nil pointer panic on /oauth2/sessions/logout without id token hint #1403
Description
Describe the bug
Hydra crashes with a nil pointer panic on requests to the public endpoint/oauth2/sessions/logout
To Reproduce
Steps to reproduce the behavior:
- Have an active login session
- Make a GET request from a user-agent to
/oauth2/sessions/logout
Expected behavior
I believe the expected behavior is that the login session should be revoked and the cookies deleted and the user-agent redirected to the urls.post_logout_redirect. Instead the request fails with a nil pointer panic.
Version:
- docker
- v1.0.0-rc.10
Additional context
This LogoutRequest is created without a Client field set.
Then this subsequent method is called which assumes the Client is non-nil causing a nil pointer panic.
{"level":"info","method":"GET","msg":"started handling request","remote":"172.18.0.19:57878","request":"/oauth2/sessions/logout","time":"2019-04-30T04:27:31Z"}
2019/04/30 04:27:31 http: panic serving 172.18.0.19:57878: runtime error: invalid memory address or nil pointer dereference
goroutine 1173 [running]:
net/http.(*conn).serve.func1(0xc000555860)
/usr/local/go/src/net/http/server.go:1769 +0x139
panic(0xdb6780, 0x1722ad0)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
github.com/ory/hydra/consent.newSQLLogoutRequest(...)
/go/src/github.com/ory/hydra/consent/sql_helper.go:152
github.com/ory/hydra/consent.(*SQLManager).CreateLogoutRequest(0xc000548ea0, 0x1040340, 0xc00053e7b0, 0xc000373780, 0xc00033c500, 0x0)
/go/src/github.com/ory/hydra/consent/manager_sql.go:551 +0x10b
github.com/ory/hydra/consent.(*DefaultStrategy).issueLogoutVerifier(0xc000548ec0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0x1767ea0, 0x174a5e0, 0x7fe419eb1550)
/go/src/github.com/ory/hydra/consent/strategy_default.go:749 +0x514
github.com/ory/hydra/consent.(*DefaultStrategy).HandleOpenIDConnectLogout(0xc000548ec0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0x7fe419eb1550, 0xc0002e5400, 0x40bde9)
/go/src/github.com/ory/hydra/consent/strategy_default.go:939 +0x73
github.com/ory/hydra/oauth2.(*Handler).LogoutHandler(0xc0003e5e20, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0x0, 0x0, 0x0)
/go/src/github.com/ory/hydra/oauth2/handler.go:123 +0x72
github.com/julienschmidt/httprouter.(*Router).ServeHTTP(0xc0004b5300, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334 +0x948
github.com/urfave/negroni.Wrap.func1(0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b00c0)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46 +0x4d
github.com/urfave/negroni.HandlerFunc.ServeHTTP(0xc000352e00, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b00c0)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29 +0x4e
github.com/urfave/negroni.middleware.ServeHTTP(0x1027a60, 0xc000352e00, 0xc000352ec0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
net/http.HandlerFunc.ServeHTTP(...)
/usr/local/go/src/net/http/server.go:1995
github.com/ory/hydra/x.RejectInsecureRequests.func1(0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b00a0)
/go/src/github.com/ory/hydra/x/tls_termination.go:55 +0x9e
github.com/urfave/negroni.HandlerFunc.ServeHTTP(0xc0000966c0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b00a0)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29 +0x4e
github.com/urfave/negroni.middleware.ServeHTTP(0x1027a60, 0xc0000966c0, 0xc000352ea0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
github.com/ory/x/metricsx.(*Service).ServeHTTP(0xc000544780, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b0080)
/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:260 +0x92
github.com/urfave/negroni.middleware.ServeHTTP(0x1025ee0, 0xc000544780, 0xc000352e80, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
github.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP(0xc0000aa430, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b0040)
/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26 +0x44
github.com/urfave/negroni.middleware.ServeHTTP(0x1024ba0, 0xc0000aa430, 0xc000352e60, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP(0xc0001aeba0, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300, 0xc0004b0000)
/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136 +0x27a
github.com/urfave/negroni.middleware.ServeHTTP(0x10249e0, 0xc0001aeba0, 0xc000352e40, 0x7fe419ef0028, 0xc00011c008, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
github.com/urfave/negroni.(*Negroni).ServeHTTP(0xc0003aee40, 0x103d480, 0xc0002c81c0, 0xc00056a300)
/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96 +0xec
net/http.serverHandler.ServeHTTP(0xc0002d00d0, 0x103d480, 0xc0002c81c0, 0xc00056a300)
/usr/local/go/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc000555860, 0x1040280, 0xc000295d00)
/usr/local/go/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2884 +0x2f4