feat: make redirect_uri really optional in logout route (#2342)

controllers/account.go

@@ -309,27 +309,32 @@ func (c *ApiController) Logout() {
 			return
 		}
 
-		if application.IsRedirectUriValid(redirectUri) {
+		if user == "" {
-			if user == "" {
+			user = util.GetId(token.Organization, token.User)
-				user = util.GetId(token.Organization, token.User)
+		}
-			}
 
-			c.ClearUserSession()
+		c.ClearUserSession()
-			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
+		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-			owner, username := util.GetOwnerAndNameFromId(user)
+		owner, username := util.GetOwnerAndNameFromId(user)
 
-			_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
+		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-			if err != nil {
+		if err != nil {
-				c.ResponseError(err.Error())
+			c.ResponseError(err.Error())
+			return
+		}
+
+		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+
+		if redirectUri == "" {
+			c.ResponseOk()
+			return
+		} else {
+			if application.IsRedirectUriValid(redirectUri) {
+				c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
+			} else {
+				c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
 				return
 			}
-
-			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
-		} else {
-			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
-			return
 		}
 	}
 }