Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

LogoutRequest.Parameters always empty #4655

Closed
imcc opened this issue Jul 14, 2020 · 2 comments
Closed

LogoutRequest.Parameters always empty #4655

imcc opened this issue Jul 14, 2020 · 2 comments
Assignees
@brockallen
Labels
bug report investigating

Comments

@imcc
Copy link
Contributor

imcc commented Jul 14, 2020

LogoutMessage.Parameters is type of NameValueCollection, so EndSessionResult -> ExecuteAsync() -> _logoutMessageStore.WriteAsync(msg) -> ObjectSerializer.ToString(message) will lose the NameValueCollection`s Value, causing loss of data. For example, {"Parameters":["name" : "test"]} will be serialized to {"Parameters":["name"]}.

At the same time, LogoutMessage.Parameters is read-only, so it will be ignored when deserializing in DefaultIdentityServerInteractionService.GetLogoutContextAsync(). This causes the LogoutRequest.Parameters to always be empty.

public class EndSessionResult : IEndpointResult
{
    ...
    public async Task ExecuteAsync(HttpContext context)
    {
        ...
        id = await _logoutMessageStore.WriteAsync(msg);
    }
}

public class ProtectedDataMessageStore<TModel> : IMessageStore<TModel>
{
    ...
    public virtual Task<string> ReadAsync(Message<TModel> message)
    {
        ...
        // 
        var json = Encoding.UTF8.GetString(bytes);

        // LogoutMessage.Parameters is read-only, so it will be ignored.
        result = ObjectSerializer.FromString<Message<TModel>>(json);
        ...
    }

     public virtual Task<string> WriteAsync(Message<TModel> message)
     {

        // lost NameValueCollection data 
        var json = ObjectSerializer.ToString(message);
        ...
     }
}
@imcc imcc mentioned this issue Jul 15, 2020
Closed
2 tasks
@brockallen brockallen added this to the 4.0.5 milestone Sep 7, 2020
brockallen added a commit that referenced this issue Sep 8, 2020
@brockallen
fix serialization bug on LogoutRequest.Parameters #4655
f11773f
@brockallen
Copy link
Member

Confirmed and PR submitted. Thanks!

@brockallen brockallen removed this from the 4.1.0 milestone Sep 8, 2020
brockallen added a commit that referenced this issue Sep 9, 2020
@brockallen
Merge pull request #4851 from IdentityServer/features/logout_message_bug
3a2d3d3 
fix serialization bug on LogoutRequest.Parameters #4655
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@brockallen brockallen

Labels
bug report investigating
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brockallen @imcc