Improve logout for plugins (#595)
This commit is contained in:
parent
69410788bc
commit
b9cd5a89dd
|
@ -364,15 +364,6 @@ t/70-Lemonldap-NG-Portal-AuthOpenIDConnect.t
|
||||||
t/99-pod.t
|
t/99-pod.t
|
||||||
t/lmConf-1.js
|
t/lmConf-1.js
|
||||||
t/sessions/lock/.exists
|
t/sessions/lock/.exists
|
||||||
t/sessions/lock/Apache-Session-145dba262c1053fd855990d571d5583fe1c75f2ff6910a079f1e44c2b12f5f81.lock
|
|
||||||
t/sessions/lock/Apache-Session-1e662c0b3103d632d332d9561b6fbbf1f2aacb9a0d55263ee513311ec9ee7712.lock
|
|
||||||
t/sessions/lock/Apache-Session-32409f452220ef603d5819e1553d980b441474cf4a8f899de1243be2724aa50f.lock
|
|
||||||
t/sessions/lock/Apache-Session-4797304de2aa18005dc54b56d829477860f4ebadd1fc407af8f6de90edd59a2b.lock
|
|
||||||
t/sessions/lock/Apache-Session-5ece000315bf915633f75225fcdb11c2754bd254e49783a01f9763887d780c46.lock
|
|
||||||
t/sessions/lock/Apache-Session-7446b65e4838f5e35d661797c23118ee7afa08d3c673e3fd22c05721bdc5f273.lock
|
|
||||||
t/sessions/lock/Apache-Session-8e7cd669256eacc113b159e23d3ed1d84c862e9a3782022e50b362e6f3b29bab.lock
|
|
||||||
t/sessions/lock/Apache-Session-99ae337a06625431c00c76d8f85db2c9fed2afce9bdefba24e47a7f5f67a0f9f.lock
|
|
||||||
t/sessions/lock/Apache-Session-d44bc6a227a1a33ac7876b5e9d781f232262ec5ff9df68e62be81a38146edea3.lock
|
|
||||||
t/test-lib.pm
|
t/test-lib.pm
|
||||||
xt/PE_Constants.t
|
xt/PE_Constants.t
|
||||||
xt/test-weaken-portal.t
|
xt/test-weaken-portal.t
|
||||||
|
|
|
@ -53,6 +53,11 @@ has forAuthUser => (
|
||||||
isa => 'ArrayRef',
|
isa => 'ArrayRef',
|
||||||
default => sub { [] }
|
default => sub { [] }
|
||||||
);
|
);
|
||||||
|
has beforeLogout => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'ArrayRef',
|
||||||
|
default => sub { [] }
|
||||||
|
);
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ( $self, $args ) = @_;
|
my ( $self, $args ) = @_;
|
||||||
|
@ -73,14 +78,17 @@ sub init {
|
||||||
$self
|
$self
|
||||||
|
|
||||||
# "/"
|
# "/"
|
||||||
->addUnauthRoute( '*', 'login', ['GET'] )
|
->addUnauthRoute( '*' => 'login', ['GET'] )
|
||||||
->addUnauthRoute( '*', 'postLogin', ['POST'] )
|
->addUnauthRoute( '*' => 'postLogin', ['POST'] )
|
||||||
->addAuthRoute( '*', 'authenticatedRequest', ['GET'] )
|
->addAuthRoute( '*' => 'authenticatedRequest', ['GET'] )
|
||||||
->addAuthRoute( '*', 'postAuthenticatedRequest', ['POST'] )
|
->addAuthRoute( '*' => 'postAuthenticatedRequest', ['POST'] )
|
||||||
|
|
||||||
# Core REST API
|
# Core REST API
|
||||||
->addUnauthRoute( 'test', 'pleaseAuth', ['GET'] )
|
->addUnauthRoute( ping => 'pleaseAuth', ['GET'] )
|
||||||
->addAuthRoute( 'test', 'authenticated', ['GET'] );
|
->addAuthRoute( ping => 'authenticated', ['GET'] )
|
||||||
|
|
||||||
|
# Logout
|
||||||
|
->addAuthRoute( logout => 'logout', ['GET'] );
|
||||||
|
|
||||||
# Default routes must point to routines declared above
|
# Default routes must point to routines declared above
|
||||||
$self->defaultAuthRoute('');
|
$self->defaultAuthRoute('');
|
||||||
|
|
|
@ -107,6 +107,13 @@ sub controlUrl {
|
||||||
sub checkLogout {
|
sub checkLogout {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
if ( $req->param('logout') ) {
|
if ( $req->param('logout') ) {
|
||||||
|
$req->steps([@{ $self->beforeLogout }, 'deleteSession' ] );
|
||||||
|
}
|
||||||
|
PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub deleteSession {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
my $apacheSession = $self->getApacheSession( $req->id );
|
my $apacheSession = $self->getApacheSession( $req->id );
|
||||||
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
|
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
|
||||||
$self->lmLog( "Unable to delete session " . $req->id, 'error' );
|
$self->lmLog( "Unable to delete session " . $req->id, 'error' );
|
||||||
|
@ -114,63 +121,10 @@ sub checkLogout {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
|
$self->lmLog( "Session $req->{id} deleted from global storage",
