Marius Hein
commit
8f85a66e13
|
|
@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException;
|
|||
use Icinga\Exception\NotReadableError;
|
||||
use Icinga\Exception\ConfigurationError;
|
||||
use Icinga\User;
|
||||
use Icinga\Web\Session;
|
||||
use Icinga\Web\Url;
|
||||
|
||||
/**
|
||||
|
|
@ -67,6 +68,9 @@ class AuthenticationController extends ActionController
|
|||
$authenticated = $backend->authenticate($user);
|
||||
if ($authenticated === true) {
|
||||
$auth->setAuthenticated($user);
|
||||
$session = Session::getSession()->getNamespace('authentication');
|
||||
$session->set('is_remote_user', true);
|
||||
$session->write();
|
||||
$this->rerenderLayout()->redirectNow($redirectUrl);
|
||||
}
|
||||
}
|
||||
|
|
@ -131,9 +135,12 @@ class AuthenticationController extends ActionController
|
|||
public function logoutAction()
|
||||
{
|
||||
$auth = $this->Auth();
|
||||
|
||||
$session = Session::getSession()->getNamespace('authentication');
|
||||
|
||||
$auth->removeAuthorization();
|
||||
|
||||
if ($auth->isAuthenticatedFromRemoteUser()) {
|
||||
if ($session->get('is_remote_user', false) === true) {
|
||||
$this->_helper->layout->setLayout('login');
|
||||
$this->_response->setHttpResponseCode(401);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -7,10 +7,7 @@
|
|||
in every further request until the browser was closed. To allow logout and to allow the user to change the
|
||||
logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
|
||||
-->
|
||||
|
||||
<div class="row">
|
||||
<br/>
|
||||
<div class="md-offset-3 col-md-6 col-sm-6 col-sm-offset-3">
|
||||
<div class="content">
|
||||
<div class="alert alert-warning" id="logout-status">
|
||||
<b> <?= t('Logging out...'); ?> </b> <br />
|
||||
<?= t(
|
||||
|
|
@ -19,37 +16,19 @@
|
|||
'browser session.'
|
||||
); ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
|
||||
<div class="container" >
|
||||
<a class="button btn btn-cta form-control input-sm" href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
|
||||
<a href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script type="text/javascript">
|
||||
|
||||
/**
|
||||
* When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
|
||||
* before it is able to finish. This will cause the browser to show a new authentication prompt in the next
|
||||
* request.
|
||||
*/
|
||||
window.onload = function () {
|
||||
function getXMLHttpRequest() {
|
||||
var xmlhttp = null;
|
||||
try {
|
||||
if (window.XMLHttpRequest) {
|
||||
xmlhttp = new XMLHttpRequest();
|
||||
} else if (window.ActiveXObject) {
|
||||
xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
|
||||
}
|
||||
} catch (e) {}
|
||||
return xmlhttp;
|
||||
}
|
||||
var msg = document.getElementById('logout-status');
|
||||
$(document).ready(function() {
|
||||
msg = $('#logout-status');
|
||||
try {
|
||||
if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
|
||||
document.execCommand('ClearAuthenticationCache');
|
||||
|
|
@ -60,13 +39,9 @@
|
|||
xhttp.abort();
|
||||
}
|
||||
} catch (e) {
|
||||
msg.innerHTML = '<?= t(
|
||||
'Logout not possible, it may be necessary to quit the session manually ' .
|
||||
'by clearing the cache, or closing the current browser session. Error: '
|
||||
);?>' + ': ' + e.getMessage() ;
|
||||
msg.setAttribute('class', 'alert alert-danger');
|
||||
}
|
||||
msg.innerHTML = '<?= t('Logout successful!'); ?>';
|
||||
msg.setAttribute('class', 'alert alert-success');
|
||||
};
|
||||
msg.html('<?= t('Logout successful!'); ?>');
|
||||
msg.removeClass();
|
||||
msg.addClass('alert alert-success');
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -204,35 +204,4 @@ class Manager
|
|||
{
|
||||
return $this->user->getGroups();
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
|
||||
* an external authentication provider.
|
||||
*/
|
||||
public function authenticateFromRemoteUser()
|
||||
{
|
||||
if (array_key_exists('REMOTE_USER', $_SERVER)) {
|
||||
$this->fromRemoteUser = true;
|
||||
}
|
||||
$this->authenticateFromSession();
|
||||
if ($this->user !== null) {
|
||||
if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
|
||||
// Remote user has changed, clear all sessions
|
||||
$this->removeAuthorization();
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
|
||||
$this->user = new User($_SERVER["REMOTE_USER"]);
|
||||
$this->persistCurrentUser();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If the session was established from the REMOTE_USER server variable.
|
||||
*/
|
||||
public function isAuthenticatedFromRemoteUser()
|
||||
{
|
||||
return $this->fromRemoteUser;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue