icingaweb2/application/views/scripts/authentication/logout.phtml

49 lines
2.0 KiB
PHTML
Raw Normal View History

<!--
This view provides a workaround to logout from an external authentication provider, in case external
authentication was configured (the default is to handle authentications internally in Icingaweb2).
The <a href="http://tools.ietf.org/html/rfc2617">Http Basic and Digest Authentication</a> is not
designed to handle logout. When the user has provided valid credentials, the client is adviced to include these
in every further request until the browser was closed. To allow logout and to allow the user to change the
logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
-->
<div class="content">
<div class="alert alert-warning" id="logout-status">
<b><?= t('Logging out...'); ?></b>
<br>
<?= t(
'If this message does not disappear, it might be necessary to quit the'
. ' current session manually by clearing the cache, or by closing the current'
. ' browser session.'
); ?>
</div>
<div class="container" >
<a href="<?= $this->href('dashboard/index'); ?>"><?= t('Login'); ?></a>
</div>
</div>
<script type="text/javascript">
/*
* When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
* before it is able to finish. This will cause the browser to show a new authentication prompt in the next
* request.
*/
$(document).ready(function() {
var msg = $('#logout-status');
try {
if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
document.execCommand('ClearAuthenticationCache');
} else {
var xhttp = getXMLHttpRequest();
xhttp.open('GET', 'arbitrary url', true, 'logout', 'logout');
xhttp.send('');
xhttp.abort();
}
} catch (e) {
}
msg.html('<?= t('Logout successful!'); ?>');
msg.removeClass();
msg.addClass('alert alert-success');
});
</script>