Bug 19160: Isolate CAS code into its own module
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
b85f8c9e2a
commit
9c0be579fe
3 changed files with 30 additions and 35 deletions
16
C4/Auth.pm
16
C4/Auth.pm
|
@ -905,22 +905,6 @@ sub checkauth {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elsif ($logout && $cas) {
|
|
||||||
# We got a cas single logout request from a cas server;
|
|
||||||
my $ticket = $query->param('cas_ticket');
|
|
||||||
# We've been called as part of the single logout destroy the session associated with the cas ticket
|
|
||||||
my $params = _get_session_params();
|
|
||||||
my $success = CGI::Session->find( $params->{dsn}, sub {delete_cas_session(@_, $ticket)}, $params->{dsn_args} );
|
|
||||||
|
|
||||||
sub delete_cas_session {
|
|
||||||
my $session = shift;
|
|
||||||
my $ticket = shift;
|
|
||||||
if ($session->param('cas_ticket') && $session->param('cas_ticket') eq $ticket ) {
|
|
||||||
$session->delete;
|
|
||||||
$session->flush;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
unless ( $userid || $sessionID ) {
|
unless ( $userid || $sessionID ) {
|
||||||
#we initiate a session prior to checking for a username to allow for anonymous sessions...
|
#we initiate a session prior to checking for a username to allow for anonymous sessions...
|
||||||
my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
|
my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
|
||||||
|
|
|
@ -228,21 +228,37 @@ sub _url_with_get_params {
|
||||||
return $uri_base_part . $uri_params_part;
|
return $uri_base_part . $uri_params_part;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub logout_required {
|
# CAS single logout
|
||||||
|
sub logout_if_required {
|
||||||
my ( $query ) = @_;
|
my ( $query ) = @_;
|
||||||
# Check we havent been hit by a logout call
|
# Check we havent been hit by a logout call
|
||||||
my $xml = $query->param('logoutRequest');
|
my $xml = $query->param('logoutRequest');
|
||||||
if ($xml) {
|
return 0 unless $xml;
|
||||||
my $dom = XML::LibXML->load_xml(string => $xml);
|
|
||||||
my $ticket;
|
my $dom = XML::LibXML->load_xml(string => $xml);
|
||||||
foreach my $node ($dom->findnodes('/samlp:LogoutRequest')){
|
my $ticket;
|
||||||
$ticket = $node->findvalue('./samlp:SessionIndex');
|
foreach my $node ($dom->findnodes('/samlp:LogoutRequest')){
|
||||||
}
|
# We got a cas single logout request from a cas server;
|
||||||
$query->param(-name =>'logout.x', -value => 1);
|
$ticket = $node->findvalue('./samlp:SessionIndex');
|
||||||
$query->param(-name =>'cas_ticket', -value => $ticket);
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
|
return 0 unless $ticket;
|
||||||
|
|
||||||
|
# We've been called as part of the single logout destroy the session associated with the cas ticket
|
||||||
|
my $params = C4::Auth::_get_session_params();
|
||||||
|
my $success = CGI::Session->find( $params->{dsn}, sub {delete_cas_session(@_, $ticket)}, $params->{dsn_args} );
|
||||||
|
|
||||||
|
sub delete_cas_session {
|
||||||
|
my $session = shift;
|
||||||
|
my $ticket = shift;
|
||||||
|
if ($session->param('cas_ticket') && $session->param('cas_ticket') eq $ticket ) {
|
||||||
|
$session->delete;
|
||||||
|
$session->flush;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
print $query->header;
|
||||||
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -62,8 +62,9 @@ BEGIN {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
my $cas_logout_required = C4::Context->preference('casAuthentication')
|
# CAS single logout handling
|
||||||
and C4::Auth_with_ldap::logout_required($query);
|
# Will print header and exit
|
||||||
|
C4::Context->preference('casAuthentication') and C4::Auth_with_ldap::logout_if_required($query);
|
||||||
|
|
||||||
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
||||||
{
|
{
|
||||||
|
@ -75,12 +76,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($cas_logout_required){
|
|
||||||
print $query->header;
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
my %renewed = map { $_ => 1 } split( ':', $query->param('renewed') );
|
my %renewed = map { $_ => 1 } split( ':', $query->param('renewed') );
|
||||||
|
|
||||||
my $show_priority;
|
my $show_priority;
|
||||||
|
|
Loading…
Reference in a new issue