From 8b9d446d2ed766f9c8793d6751969f642ca77940 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 29 Jul 2014 10:42:43 +0200 Subject: [PATCH 1/2] Autologin: Remove deprecated autologin methods Remove methods from manager because autologin is now handled with special backends (AutoLoginBackend). The session is used to store the status about a remote user authentication to send a 401 header to the client upon logout. refs #6461 --- .../controllers/AuthenticationController.php | 9 +++++- library/Icinga/Authentication/Manager.php | 31 ------------------- 2 files changed, 8 insertions(+), 32 deletions(-) diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index bbb475989..47825c210 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException; use Icinga\Exception\NotReadableError; use Icinga\Exception\ConfigurationError; use Icinga\User; +use Icinga\Web\Session; use Icinga\Web\Url; /** @@ -67,6 +68,9 @@ class AuthenticationController extends ActionController $authenticated = $backend->authenticate($user); if ($authenticated === true) { $auth->setAuthenticated($user); + $session = Session::getSession()->getNamespace('authentication'); + $session->set('is_remote_user', true); + $session->write(); $this->rerenderLayout()->redirectNow($redirectUrl); } } @@ -131,9 +135,12 @@ class AuthenticationController extends ActionController public function logoutAction() { $auth = $this->Auth(); + + $session = Session::getSession()->getNamespace('authentication'); + $auth->removeAuthorization(); - if ($auth->isAuthenticatedFromRemoteUser()) { + if ($session->get('is_remote_user', false) === true) { $this->_helper->layout->setLayout('login'); $this->_response->setHttpResponseCode(401); } else { diff --git a/library/Icinga/Authentication/Manager.php b/library/Icinga/Authentication/Manager.php index 01964ef00..a0465d306 100644 --- a/library/Icinga/Authentication/Manager.php +++ b/library/Icinga/Authentication/Manager.php @@ -204,35 +204,4 @@ class Manager { return $this->user->getGroups(); } - - /** - * Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by - * an external authentication provider. - */ - public function authenticateFromRemoteUser() - { - if (array_key_exists('REMOTE_USER', $_SERVER)) { - $this->fromRemoteUser = true; - } - $this->authenticateFromSession(); - if ($this->user !== null) { - if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) { - // Remote user has changed, clear all sessions - $this->removeAuthorization(); - } - return; - } - if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) { - $this->user = new User($_SERVER["REMOTE_USER"]); - $this->persistCurrentUser(); - } - } - - /** - * If the session was established from the REMOTE_USER server variable. - */ - public function isAuthenticatedFromRemoteUser() - { - return $this->fromRemoteUser; - } } From d05e3bfcca5a18bf862ef69af07a5014db3f997b Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 29 Jul 2014 11:11:52 +0200 Subject: [PATCH 2/2] Autologin: Fix javascript logout code Window onload event handler comes to late. Change part of the code to use jQuery. refs #6461 --- .../views/scripts/authentication/logout.phtml | 41 ++++--------------- 1 file changed, 8 insertions(+), 33 deletions(-) diff --git a/application/views/scripts/authentication/logout.phtml b/application/views/scripts/authentication/logout.phtml index eb0d6dc44..9b03d190f 100644 --- a/application/views/scripts/authentication/logout.phtml +++ b/application/views/scripts/authentication/logout.phtml @@ -7,10 +7,7 @@ in every further request until the browser was closed. To allow logout and to allow the user to change the logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers. --> - -
-
-
+

-
-
-
-
- +
-
-