Improve logout for plugins (#595)
This commit is contained in:
parent
69410788bc
commit
b9cd5a89dd
|
@ -364,15 +364,6 @@ t/70-Lemonldap-NG-Portal-AuthOpenIDConnect.t
|
|||
t/99-pod.t
|
||||
t/lmConf-1.js
|
||||
t/sessions/lock/.exists
|
||||
t/sessions/lock/Apache-Session-145dba262c1053fd855990d571d5583fe1c75f2ff6910a079f1e44c2b12f5f81.lock
|
||||
t/sessions/lock/Apache-Session-1e662c0b3103d632d332d9561b6fbbf1f2aacb9a0d55263ee513311ec9ee7712.lock
|
||||
t/sessions/lock/Apache-Session-32409f452220ef603d5819e1553d980b441474cf4a8f899de1243be2724aa50f.lock
|
||||
t/sessions/lock/Apache-Session-4797304de2aa18005dc54b56d829477860f4ebadd1fc407af8f6de90edd59a2b.lock
|
||||
t/sessions/lock/Apache-Session-5ece000315bf915633f75225fcdb11c2754bd254e49783a01f9763887d780c46.lock
|
||||
t/sessions/lock/Apache-Session-7446b65e4838f5e35d661797c23118ee7afa08d3c673e3fd22c05721bdc5f273.lock
|
||||
t/sessions/lock/Apache-Session-8e7cd669256eacc113b159e23d3ed1d84c862e9a3782022e50b362e6f3b29bab.lock
|
||||
t/sessions/lock/Apache-Session-99ae337a06625431c00c76d8f85db2c9fed2afce9bdefba24e47a7f5f67a0f9f.lock
|
||||
t/sessions/lock/Apache-Session-d44bc6a227a1a33ac7876b5e9d781f232262ec5ff9df68e62be81a38146edea3.lock
|
||||
t/test-lib.pm
|
||||
xt/PE_Constants.t
|
||||
xt/test-weaken-portal.t
|
||||
|
|
|
@ -53,6 +53,11 @@ has forAuthUser => (
|
|||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has beforeLogout => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ( $self, $args ) = @_;
|
||||
|
@ -73,14 +78,17 @@ sub init {
|
|||
$self
|
||||
|
||||
# "/"
|
||||
->addUnauthRoute( '*', 'login', ['GET'] )
|
||||
->addUnauthRoute( '*', 'postLogin', ['POST'] )
|
||||
->addAuthRoute( '*', 'authenticatedRequest', ['GET'] )
|
||||
->addAuthRoute( '*', 'postAuthenticatedRequest', ['POST'] )
|
||||
->addUnauthRoute( '*' => 'login', ['GET'] )
|
||||
->addUnauthRoute( '*' => 'postLogin', ['POST'] )
|
||||
->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
|
||||
->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
|
||||
|
||||
# Core REST API
|
||||
->addUnauthRoute( 'test', 'pleaseAuth', ['GET'] )
|
||||
->addAuthRoute( 'test', 'authenticated', ['GET'] );
|
||||
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
|
||||
->addAuthRoute( ping => 'authenticated', ['GET'] )
|
||||
|
||||
# Logout
|
||||
->addAuthRoute( logout => 'logout', ['GET'] );
|
||||
|
||||
# Default routes must point to routines declared above
|
||||
$self->defaultAuthRoute('');
|
||||
|
|
|
@ -107,88 +107,42 @@ sub controlUrl {
|
|||
sub checkLogout {
|
||||
my ( $self, $req ) = @_;
|
||||
if ( $req->param('logout') ) {
|
||||
my $apacheSession = $self->getApacheSession($req->id);
|
||||
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
|
||||
$self->lmLog( "Unable to delete session ".$req->id, 'error' );
|
||||
$self->lmLog( $apacheSession->error, 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
|
||||
}
|
||||
$req->steps([@{ $self->beforeLogout }, 'deleteSession' ] );
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
# TODO
|
||||
# Call issuerDB logout on each used issuerDBmodule
|
||||
#my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
|
||||
#if ( defined $issuerDBList ) {
|
||||
# foreach my $issuerDBtype (
|
||||
# split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
|
||||
# {
|
||||
# my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
|
||||
# $self->lmLog(
|
||||
# "Process logout for issuerDB module $issuerDBtype",
|
||||
# 'debug' );
|
||||
sub deleteSession {
|
||||
my ( $self, $req ) = @_;
|
||||
my $apacheSession = $self->getApacheSession( $req->id );
|
||||
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
|
||||
$self->lmLog( "Unable to delete session " . $req->id, 'error' );
|
||||
$self->lmLog( $apacheSession->error, 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Session $req->{id} deleted from global storage",
|
||||
'debug' );
|
||||
}
|
||||
|
||||
# $self->{error} = $self->_subProcess(
|
||||
# $module_name . "::issuerDBInit",
|
||||
# $module_name . '::issuerLogout'
|
||||
# );
|
||||
# Collect logout services and build hidden iFrames
|
||||
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
|
||||
|
||||
# }
|
||||
#}
|
||||
# $self->lmLog( "Create iFrames to forward logout to services",
|
||||
# 'debug' );
|
||||
|
||||
# Call logout for the module used to authenticate
|
