From 8f443379cd081bdb53ad18336443483cb1db623a Mon Sep 17 00:00:00 2001 From: Rune Olsen Date: Fri, 23 Jan 2026 14:07:09 +0100 Subject: [PATCH] Auto login with Authelia --- app.py | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/app.py b/app.py index fb8b4a5..4fdb81d 100644 --- a/app.py +++ b/app.py @@ -290,30 +290,14 @@ def logout(): # Clear local session session.clear() - # If user was authenticated via Authelia, try to redirect to Authelia logout - if auth_method == 'authelia' or authelia_user: - # Look for Authelia URL in headers - authelia_url = request.headers.get('X-Authelia-URL') - - # If found, redirect to Authelia logout - if authelia_url: - logger.info(f"Redirecting to Authelia logout: {authelia_url}/logout") - return redirect(f"{authelia_url}/logout") - - # Try some common authelia URLs based on the request - if request.host: - domain_parts = request.host.split('.') - if len(domain_parts) >= 2: - base_domain = '.'.join(domain_parts[1:]) # e.g., extract 'example.com' from 'app.example.com' - common_authelia_urls = [ - f"https://auth.{base_domain}/logout", - f"https://authelia.{base_domain}/logout", - f"https://sso.{base_domain}/logout" - ] - - # Try the first one as a fallback - logger.info(f"No Authelia URL header, trying fallback: {common_authelia_urls[0]}") - return redirect(common_authelia_urls[0]) + # If user was authenticated via Authelia, redirect to app login (not Authelia logout) + # This keeps the Authelia session active for other apps + if ENABLE_PROXY and (auth_method == 'authelia' or authelia_user): + logger.info(f"Logout for Authelia user - redirecting to app login page") + # Just redirect back to login page - Authelia session stays active + response = redirect(url_for('login')) + response.set_cookie(app.config['SESSION_COOKIE_NAME'], '', expires=0) + return response # Default case: redirect to login page response = redirect(url_for('login'))