commit
8f85a66e13
|
@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException;
|
||||||
use Icinga\Exception\NotReadableError;
|
use Icinga\Exception\NotReadableError;
|
||||||
use Icinga\Exception\ConfigurationError;
|
use Icinga\Exception\ConfigurationError;
|
||||||
use Icinga\User;
|
use Icinga\User;
|
||||||
|
use Icinga\Web\Session;
|
||||||
use Icinga\Web\Url;
|
use Icinga\Web\Url;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -67,6 +68,9 @@ class AuthenticationController extends ActionController
|
||||||
$authenticated = $backend->authenticate($user);
|
$authenticated = $backend->authenticate($user);
|
||||||
if ($authenticated === true) {
|
if ($authenticated === true) {
|
||||||
$auth->setAuthenticated($user);
|
$auth->setAuthenticated($user);
|
||||||
|
$session = Session::getSession()->getNamespace('authentication');
|
||||||
|
$session->set('is_remote_user', true);
|
||||||
|
$session->write();
|
||||||
$this->rerenderLayout()->redirectNow($redirectUrl);
|
$this->rerenderLayout()->redirectNow($redirectUrl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -131,9 +135,12 @@ class AuthenticationController extends ActionController
|
||||||
public function logoutAction()
|
public function logoutAction()
|
||||||
{
|
{
|
||||||
$auth = $this->Auth();
|
$auth = $this->Auth();
|
||||||
|
|
||||||
|
$session = Session::getSession()->getNamespace('authentication');
|
||||||
|
|
||||||
$auth->removeAuthorization();
|
$auth->removeAuthorization();
|
||||||
|
|
||||||
if ($auth->isAuthenticatedFromRemoteUser()) {
|
if ($session->get('is_remote_user', false) === true) {
|
||||||
$this->_helper->layout->setLayout('login');
|
$this->_helper->layout->setLayout('login');
|
||||||
$this->_response->setHttpResponseCode(401);
|
$this->_response->setHttpResponseCode(401);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -7,10 +7,7 @@
|
||||||
in every further request until the browser was closed. To allow logout and to allow the user to change the
|
in every further request until the browser was closed. To allow logout and to allow the user to change the
|
||||||
logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
|
logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
|
||||||
-->
|
-->
|
||||||
|
<div class="content">
|
||||||
<div class="row">
|
|
||||||
<br/>
|
|
||||||
<div class="md-offset-3 col-md-6 col-sm-6 col-sm-offset-3">
|
|
||||||
<div class="alert alert-warning" id="logout-status">
|
<div class="alert alert-warning" id="logout-status">
|
||||||
<b> <?= t('Logging out...'); ?> </b> <br />
|
<b> <?= t('Logging out...'); ?> </b> <br />
|
||||||
<?= t(
|
<?= t(
|
||||||
|
@ -19,37 +16,19 @@
|
||||||
'browser session.'
|
'browser session.'
|
||||||
); ?>
|
); ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="row">
|
|
||||||
<div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
|
|
||||||
<div class="container" >
|
<div class="container" >
|
||||||
<a class="button btn btn-cta form-control input-sm" href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
|
<a href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
|
* When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
|
||||||
* before it is able to finish. This will cause the browser to show a new authentication prompt in the next
|
* before it is able to finish. This will cause the browser to show a new authentication prompt in the next
|
||||||
* request.
|
* request.
|
||||||
*/
|
*/
|
||||||
window.onload = function () {
|
$(document).ready(function() {
|
||||||
function getXMLHttpRequest() {
|
msg = $('#logout-status');
|
||||||
var xmlhttp = null;
|
|
||||||
try {
|
|
||||||
if (window.XMLHttpRequest) {
|
|
||||||
xmlhttp = new XMLHttpRequest();
|
|
||||||
} else if (window.ActiveXObject) {
|
|
||||||
xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
|
|
||||||
}
|
|
||||||
} catch (e) {}
|
|
||||||
return xmlhttp;
|
|
||||||
}
|
|
||||||
var msg = document.getElementById('logout-status');
|
|
||||||
try {
|
try {
|
||||||
if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
|
if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
|
||||||
document.execCommand('ClearAuthenticationCache');
|
document.execCommand('ClearAuthenticationCache');
|
||||||
|
@ -60,13 +39,9 @@
|
||||||
xhttp.abort();
|
xhttp.abort();
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
msg.innerHTML = '<?= t(
|
|
||||||
'Logout not possible, it may be necessary to quit the session manually ' .
|
|
||||||
'by clearing the cache, or closing the current browser session. Error: '
|
|
||||||
);?>' + ': ' + e.getMessage() ;
|
|
||||||
msg.setAttribute('class', 'alert alert-danger');
|
|
||||||
}
|
}
|
||||||
msg.innerHTML = '<?= t('Logout successful!'); ?>';
|
msg.html('<?= t('Logout successful!'); ?>');
|
||||||
msg.setAttribute('class', 'alert alert-success');
|
msg.removeClass();
|
||||||
};
|
msg.addClass('alert alert-success');
|
||||||
|
});
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -204,35 +204,4 @@ class Manager
|
||||||
{
|
{
|
||||||
return $this->user->getGroups();
|
return $this->user->getGroups();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
|
|
||||||
* an external authentication provider.
|
|
||||||
*/
|
|
||||||
public function authenticateFromRemoteUser()
|
|
||||||
{
|
|
||||||
if (array_key_exists('REMOTE_USER', $_SERVER)) {
|
|
||||||
$this->fromRemoteUser = true;
|
|
||||||
}
|
|
||||||
$this->authenticateFromSession();
|
|
||||||
if ($this->user !== null) {
|
|
||||||
if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
|
|
||||||
// Remote user has changed, clear all sessions
|
|
||||||
$this->removeAuthorization();
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
|
|
||||||
$this->user = new User($_SERVER["REMOTE_USER"]);
|
|
||||||
$this->persistCurrentUser();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If the session was established from the REMOTE_USER server variable.
|
|
||||||
*/
|
|
||||||
public function isAuthenticatedFromRemoteUser()
|
|
||||||
{
|
|
||||||
return $this->fromRemoteUser;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue