diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 018f3f4ec..e02748702 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -364,15 +364,6 @@ t/70-Lemonldap-NG-Portal-AuthOpenIDConnect.t
t/99-pod.t
t/lmConf-1.js
t/sessions/lock/.exists
-t/sessions/lock/Apache-Session-145dba262c1053fd855990d571d5583fe1c75f2ff6910a079f1e44c2b12f5f81.lock
-t/sessions/lock/Apache-Session-1e662c0b3103d632d332d9561b6fbbf1f2aacb9a0d55263ee513311ec9ee7712.lock
-t/sessions/lock/Apache-Session-32409f452220ef603d5819e1553d980b441474cf4a8f899de1243be2724aa50f.lock
-t/sessions/lock/Apache-Session-4797304de2aa18005dc54b56d829477860f4ebadd1fc407af8f6de90edd59a2b.lock
-t/sessions/lock/Apache-Session-5ece000315bf915633f75225fcdb11c2754bd254e49783a01f9763887d780c46.lock
-t/sessions/lock/Apache-Session-7446b65e4838f5e35d661797c23118ee7afa08d3c673e3fd22c05721bdc5f273.lock
-t/sessions/lock/Apache-Session-8e7cd669256eacc113b159e23d3ed1d84c862e9a3782022e50b362e6f3b29bab.lock
-t/sessions/lock/Apache-Session-99ae337a06625431c00c76d8f85db2c9fed2afce9bdefba24e47a7f5f67a0f9f.lock
-t/sessions/lock/Apache-Session-d44bc6a227a1a33ac7876b5e9d781f232262ec5ff9df68e62be81a38146edea3.lock
t/test-lib.pm
xt/PE_Constants.t
xt/test-weaken-portal.t
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
index 7d6fd49a9..dc63602b9 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@@ -53,6 +53,11 @@ has forAuthUser => (
isa => 'ArrayRef',
default => sub { [] }
);
+has beforeLogout => (
+ is => 'rw',
+ isa => 'ArrayRef',
+ default => sub { [] }
+);
sub init {
my ( $self, $args ) = @_;
@@ -73,14 +78,17 @@ sub init {
$self
# "/"
- ->addUnauthRoute( '*', 'login', ['GET'] )
- ->addUnauthRoute( '*', 'postLogin', ['POST'] )
- ->addAuthRoute( '*', 'authenticatedRequest', ['GET'] )
- ->addAuthRoute( '*', 'postAuthenticatedRequest', ['POST'] )
+ ->addUnauthRoute( '*' => 'login', ['GET'] )
+ ->addUnauthRoute( '*' => 'postLogin', ['POST'] )
+ ->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
+ ->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
# Core REST API
- ->addUnauthRoute( 'test', 'pleaseAuth', ['GET'] )
- ->addAuthRoute( 'test', 'authenticated', ['GET'] );
+ ->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
+ ->addAuthRoute( ping => 'authenticated', ['GET'] )
+
+ # Logout
+ ->addAuthRoute( logout => 'logout', ['GET'] );
# Default routes must point to routines declared above
$self->defaultAuthRoute('');
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 8ffe59ec1..0cd125fa9 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -107,88 +107,42 @@ sub controlUrl {
sub checkLogout {
my ( $self, $req ) = @_;
if ( $req->param('logout') ) {
- my $apacheSession = $self->getApacheSession($req->id);
- unless ( $self->_deleteSession( $req, $apacheSession ) ) {
- $self->lmLog( "Unable to delete session ".$req->id, 'error' );
- $self->lmLog( $apacheSession->error, 'error' );
- return PE_ERROR;
- }
- else {
- $self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
- }
+ $req->steps([@{ $self->beforeLogout }, 'deleteSession' ] );
+ }
+ PE_OK;
+}
- # TODO
- # Call issuerDB logout on each used issuerDBmodule
- #my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
- #if ( defined $issuerDBList ) {
- # foreach my $issuerDBtype (
- # split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
- # {
- # my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
- # $self->lmLog(
- # "Process logout for issuerDB module $issuerDBtype",
- # 'debug' );
+sub deleteSession {
+ my ( $self, $req ) = @_;
+ my $apacheSession = $self->getApacheSession( $req->id );
+ unless ( $self->_deleteSession( $req, $apacheSession ) ) {
+ $self->lmLog( "Unable to delete session " . $req->id, 'error' );
+ $self->lmLog( $apacheSession->error, 'error' );
+ return PE_ERROR;
+ }
+ else {
+ $self->lmLog( "Session $req->{id} deleted from global storage",
+ 'debug' );
+ }
- # $self->{error} = $self->_subProcess(
- # $module_name . "::issuerDBInit",
