From 96f2af6a53c923bd39e010b9e0d81d915f227358 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 23 Feb 2024 23:00:56 +0100
Subject: [PATCH] Update to 2024-02-23 23:00

---
 roles/lemonldap_ng/templates/llng_headers.inc.j2 | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/lemonldap_ng/templates/llng_headers.inc.j2 b/roles/lemonldap_ng/templates/llng_headers.inc.j2
index a5c8b48..cffa093 100644
--- a/roles/lemonldap_ng/templates/llng_headers.inc.j2
+++ b/roles/lemonldap_ng/templates/llng_headers.inc.j2
@@ -44,6 +44,7 @@ auth_request_set $deleteheader13 $upstream_http_deleteheader13;
 auth_request_set $deleteheader14 $upstream_http_deleteheader14;
 auth_request_set $deleteheader15 $upstream_http_deleteheader15;
 auth_request_set $lmcookie $upstream_http_cookie;
+auth_request_set $internal_lemonldap_logout_url $upstream_http_internal_lemonldap_logout_url;
 access_by_lua '
   local i = 1
   ngx.req.set_header("Cookie",ngx.var.lmcookie)
@@ -58,10 +59,22 @@ access_by_lua '
   i = 1
   while true do
     if ngx.var["deleteheader"..i] ~= nil then
-          ngx.req.clear_header(ngx.var["deleteheader"..i])
+      ngx.req.clear_header(ngx.var["deleteheader"..i])
     else
       break
     end
     i = i + 1
   end
 ';
+
+# For managing logout_app / logout_app_sso redirection
+# Make sure the following block is enabled in the appropriate "location" section
+header_filter_by_lua '
+  if ngx.var["internal_lemonldap_logout_url"] ~= nil and ngx.var["internal_lemonldap_logout_url"] ~= "" then
+    return ngx.exit(457)
+  end
+';
+# Do not drop upstream cookies for logout_app / logout_app_sso redirections
+add_header Set-Cookie $upstream_http_set_cookie always;
+# Use specific code for triggering logout_app / logout_app_sso redirections
+error_page 457 $internal_lemonldap_logout_url;