Commit 35d1ad0b authored by Yadd's avatar Yadd

Simple logout works (#595)

parent d32d9646
......@@ -364,7 +364,7 @@ prepare_test_server:
VHOSTLISTEN='*:$(TESTWEBSERVERPORT)' \
PORT=$(TESTWEBSERVERPORT) \
FASTCGISOCKDIR=`pwd`/e2e-tests/conf \
PORTALDIR=`pwd`/$(SRCPORTALDIR)/example \
PORTALDIR=`pwd`/$(SRCPORTALDIR)/site/htdocs \
MANAGERDIR=`pwd`/$(SRCMANAGERDIR)/site \
TESTDIR=`pwd`/e2e-tests/conf/site \
MANAGERPSGIDIR=`pwd`/e2e-tests \
......
......@@ -22,12 +22,6 @@
Options +ExecCGI +FollowSymLinks
</Directory>
# Perl script
<Files *.pl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
</Files>
# Temporary hook
<Files *.fcgi>
SetHandler fcgid-script
......@@ -35,7 +29,7 @@
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
DirectoryIndex index.html index.fcgi
</IfModule>
# SOAP functions for sessions management (disabled by default)
......
......@@ -104,6 +104,122 @@ sub controlUrl {
PE_OK;
}
sub checkLogout {
my ( $self, $req ) = @_;
if ( $req->param('logout') ) {
my $apacheSession = $self->getApacheSession($req->id);
unless ( $self->_deleteSession( $req, $apacheSession ) ) {
$self->lmLog( "Unable to delete session ".$req->id, 'error' );
$self->lmLog( $apacheSession->error, 'error' );
return PE_ERROR;
}
else {
$self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
}
# TODO
# Call issuerDB logout on each used issuerDBmodule
#my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
#if ( defined $issuerDBList ) {
# foreach my $issuerDBtype (
# split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
# {
# my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
# $self->lmLog(
# "Process logout for issuerDB module $issuerDBtype",
# 'debug' );
# $self->{error} = $self->_subProcess(
# $module_name . "::issuerDBInit",
# $module_name . '::issuerLogout'
# );
# }
#}
# Call logout for the module used to authenticate
#$self->lmLog(
# "Process logout for authentication module "
# . $self->{sessionInfo}->{_auth},
# 'debug'
#);
#if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
# my $module_name =
# 'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
# unless ( $self->loadModule($module_name) ) {
# $self->lmLog( "Unable to load $module_name", 'error' );
# }
# else {
# eval {
# $self->{error} = $self->_subProcess(
# $module_name . "::authInit",
# $module_name . "::authLogout"
# );
# };
# }
#}
#else {
# eval {
# $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
# };
#}
#if ($@) {
# $self->lmLog( "Error when calling authentication logout: $@",
# 'debug' );
#}
#return $self->{error} if $self->{error} > 0;
# Collect logout services and build hidden iFrames
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
# $self->lmLog( "Create iFrames to forward logout to services",
# 'debug' );
# $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
# foreach ( keys %{ $self->{logoutServices} } ) {
# my $logoutServiceName = $_;
# my $logoutServiceUrl =
# $self->{logoutServices}->{$logoutServiceName};
# $self->lmLog(
#"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
# 'debug'
# );
# my $iframe =
# "<iframe src=\"$logoutServiceUrl\""
# . " alt=\"$logoutServiceName\" marginwidth=\"0\""
# . " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
# . " width=\"0\" height=\"0\" frameborder=\"0\">"
# . "</iframe>";
# $self->info($iframe);
# }
# # Redirect on logout page if no other target defined
# if ( !$self->{urldc} and !$self->{postUrl} ) {
# $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
# }
#}
# Redirect or Post if asked by authLogout
#return $self->_subProcess(qw(autoRedirect))
# if ( $self->{urldc}
# and $self->{urldc} ne $self->{portal} );
#return $self->_subProcess(qw(autoPost))
# if ( $self->{postUrl} );
# Display logout message
return PE_LOGOUT_OK;
}
}
# Check value to detect XSS attack
# @param name Parameter name
# @param value Parameter value
......
......@@ -83,8 +83,13 @@ sub postLogin {
sub authenticatedRequest {
my ( $self, $req ) = @_;
return $self->do( $req,
[ 'importHandlerDatas', 'controlUrl', @{ $self->forAuthUser } ] );
return $self->do(
$req,
[
'importHandlerDatas', 'checkLogout',
'controlUrl', @{ $self->forAuthUser }
]
);
}
sub postAuthenticatedRequest {
......@@ -92,8 +97,9 @@ sub postAuthenticatedRequest {
return $self->do(
$req,
[
'importHandlerDatas', 'restoreArgs',
'controlUrl', @{ $self->forAuthUser }
'importHandlerDatas', 'checkLogout',
'restoreArgs', 'controlUrl',
@{ $self->forAuthUser }
]
);
}
......@@ -258,6 +264,62 @@ sub getPersistentSession {
return $ps;
}
# Delete an existing session. If "securedCookie" is set to 2, the http session
# will also be removed.
# @param h tied Apache::Session object
# @param preserveCookie do not delete cookie
# @return True if session has been deleted
sub _deleteSession {
my ( $self, $req, $session, $preserveCookie ) = @_;
# Invalidate http cookie and session, if set
if ( $self->{securedCookie} >= 2 ) {
# Try to find a linked http session (securedCookie == 2)
if ( my $id2 = $session->data->{_httpSession} ) {
if ( my $session2 = $self->getApacheSession( $id2, 1 ) ) {
$session2->remove;
if ( $session2->error ) {
$self->lmLog( "Unable to remove linked session $id2",
'debug' );
$self->lmLog( $session2->error, 'debug' );
}
}
}
# Create an obsolete cookie to remove it
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName} . 'http',
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
) unless ($preserveCookie);
}
$session->remove;
# Create an obsolete cookie to remove it
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName},
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
@_,
) unless ($preserveCookie);
# Log
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
$self->userNotice("User $user has been disconnected") if $user;
return $session->error ? 0 : 1;
}
# Return md5(s)
sub _md5hash {
my ( $self, $s ) = @_;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment