Simple logout works (#595)
This commit is contained in:
parent
d32d9646f8
commit
35d1ad0b3c
2
Makefile
2
Makefile
|
@ -364,7 +364,7 @@ prepare_test_server:
|
|||
VHOSTLISTEN='*:$(TESTWEBSERVERPORT)' \
|
||||
PORT=$(TESTWEBSERVERPORT) \
|
||||
FASTCGISOCKDIR=`pwd`/e2e-tests/conf \
|
||||
PORTALDIR=`pwd`/$(SRCPORTALDIR)/example \
|
||||
PORTALDIR=`pwd`/$(SRCPORTALDIR)/site/htdocs \
|
||||
MANAGERDIR=`pwd`/$(SRCMANAGERDIR)/site \
|
||||
TESTDIR=`pwd`/e2e-tests/conf/site \
|
||||
MANAGERPSGIDIR=`pwd`/e2e-tests \
|
||||
|
|
|
@ -22,12 +22,6 @@
|
|||
Options +ExecCGI +FollowSymLinks
|
||||
</Directory>
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
# Temporary hook
|
||||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
|
@ -35,7 +29,7 @@
|
|||
</Files>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
DirectoryIndex index.html index.fcgi
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
|
|
|
@ -104,6 +104,122 @@ sub controlUrl {
|
|||
PE_OK;
|
||||
}
|
||||
|
||||
sub checkLogout {
|
||||
my ( $self, $req ) = @_;
|
||||
if ( $req->param('logout') ) {
|
||||
my $apacheSession = $self->getApacheSession($req->id);
|
||||
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
|
||||
$self->lmLog( "Unable to delete session ".$req->id, 'error' );
|
||||
$self->lmLog( $apacheSession->error, 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
|
||||
}
|
||||
|
||||
# TODO
|
||||
# Call issuerDB logout on each used issuerDBmodule
|
||||
#my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
|
||||
#if ( defined $issuerDBList ) {
|
||||
# foreach my $issuerDBtype (
|
||||
# split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
|
||||
# {
|
||||
# my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
|
||||
# $self->lmLog(
|
||||
# "Process logout for issuerDB module $issuerDBtype",
|
||||
# 'debug' );
|
||||
|
||||
# $self->{error} = $self->_subProcess(
|
||||
# $module_name . "::issuerDBInit",
|
||||
# $module_name . '::issuerLogout'
|
||||
# );
|
||||
|
||||
# }
|
||||
#}
|
||||
|
||||
# Call logout for the module used to authenticate
|
||||
#$self->lmLog(
|
||||
# "Process logout for authentication module "
|
||||
# . $self->{sessionInfo}->{_auth},
|
||||
# 'debug'
|
||||
#);
|
||||
|
||||
#if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
|
||||
# my $module_name =
|
||||
# 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
|
||||
|
||||
# unless ( $self->loadModule($module_name) ) {
|
||||
# $self->lmLog( "Unable to load $module_name", 'error' );
|
||||
# }
|
||||
# else {
|
||||
# eval {
|
||||
# $self->{error} = $self->_subProcess(
|
||||
# $module_name . "::authInit",
|
||||
# $module_name . "::authLogout"
|
||||
# );
|
||||
# };
|
||||
# }
|
||||
#}
|
||||
#else {
|
||||
# eval {
|
||||
# $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
|
||||
# };
|
||||
#}
|
||||
#if ($@) {
|
||||
# $self->lmLog( "Error when calling authentication logout: $@",
|
||||
# 'debug' );
|
||||
#}
|
||||
#return $self->{error} if $self->{error} > 0;
|
||||
|
||||
# Collect logout services and build hidden iFrames
|
||||
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
|
||||
|
||||
# $self->lmLog( "Create iFrames to forward logout to services",
|
||||
# 'debug' );
|
||||
|
||||
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
|
||||
|
||||
# foreach ( keys %{ $self->{logoutServices} } ) {
|
||||
# my $logoutServiceName = $_;
|
||||
# my $logoutServiceUrl =
|
||||
# $self->{logoutServices}->{$logoutServiceName};
|
||||
|
||||
# $self->lmLog(
|
||||
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
|
||||
|
||||
# 'debug'
|
||||
# );
|
||||
|
||||
# my $iframe =
|
||||
# "<iframe src=\"$logoutServiceUrl\""
|
||||
