Commit a19067e5 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Delete CAS secondary sessions on logout (#101)

parent b819f75f
......@@ -17,7 +17,8 @@ our $VERSION = '0.01';
# @return Lemonldap::NG::Portal error code
sub issuerDBInit {
my $self = shift;
PE_OK;
return PE_OK;
}
## @apmethod int issuerForUnAuthUser()
......@@ -147,12 +148,13 @@ sub issuerForUnAuthUser {
# Open local session
my $localSession =
$self->getApacheSession( $casServiceSession->{id}, 1 );
$self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
unless ($localSession) {
$self->lmLog(
"Local session " . $casServiceSession->{id} . " notfound",
'error' );
"Local session " . $casServiceSession->{_cas_id} . " notfound",
'error'
);
untie %$casServiceSession;
$self->returnCasValidateError();
}
......@@ -173,7 +175,7 @@ sub issuerForUnAuthUser {
return PE_ERROR;
}
PE_OK;
return PE_OK;
}
## @apmethod int issuerForAuthUser()
......@@ -215,11 +217,11 @@ sub issuerForAuthUser {
|| $self->param('gateway');
# Renew
if ( $renew eq 'true' ) {
# Authentication must be replayed
# TODO
if ( $renew eq 'true' ) {
$self->lmLog( "Authentication renewal not managed", 'error' );
return PE_ERROR;
$self->lmLog( "Authentication renewal not managed", 'warn' );
}
# If no service defined, exit
......@@ -238,7 +240,7 @@ sub issuerForAuthUser {
$casServiceSession->{type} = 'casService';
$casServiceSession->{service} = $service;
$casServiceSession->{id} = $session_id;
$casServiceSession->{_cas_id} = $session_id;
$casServiceSession->{_utime} = $time;
my $casServiceSessionID = $casServiceSession->{_session_id};
......@@ -278,7 +280,7 @@ sub issuerForAuthUser {
}
# Delete linked CAS sessions
# TODO
$self->deleteCasSecondarySessions($session_id);
# Delete local session
unless (
......@@ -304,7 +306,7 @@ sub issuerForAuthUser {
return PE_OK;
}
PE_OK;
return PE_OK;
}
## @apmethod int issuerLogout()
......@@ -313,9 +315,13 @@ sub issuerForAuthUser {
sub issuerLogout {
my $self = shift;
# TODO
# Session ID
my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
# Delete linked CAS sessions
$self->deleteCasSecondarySessions($session_id);
PE_OK;
return PE_OK;
}
1;
......
......@@ -60,6 +60,53 @@ sub returnCasValidateSuccess {
$self->quit();
}
## @method boolean deleteCasSecondarySessions(string session_id)
# Find and delete CAS sessions bounded to a primary session
# @param session_id Primary session ID
# @return result
sub deleteCasSecondarySessions {
my ( $self, $session_id ) = splice @_;
my $result = 1;
# Find CAS sessions
my $cas_sessions =
$self->{casStorage}
->searchOn( $self->{casStorageOptions}, "_cas_id", $session_id );
if ( my @cas_sessions_keys = keys %$cas_sessions ) {
foreach my $cas_session (@cas_sessions_keys) {
# Get session
$self->lmLog( "Retrieve CAS session $cas_session", 'debug' );
my $casSessionInfo = $self->getSamlSession($cas_session);
# Delete session
eval { tied(%$casSessionInfo)->delete() };
if ($@) {
$self->lmLog( "Unable to delete CAS session $cas_session: $@",
'error' );
$result = 0;
}
else {
$self->lmLog( "CAS session $cas_session deleted", 'debug' );
}
}
}
else {
$self->lmLog( "No CAS session found for session $session_id ",
'debug' );
}
return $result;
}
1;
__END__
=head1 NAME
......@@ -91,9 +138,13 @@ Return an error for CAS VALIDATE request
Return success for CAS VALIDATE request
=head2 deleteCasSecondarySessions
Find and delete CAS sessions bounded to a primary session
=head1 SEE ALSO
L<Lemonldap::NG::Portal::IssuerDBCAS>,
L<Lemonldap::NG::Portal::IssuerDBCAS>
=head1 AUTHOR
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment