From 7fff53e0ccc48f478406dc2fc65e8337982bd879 Mon Sep 17 00:00:00 2001
From: Louis <louis@chmn.me>
Date: Mon, 11 Jan 2021 16:29:13 +0100
Subject: [PATCH] Handle assertion of HTTP-redirect for a LogoutResponse in
 auth-saml2

---
 peertube-plugin-auth-saml2/main.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/peertube-plugin-auth-saml2/main.js b/peertube-plugin-auth-saml2/main.js
index 067e138..b625c13 100644
--- a/peertube-plugin-auth-saml2/main.js
+++ b/peertube-plugin-auth-saml2/main.js
@@ -114,6 +114,7 @@ async function register ({
 
   store.assertUrl = peertubeHelpers.config.getWebserverUrl() + '/plugins/auth-saml2/router/assert'
   router.post('/assert', (req, res) => handleAssert(peertubeHelpers, settingsManager, req, res))
+  router.get('/assert', (req, res) => handleAssert(peertubeHelpers, settingsManager, req, res))
 
   router.get('/metadata.xml', (req, res) => {
     if (!store.serviceProvider) {
@@ -262,6 +263,12 @@ async function loadSettingsAndCreateProviders (
 function handleAssert(peertubeHelpers, settingsManager, req, res) {
   const { logger } = peertubeHelpers
 
+  if (req.query.SAMLResponse) {
+    // This is a HTTP-redirect for a LogoutResponse and not a SamlResponse after a login request.
+    // So we do not want to assert it with post_assert as it will throw an error.
+    return res.redirect(peertubeHelpers.config.getWebserverUrl())
+  }
+
   const options = { request_body: req.body }
 
   store.serviceProvider.post_assert(store.identityProvider, options, async (err, samlResponse) => {