- # $module_name . '::issuerLogout'
- # );
+ # Collect logout services and build hidden iFrames
+ #if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
- # }
- #}
+ # $self->lmLog( "Create iFrames to forward logout to services",
+ # 'debug' );
- # Call logout for the module used to authenticate
- #$self->lmLog(
- # "Process logout for authentication module "
- # . $self->{sessionInfo}->{_auth},
- # 'debug'
- #);
+ # $self->info( "" . $self->msg(PM_LOGOUT) . "
" );
- #if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
- # my $module_name =
- # 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
+ # foreach ( keys %{ $self->{logoutServices} } ) {
+ # my $logoutServiceName = $_;
+ # my $logoutServiceUrl =
+ # $self->{logoutServices}->{$logoutServiceName};
- # unless ( $self->loadModule($module_name) ) {
- # $self->lmLog( "Unable to load $module_name", 'error' );
- # }
- # else {
- # eval {
- # $self->{error} = $self->_subProcess(
- # $module_name . "::authInit",
- # $module_name . "::authLogout"
- # );
- # };
- # }
- #}
- #else {
- # eval {
- # $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
- # };
- #}
- #if ($@) {
- # $self->lmLog( "Error when calling authentication logout: $@",
- # 'debug' );
- #}
- #return $self->{error} if $self->{error} > 0;
+ # $self->lmLog(
+ #"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
- # Collect logout services and build hidden iFrames
- #if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
-
- # $self->lmLog( "Create iFrames to forward logout to services",
- # 'debug' );
-
- # $self->info( "" . $self->msg(PM_LOGOUT) . "
" );
-
- # foreach ( keys %{ $self->{logoutServices} } ) {
- # my $logoutServiceName = $_;
- # my $logoutServiceUrl =
- # $self->{logoutServices}->{$logoutServiceName};
-
- # $self->lmLog(
- #"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
-
- # 'debug'
- # );
+ # 'debug'
+ # );
# my $iframe =
# "";
- # $self->info($iframe);
- # }
+ # $self->info($iframe);
+ # }
- # # Redirect on logout page if no other target defined
- # if ( !$self->{urldc} and !$self->{postUrl} ) {
- # $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
- # }
- #}
+ # # Redirect on logout page if no other target defined
+ # if ( !$self->{urldc} and !$self->{postUrl} ) {
+ # $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
+ # }
+ #}
- # Redirect or Post if asked by authLogout
- #return $self->_subProcess(qw(autoRedirect))
- # if ( $self->{urldc}
- # and $self->{urldc} ne $self->{portal} );
+ # Redirect or Post if asked by authLogout
+ #return $self->_subProcess(qw(autoRedirect))
+ # if ( $self->{urldc}
+ # and $self->{urldc} ne $self->{portal} );
- #return $self->_subProcess(qw(autoPost))
- # if ( $self->{postUrl} );
+ #return $self->_subProcess(qw(autoPost))
+ # if ( $self->{postUrl} );
- # Display logout message
- return PE_LOGOUT_OK;
+ # If logout redirects to another URL, just remove next steps for the
+ # request so autoRedirect will be called
+ if ( $req->{urldc} and $req->{urldc} ne $self->conf->{portal} ) {
+ $req->steps( [] );
+ return PE_OK;
}
+ # Else display "error"
+ return PE_LOGOUT_OK;
}
# Check value to detect XSS attack
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 4783fe99d..38b59dd4b 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -104,6 +104,11 @@ sub postAuthenticatedRequest {
);
}
+sub logout {
+ my ( $self, $req ) = @_;
+ return $self->do( $req, [ @{ $self->beforeLogout }, 'deleteSession' ] );
+}
+
# RUNNING METHODS
# ---------------
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 40a5ff48d..98eb6d60c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -2098,6 +2098,8 @@ sub setMacros {
#@return Lemonldap::NG::Portal constant
sub setLocalGroups {
my $self = shift;
+ $self->{sessionInfo}->{groups} = '';
+ $self->{sessionInfo}->{hGroups} = {};
foreach ( sort keys %{ $self->{groups} } ) {
if ( $self->safe->reval( $self->{groups}->{$_} ) ) {
$self->{sessionInfo}->{groups} .=