|
||||||
|
'debug' );
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO
|
|
||||||
# Call issuerDB logout on each used issuerDBmodule
|
|
||||||
#my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
|
|
||||||
#if ( defined $issuerDBList ) {
|
|
||||||
# foreach my $issuerDBtype (
|
|
||||||
# split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
|
|
||||||
# {
|
|
||||||
# my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
|
|
||||||
# $self->lmLog(
|
|
||||||
# "Process logout for issuerDB module $issuerDBtype",
|
|
||||||
# 'debug' );
|
|
||||||
|
|
||||||
# $self->{error} = $self->_subProcess(
|
|
||||||
# $module_name . "::issuerDBInit",
|
|
||||||
# $module_name . '::issuerLogout'
|
|
||||||
# );
|
|
||||||
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
|
|
||||||
# Call logout for the module used to authenticate
|
|
||||||
#$self->lmLog(
|
|
||||||
# "Process logout for authentication module "
|
|
||||||
# . $self->{sessionInfo}->{_auth},
|
|
||||||
# 'debug'
|
|
||||||
#);
|
|
||||||
|
|
||||||
#if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
|
|
||||||
# my $module_name =
|
|
||||||
# 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
|
|
||||||
|
|
||||||
# unless ( $self->loadModule($module_name) ) {
|
|
||||||
# $self->lmLog( "Unable to load $module_name", 'error' );
|
|
||||||
# }
|
|
||||||
# else {
|
|
||||||
# eval {
|
|
||||||
# $self->{error} = $self->_subProcess(
|
|
||||||
# $module_name . "::authInit",
|
|
||||||
# $module_name . "::authLogout"
|
|
||||||
# );
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
#else {
|
|
||||||
# eval {
|
|
||||||
# $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
|
|
||||||
# };
|
|
||||||
#}
|
|
||||||
#if ($@) {
|
|
||||||
# $self->lmLog( "Error when calling authentication logout: $@",
|
|
||||||
# 'debug' );
|
|
||||||
#}
|
|
||||||
#return $self->{error} if $self->{error} > 0;
|
|
||||||
|
|
||||||
# Collect logout services and build hidden iFrames
|
# Collect logout services and build hidden iFrames
|
||||||
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
|
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
|
||||||
|
|
||||||
|
@ -214,10 +168,15 @@ sub checkLogout {
|
||||||
#return $self->_subProcess(qw(autoPost))
|
#return $self->_subProcess(qw(autoPost))
|
||||||
# if ( $self->{postUrl} );
|
# if ( $self->{postUrl} );
|
||||||
|
|
||||||
# Display logout message
|
# If logout redirects to another URL, just remove next steps for the
|
||||||
return PE_LOGOUT_OK;
|
# request so autoRedirect will be called
|
||||||
|
if ( $req->{urldc} and $req->{urldc} ne $self->conf->{portal} ) {
|
||||||
|
$req->steps( [] );
|
||||||
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Else display "error"
|
||||||
|
return PE_LOGOUT_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check value to detect XSS attack
|
# Check value to detect XSS attack
|
||||||
|
|
|
@ -104,6 +104,11 @@ sub postAuthenticatedRequest {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub logout {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
return $self->do( $req, [ @{ $self->beforeLogout }, 'deleteSession' ] );
|
||||||
|
}
|
||||||
|
|
||||||
# RUNNING METHODS
|
# RUNNING METHODS
|
||||||
# ---------------
|
# ---------------
|
||||||
|
|
||||||
|
|
|
@ -2098,6 +2098,8 @@ sub setMacros {
|
||||||
#@return Lemonldap::NG::Portal constant
|
#@return Lemonldap::NG::Portal constant
|
||||||
sub setLocalGroups {
|
sub setLocalGroups {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
$self->{sessionInfo}->{groups} = '';
|
||||||
|
$self->{sessionInfo}->{hGroups} = {};
|
||||||
foreach ( sort keys %{ $self->{groups} } ) {
|
foreach ( sort keys %{ $self->{groups} } ) {
|
||||||
if ( $self->safe->reval( $self->{groups}->{$_} ) ) {
|
if ( $self->safe->reval( $self->{groups}->{$_} ) ) {
|
||||||
$self->{sessionInfo}->{groups} .=
|
$self->{sessionInfo}->{groups} .=
|
||||||
|
|
Loading…
Reference in New Issue
Block a user