        _sid = self._get_sid()
+
+        self.session_endpoint.endpoint_context.sdb.sso_db.delete('uid2sid', 'diana')
+
+        res = self.session_endpoint.logout_all_clients(_sid, "client_1")
+        assert res == {}