# . " alt=\"$logoutServiceName\" marginwidth=\"0\""
|
||||
# . " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
|
||||
# . " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||
# . "</iframe>";
|
||||
|
||||
# $self->info($iframe);
|
||||
# }
|
||||
|
||||
# # Redirect on logout page if no other target defined
|
||||
# if ( !$self->{urldc} and !$self->{postUrl} ) {
|
||||
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
|
||||
# }
|
||||
#}
|
||||
|
||||
# Redirect or Post if asked by authLogout
|
||||
#return $self->_subProcess(qw(autoRedirect))
|
||||
# if ( $self->{urldc}
|
||||
# and $self->{urldc} ne $self->{portal} );
|
||||
|
||||
#return $self->_subProcess(qw(autoPost))
|
||||
# if ( $self->{postUrl} );
|
||||
|
||||
# Display logout message
|
||||
return PE_LOGOUT_OK;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Check value to detect XSS attack
|
||||
# @param name Parameter name
|
||||
# @param value Parameter value
|
||||
|
|
|
@ -83,8 +83,13 @@ sub postLogin {
|
|||
|
||||
sub authenticatedRequest {
|
||||
my ( $self, $req ) = @_;
|
||||
return $self->do( $req,
|
||||
[ 'importHandlerDatas', 'controlUrl', @{ $self->forAuthUser } ] );
|
||||
return $self->do(
|
||||
$req,
|
||||
[
|
||||
'importHandlerDatas', 'checkLogout',
|
||||
'controlUrl', @{ $self->forAuthUser }
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
sub postAuthenticatedRequest {
|
||||
|
@ -92,8 +97,9 @@ sub postAuthenticatedRequest {
|
|||
return $self->do(
|
||||
$req,
|
||||
[
|
||||
'importHandlerDatas', 'restoreArgs',
|
||||
'controlUrl', @{ $self->forAuthUser }
|
||||
'importHandlerDatas', 'checkLogout',
|
||||
'restoreArgs', 'controlUrl',
|
||||
@{ $self->forAuthUser }
|
||||
]
|
||||
);
|
||||
}
|
||||
|
@ -258,6 +264,62 @@ sub getPersistentSession {
|
|||
return $ps;
|
||||
}
|
||||
|
||||
# Delete an existing session. If "securedCookie" is set to 2, the http session
|
||||
# will also be removed.
|
||||
# @param h tied Apache::Session object
|
||||
# @param preserveCookie do not delete cookie
|
||||
# @return True if session has been deleted
|
||||
sub _deleteSession {
|
||||
my ( $self, $req, $session, $preserveCookie ) = @_;
|
||||
|
||||
# Invalidate http cookie and session, if set
|
||||
if ( $self->{securedCookie} >= 2 ) {
|
||||
|
||||
# Try to find a linked http session (securedCookie == 2)
|
||||
if ( my $id2 = $session->data->{_httpSession} ) {
|
||||
if ( my $session2 = $self->getApacheSession( $id2, 1 ) ) {
|
||||
$session2->remove;
|
||||
if ( $session2->error ) {
|
||||
$self->lmLog( "Unable to remove linked session $id2",
|
||||
'debug' );
|
||||
$self->lmLog( $session2->error, 'debug' );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Create an obsolete cookie to remove it
|
||||
push @{ $req->respHeaders },
|
||||
'Set-Cookie' => $self->cookie(
|
||||
name => $self->conf->{cookieName} . 'http',
|
||||
value => 0,
|
||||
domain => $self->conf->{domain},
|
||||
path => "/",
|
||||
secure => 0,
|
||||
expires => '-1d',
|
||||
) unless ($preserveCookie);
|
||||
}
|
||||
|
||||
$session->remove;
|
||||
|
||||
# Create an obsolete cookie to remove it
|
||||
push @{ $req->respHeaders },
|
||||
'Set-Cookie' => $self->cookie(
|
||||
name => $self->conf->{cookieName},
|
||||
value => 0,
|
||||
domain => $self->conf->{domain},
|
||||
path => "/",
|
||||
secure => 0,
|
||||
expires => '-1d',
|
||||
@_,
|
||||
) unless ($preserveCookie);
|
||||
|
||||
# Log
|
||||
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
$self->userNotice("User $user has been disconnected") if $user;
|
||||
|
||||
return $session->error ? 0 : 1;
|
||||
}
|
||||
|
||||
# Return md5(s)
|
||||
sub _md5hash {
|
||||
my ( $self, $s ) = @_;
|
||||
|
|
Loading…
Reference in New Issue
Block a user