||||
#$self->lmLog(
|
||||
# "Process logout for authentication module "
|
||||
# . $self->{sessionInfo}->{_auth},
|
||||
# 'debug'
|
||||
#);
|
||||
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
|
||||
|
||||
#if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
|
||||
# my $module_name =
|
||||
# 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
|
||||
# foreach ( keys %{ $self->{logoutServices} } ) {
|
||||
# my $logoutServiceName = $_;
|
||||
# my $logoutServiceUrl =
|
||||
# $self->{logoutServices}->{$logoutServiceName};
|
||||
|
||||
# unless ( $self->loadModule($module_name) ) {
|
||||
# $self->lmLog( "Unable to load $module_name", 'error' );
|
||||
# }
|
||||
# else {
|
||||
# eval {
|
||||
# $self->{error} = $self->_subProcess(
|
||||
# $module_name . "::authInit",
|
||||
# $module_name . "::authLogout"
|
||||
# );
|
||||
# };
|
||||
# }
|
||||
#}
|
||||
#else {
|
||||
# eval {
|
||||
# $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
|
||||
# };
|
||||
#}
|
||||
#if ($@) {
|
||||
# $self->lmLog( "Error when calling authentication logout: $@",
|
||||
# 'debug' );
|
||||
#}
|
||||
#return $self->{error} if $self->{error} > 0;
|
||||
# $self->lmLog(
|
||||
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
|
||||
|
||||
# Collect logout services and build hidden iFrames
|
||||
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
|
||||
|
||||
# $self->lmLog( "Create iFrames to forward logout to services",
|
||||
# 'debug' );
|
||||
|
||||
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
|
||||
|
||||
# foreach ( keys %{ $self->{logoutServices} } ) {
|
||||
# my $logoutServiceName = $_;
|
||||
# my $logoutServiceUrl =
|
||||
# $self->{logoutServices}->{$logoutServiceName};
|
||||
|
||||
# $self->lmLog(
|
||||
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
|
||||
|
||||
# 'debug'
|
||||
# );
|
||||
# 'debug'
|
||||
# );
|
||||
|
||||
# my $iframe =
|
||||
# "<iframe src=\"$logoutServiceUrl\""
|
||||
|
@ -197,27 +151,32 @@ sub checkLogout {
|
|||
# . " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||
# . "</iframe>";
|
||||
|
||||
# $self->info($iframe);
|
||||
# }
|
||||
# $self->info($iframe);
|
||||
# }
|
||||
|
||||
# # Redirect on logout page if no other target defined
|
||||
# if ( !$self->{urldc} and !$self->{postUrl} ) {
|
||||
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
|
||||
# }
|
||||
#}
|
||||
# # Redirect on logout page if no other target defined
|
||||
# if ( !$self->{urldc} and !$self->{postUrl} ) {
|
||||
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
|
||||
# }
|
||||
#}
|
||||
|
||||
# Redirect or Post if asked by authLogout
|
||||
#return $self->_subProcess(qw(autoRedirect))
|
||||
# if ( $self->{urldc}
|
||||
# and $self->{urldc} ne $self->{portal} );
|
||||
# Redirect or Post if asked by authLogout
|
||||
#return $self->_subProcess(qw(autoRedirect))
|
||||
# if ( $self->{urldc}
|
||||
# and $self->{urldc} ne $self->{portal} );
|
||||
|
||||
#return $self->_subProcess(qw(autoPost))
|
||||
# if ( $self->{postUrl} );
|
||||
#return $self->_subProcess(qw(autoPost))
|
||||
# if ( $self->{postUrl} );
|
||||
|
||||
# Display logout message
|
||||
return PE_LOGOUT_OK;
|
||||
# If logout redirects to another URL, just remove next steps for the
|
||||
# request so autoRedirect will be called
|
||||
if ( $req->{urldc} and $req->{urldc} ne $self->conf->{portal} ) {
|
||||
$req->steps( [] );
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# Else display "error"
|
||||
return PE_LOGOUT_OK;
|
||||
}
|
||||
|
||||
# Check value to detect XSS attack
|
||||
|
|
|
@ -104,6 +104,11 @@ sub postAuthenticatedRequest {
|
|||
);
|
||||
}
|
||||
|
||||
sub logout {
|
||||
my ( $self, $req ) = @_;
|
||||
return $self->do( $req, [ @{ $self->beforeLogout }, 'deleteSession' ] );
|
||||
}
|
||||
|
||||
# RUNNING METHODS
|
||||
# ---------------
|
||||
|
||||
|
|
|
@ -2098,6 +2098,8 @@ sub setMacros {
|
|||
#@return Lemonldap::NG::Portal constant
|
||||
sub setLocalGroups {
|
||||
my $self = shift;
|
||||
$self->{sessionInfo}->{groups} = '';
|
||||
$self->{sessionInfo}->{hGroups} = {};
|
||||
foreach ( sort keys %{ $self->{groups} } ) {
|
||||
if ( $self->safe->reval( $self->{groups}->{$_} ) ) {
|
||||
$self->{sessionInfo}->{groups} .=
|
||||
|
|
Loading…
Reference in New Issue
Block a user