Fixing logout

app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java

@@ -304,8 +304,8 @@ public class ApplicationProperties {
             private boolean enableKeystore = true;
             private boolean enableKeyRotation = false;
             private boolean enableKeyCleanup = true;
-            private int keyRetentionDays;
+            private int keyRetentionDays = 7;
-            private int cleanupBatchSize;
+            private int cleanupBatchSize = 100;
         }
     }
 

app/core/src/main/resources/settings.yml.template

@@ -61,10 +61,10 @@ security:
     spCert: classpath:certificate.crt # Your signing certificate. Generated from your keypair
   jwt:
     enableKeyStore: true # Set to 'true' to enable JWT key store
-    enableKeyRotation: true # Set to 'true' to enable JWT key rotation
+    enableKeyRotation: false # Set to 'true' to enable JWT key rotation
     enableKeyCleanup: true # Set to 'true' to enable JWT key cleanup
-    keyRetentionDays: 7 # Number of days to retain old keys
+    keyRetentionDays: 7 # Number of days to retain old keys. The default is 7 days.
-    cleanupBatchSize: 100 # Number of keys to clean up in each batch
+    cleanupBatchSize: 100 # Number of keys to clean up in each batch. The default is 100.
 
 premium:
   key: 00000000-0000-0000-0000-000000000000

app/core/src/main/resources/static/js/fetch-utils.js

@@ -62,11 +62,15 @@ window.JWTManager = {
         fetch('/logout', {
             method: 'POST',
             credentials: 'include'
-        }).then(() => {
+        }).then(response => {
-            window.location.href = '/login';
+            if (response.redirected) {
+                window.location.href = response.url;
+            } else {
+                window.location.href = '/login?logout=true';
+            }
         }).catch(() => {
-            // Even if logout fails, redirect to login
+            // If logout fails, let server handle it
-            window.location.href = '/login';
+            window.location.href = '/logout';
         });
     }
 };

app/core/src/main/resources/static/js/jwt-init.js

@@ -47,11 +47,14 @@
             console.log('User is not authenticated or token expired');
             // Only redirect to login if we're not already on login/register pages
             const currentPath = window.location.pathname;
+            const currentSearch = window.location.search;
+            // Don't redirect if we're on logout page or already being logged out
             if (!currentPath.includes('/login') && 
                 !currentPath.includes('/register') && 
                 !currentPath.includes('/oauth') && 
                 !currentPath.includes('/saml') &&
-                !currentPath.includes('/error')) {
+                !currentPath.includes('/error') &&
+                !currentSearch.includes('logout=true')) {
                 // Redirect to login after a short delay to allow other scripts to load
                 setTimeout(() => {
                     window.location.href = '/login';

app/proprietary/src/main/java/stirling/software/proprietary/security/config/AccountWebController.java

@@ -77,8 +77,11 @@ public class AccountWebController {
 
     @GetMapping("/login")
     public String login(HttpServletRequest request, Model model, Authentication authentication) {
-        // If the user is already authenticated, redirect them to the home page.
+        // If the user is already authenticated and it's not a logout scenario, redirect them to the
-        if (authentication != null && authentication.isAuthenticated()) {
+        // home page.
+        if (authentication != null
+                && authentication.isAuthenticated()
+                && request.getParameter("logout") == null) {
             return "redirect:/";
         }
 

app/proprietary/src/main/java/stirling/software/proprietary/security/filter/UserAuthenticationFilter.java

@@ -65,13 +65,6 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
         String requestURI = request.getRequestURI();
 
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        log.info(
-                "UserAuthenticationFilter - Authentication from SecurityContext: {}",
-                authentication != null
-                        ? authentication.getClass().getSimpleName()
-                                + " for "
-                                + authentication.getName()
-                        : "null");
 
         // Check for session expiration (unsure if needed)
         //        if (authentication != null && authentication.isAuthenticated()) {
@@ -117,7 +110,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
             String method = request.getMethod();
             String contextPath = request.getContextPath();
 
-            if ("GET".equalsIgnoreCase(method) && !(contextPath + "/login").equals(requestURI)) {
+            if ("GET".equalsIgnoreCase(method) && !requestURI.startsWith(contextPath + "/login")) {
                 response.sendRedirect(contextPath + "/login"); // redirect to the login page
             } else {
                 response.setStatus(HttpStatus.UNAUTHORIZED.value());

app/proprietary/src/main/java/stirling/software/proprietary/security/model/AuthenticationType.java

@@ -2,7 +2,8 @@ package stirling.software.proprietary.security.model;
 
 public enum AuthenticationType {
     WEB,
-    @Deprecated(since = "1.0.2") SSO,
+    @Deprecated(since = "1.0.2")
+    SSO,
     OAUTH2,
     SAML2
 }

app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtKeyCleanupService.java

@@ -10,6 +10,7 @@ import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBooleanProperty;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.scheduling.annotation.Scheduled;
@@ -25,6 +26,7 @@ import stirling.software.proprietary.security.model.JwtSigningKey;
 
 @Slf4j
 @Service
+@ConditionalOnBooleanProperty("v2")
 public class JwtKeyCleanupService {
 
     private final JwtSigningKeyRepository signingKeyRepository;

app/proprietary/src/main/java/stirling/software/proprietary/security/service/JwtService.java

@@ -41,7 +41,7 @@ public class JwtService implements JwtServiceInterface {
     private static final String AUTHORIZATION_HEADER = "Authorization";
     private static final String BEARER_PREFIX = "Bearer ";
     private static final String ISSUER = "Stirling PDF";
-    private static final long EXPIRATION = 300000; // 5 minutes in milliseconds
+    private static final long EXPIRATION = 3600000;
 
     private final JwtKeystoreServiceInterface keystoreService;
     private final boolean v2Enabled;
@@ -127,7 +127,6 @@ public class JwtService implements JwtServiceInterface {
 
     private Claims extractAllClaims(String token) {
         try {
-            // Extract key ID from token header if present
             String keyId = extractKeyId(token);
             KeyPair keyPair;