Commit a19067e5 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Delete CAS secondary sessions on logout (#101)

parent b819f75f
...@@ -17,7 +17,8 @@ our $VERSION = '0.01'; ...@@ -17,7 +17,8 @@ our $VERSION = '0.01';
# @return Lemonldap::NG::Portal error code # @return Lemonldap::NG::Portal error code
sub issuerDBInit { sub issuerDBInit {
my $self = shift; my $self = shift;
PE_OK;
return PE_OK;
} }
## @apmethod int issuerForUnAuthUser() ## @apmethod int issuerForUnAuthUser()
...@@ -147,12 +148,13 @@ sub issuerForUnAuthUser { ...@@ -147,12 +148,13 @@ sub issuerForUnAuthUser {
# Open local session # Open local session
my $localSession = my $localSession =
$self->getApacheSession( $casServiceSession->{id}, 1 ); $self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
unless ($localSession) { unless ($localSession) {
$self->lmLog( $self->lmLog(
"Local session " . $casServiceSession->{id} . " notfound", "Local session " . $casServiceSession->{_cas_id} . " notfound",
'error' ); 'error'
);
untie %$casServiceSession; untie %$casServiceSession;
$self->returnCasValidateError(); $self->returnCasValidateError();
} }
...@@ -173,7 +175,7 @@ sub issuerForUnAuthUser { ...@@ -173,7 +175,7 @@ sub issuerForUnAuthUser {
return PE_ERROR; return PE_ERROR;
} }
PE_OK; return PE_OK;
} }
## @apmethod int issuerForAuthUser() ## @apmethod int issuerForAuthUser()
...@@ -215,11 +217,11 @@ sub issuerForAuthUser { ...@@ -215,11 +217,11 @@ sub issuerForAuthUser {
|| $self->param('gateway'); || $self->param('gateway');
# Renew # Renew
if ( $renew eq 'true' ) {
# Authentication must be replayed # Authentication must be replayed
# TODO # TODO
if ( $renew eq 'true' ) { $self->lmLog( "Authentication renewal not managed", 'warn' );
$self->lmLog( "Authentication renewal not managed", 'error' );
return PE_ERROR;
} }
# If no service defined, exit # If no service defined, exit
...@@ -238,7 +240,7 @@ sub issuerForAuthUser { ...@@ -238,7 +240,7 @@ sub issuerForAuthUser {
$casServiceSession->{type} = 'casService'; $casServiceSession->{type} = 'casService';
$casServiceSession->{service} = $service; $casServiceSession->{service} = $service;
$casServiceSession->{id} = $session_id; $casServiceSession->{_cas_id} = $session_id;
$casServiceSession->{_utime} = $time; $casServiceSession->{_utime} = $time;
my $casServiceSessionID = $casServiceSession->{_session_id}; my $casServiceSessionID = $casServiceSession->{_session_id};
...@@ -278,7 +280,7 @@ sub issuerForAuthUser { ...@@ -278,7 +280,7 @@ sub issuerForAuthUser {
} }
# Delete linked CAS sessions # Delete linked CAS sessions
# TODO $self->deleteCasSecondarySessions($session_id);
# Delete local session # Delete local session
unless ( unless (
...@@ -304,7 +306,7 @@ sub issuerForAuthUser { ...@@ -304,7 +306,7 @@ sub issuerForAuthUser {
return PE_OK; return PE_OK;
} }
PE_OK; return PE_OK;
} }
## @apmethod int issuerLogout() ## @apmethod int issuerLogout()
...@@ -313,9 +315,13 @@ sub issuerForAuthUser { ...@@ -313,9 +315,13 @@ sub issuerForAuthUser {
sub issuerLogout { sub issuerLogout {
my $self = shift; my $self = shift;
# TODO # Session ID
my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
# Delete linked CAS sessions
$self->deleteCasSecondarySessions($session_id);
PE_OK; return PE_OK;
} }
1; 1;
......
...@@ -60,6 +60,53 @@ sub returnCasValidateSuccess { ...@@ -60,6 +60,53 @@ sub returnCasValidateSuccess {
$self->quit(); $self->quit();
} }
## @method boolean deleteCasSecondarySessions(string session_id)
# Find and delete CAS sessions bounded to a primary session
# @param session_id Primary session ID
# @return result
sub deleteCasSecondarySessions {
my ( $self, $session_id ) = splice @_;
my $result = 1;
# Find CAS sessions
my $cas_sessions =
$self->{casStorage}
->searchOn( $self->{casStorageOptions}, "_cas_id", $session_id );
if ( my @cas_sessions_keys = keys %$cas_sessions ) {
foreach my $cas_session (@cas_sessions_keys) {
# Get session
$self->lmLog( "Retrieve CAS session $cas_session", 'debug' );
my $casSessionInfo = $self->getSamlSession($cas_session);
# Delete session
eval { tied(%$casSessionInfo)->delete() };
if ($@) {
$self->lmLog( "Unable to delete CAS session $cas_session: $@",
'error' );
$result = 0;
}
else {
$self->lmLog( "CAS session $cas_session deleted", 'debug' );
}
}
}
else {
$self->lmLog( "No CAS session found for session $session_id ",
'debug' );
}
return $result;
}
1;
__END__ __END__
=head1 NAME =head1 NAME
...@@ -91,9 +138,13 @@ Return an error for CAS VALIDATE request ...@@ -91,9 +138,13 @@ Return an error for CAS VALIDATE request
Return success for CAS VALIDATE request Return success for CAS VALIDATE request
=head2 deleteCasSecondarySessions
Find and delete CAS sessions bounded to a primary session
=head1 SEE ALSO =head1 SEE ALSO
L<Lemonldap::NG::Portal::IssuerDBCAS>, L<Lemonldap::NG::Portal::IssuerDBCAS>
=head1 AUTHOR =head1 AUTHOR
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment