dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve logout for plugins (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2016-04-18 20:23:40 +00:00
parent 69410788bc
commit b9cd5a89dd
5 changed files with 70 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lemonldap-ng-portal/MANIFEST
View File

@ -364,15 +364,6 @@ t/70-Lemonldap-NG-Portal-AuthOpenIDConnect.t
t/99-pod.t
t/lmConf-1.js
t/sessions/lock/.exists
t/sessions/lock/Apache-Session-145dba262c1053fd855990d571d5583fe1c75f2ff6910a079f1e44c2b12f5f81.lock
t/sessions/lock/Apache-Session-1e662c0b3103d632d332d9561b6fbbf1f2aacb9a0d55263ee513311ec9ee7712.lock
t/sessions/lock/Apache-Session-32409f452220ef603d5819e1553d980b441474cf4a8f899de1243be2724aa50f.lock
t/sessions/lock/Apache-Session-4797304de2aa18005dc54b56d829477860f4ebadd1fc407af8f6de90edd59a2b.lock
t/sessions/lock/Apache-Session-5ece000315bf915633f75225fcdb11c2754bd254e49783a01f9763887d780c46.lock
t/sessions/lock/Apache-Session-7446b65e4838f5e35d661797c23118ee7afa08d3c673e3fd22c05721bdc5f273.lock
t/sessions/lock/Apache-Session-8e7cd669256eacc113b159e23d3ed1d84c862e9a3782022e50b362e6f3b29bab.lock
t/sessions/lock/Apache-Session-99ae337a06625431c00c76d8f85db2c9fed2afce9bdefba24e47a7f5f67a0f9f.lock
t/sessions/lock/Apache-Session-d44bc6a227a1a33ac7876b5e9d781f232262ec5ff9df68e62be81a38146edea3.lock
t/test-lib.pm
xt/PE_Constants.t
xt/test-weaken-portal.t

20
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
View File

@ -53,6 +53,11 @@ has forAuthUser => (
isa => 'ArrayRef',
default => sub { [] }
);
has beforeLogout => (
is => 'rw',
isa => 'ArrayRef',
default => sub { [] }
);
sub init {
my ( $self, $args ) = @_;
@ -73,14 +78,17 @@ sub init {
$self
# "/"
->addUnauthRoute( '*', 'login', ['GET'] )
->addUnauthRoute( '*', 'postLogin', ['POST'] )
->addAuthRoute( '*', 'authenticatedRequest', ['GET'] )
->addAuthRoute( '*', 'postAuthenticatedRequest', ['POST'] )
->addUnauthRoute( '*' => 'login', ['GET'] )
->addUnauthRoute( '*' => 'postLogin', ['POST'] )
->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
# Core REST API
->addUnauthRoute( 'test', 'pleaseAuth', ['GET'] )
->addAuthRoute( 'test', 'authenticated', ['GET'] );
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
->addAuthRoute( ping => 'authenticated', ['GET'] )
# Logout
->addAuthRoute( logout => 'logout', ['GET'] );
# Default routes must point to routines declared above
$self->defaultAuthRoute('');

139
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -107,88 +107,42 @@ sub controlUrl {
sub checkLogout {
my ( $self, $req ) = @_;
if ( $req->param('logout') ) {
my $apacheSession = $self->getApacheSession($req->id);
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
$self->lmLog( "Unable to delete session ".$req->id, 'error' );
$self->lmLog( $apacheSession->error, 'error' );
return PE_ERROR;
}
else {
$self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
}
$req->steps([@{ $self->beforeLogout }, 'deleteSession' ] );
}
PE_OK;
}
# TODO
# Call issuerDB logout on each used issuerDBmodule
#my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
#if ( defined $issuerDBList ) {
# foreach my $issuerDBtype (
# split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
# {
# my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
# $self->lmLog(
# "Process logout for issuerDB module $issuerDBtype",
# 'debug' );
sub deleteSession {
my ( $self, $req ) = @_;
my $apacheSession = $self->getApacheSession( $req->id );
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
$self->lmLog( "Unable to delete session " . $req->id, 'error' );
$self->lmLog( $apacheSession->error, 'error' );
return PE_ERROR;
}
else {
$self->lmLog( "Session $req->{id} deleted from global storage",
'debug' );
}
# $self->{error} = $self->_subProcess(
# $module_name . "::issuerDBInit",
# $module_name . '::issuerLogout'
# );
# Collect logout services and build hidden iFrames
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
# }
#}
# $self->lmLog( "Create iFrames to forward logout to services",
# 'debug' );
# Call logout for the module used to authenticate
#$self->lmLog(
# "Process logout for authentication module "
# . $self->{sessionInfo}->{_auth},
# 'debug'
#);
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
#if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
# my $module_name =
# 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
# foreach ( keys %{ $self->{logoutServices} } ) {
# my $logoutServiceName = $_;
# my $logoutServiceUrl =
# $self->{logoutServices}->{$logoutServiceName};
# unless ( $self->loadModule($module_name) ) {
# $self->lmLog( "Unable to load $module_name", 'error' );
# }
# else {
# eval {
# $self->{error} = $self->_subProcess(
# $module_name . "::authInit",
# $module_name . "::authLogout"
# );
# };
# }
#}
#else {
# eval {
# $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
# };
#}
#if ($@) {
# $self->lmLog( "Error when calling authentication logout: $@",
# 'debug' );
#}
#return $self->{error} if $self->{error} > 0;
# $self->lmLog(
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
# Collect logout services and build hidden iFrames
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
# $self->lmLog( "Create iFrames to forward logout to services",
# 'debug' );
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
# foreach ( keys %{ $self->{logoutServices} } ) {
# my $logoutServiceName = $_;
# my $logoutServiceUrl =
# $self->{logoutServices}->{$logoutServiceName};
# $self->lmLog(
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
# 'debug'
# );
# 'debug'
# );
# my $iframe =
# "<iframe src=\"$logoutServiceUrl\""
@ -197,27 +151,32 @@ sub checkLogout {
# . " width=\"0\" height=\"0\" frameborder=\"0\">"
# . "</iframe>";
# $self->info($iframe);
# }
# $self->info($iframe);
# }
# # Redirect on logout page if no other target defined
# if ( !$self->{urldc} and !$self->{postUrl} ) {
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
# }
#}
# # Redirect on logout page if no other target defined
# if ( !$self->{urldc} and !$self->{postUrl} ) {
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
# }
#}
# Redirect or Post if asked by authLogout
#return $self->_subProcess(qw(autoRedirect))
# if ( $self->{urldc}
# and $self->{urldc} ne $self->{portal} );
# Redirect or Post if asked by authLogout
#return $self->_subProcess(qw(autoRedirect))
# if ( $self->{urldc}
# and $self->{urldc} ne $self->{portal} );
#return $self->_subProcess(qw(autoPost))
# if ( $self->{postUrl} );
#return $self->_subProcess(qw(autoPost))
# if ( $self->{postUrl} );
# Display logout message
return PE_LOGOUT_OK;
# If logout redirects to another URL, just remove next steps for the
# request so autoRedirect will be called
if ( $req->{urldc} and $req->{urldc} ne $self->conf->{portal} ) {
$req->steps( [] );
return PE_OK;
}
# Else display "error"
return PE_LOGOUT_OK;
}
# Check value to detect XSS attack

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -104,6 +104,11 @@ sub postAuthenticatedRequest {
);
}
sub logout {
my ( $self, $req ) = @_;
return $self->do( $req, [ @{ $self->beforeLogout }, 'deleteSession' ] );
}
# RUNNING METHODS
# ---------------

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
View File

@ -2098,6 +2098,8 @@ sub setMacros {
#@return Lemonldap::NG::Portal constant
sub setLocalGroups {
my $self = shift;
$self->{sessionInfo}->{groups} = '';
$self->{sessionInfo}->{hGroups} = {};
foreach ( sort keys %{ $self->{groups} } ) {
if ( $self->safe->reval( $self->{groups}->{$_} ) ) {
$self->{sessionInfo}->{groups} .=