Commit c3b73409 authored by Nigel McNie's avatar Nigel McNie

Implement proper single singout. Fixes #684. E_RAGEQUIT!

When an MNET user in Mahara clicks a logout link, they are logged out of Mahara, a kill_parent request is sent to the remote application, and they are sent back to their remote application. The overall affect is a much nicer user experience, as they're taken back somewhere that they can log in.
parent e8c5b56e
......@@ -336,7 +336,42 @@ function auth_setup () {
// not have a session, this time will be 0.
$sessionlogouttime = $USER->get('logout_time');
if ($sessionlogouttime && isset($_GET['logout'])) {
$userid = $USER->get('id');
$authinstance = $SESSION->get('mnetauthinstance');
$USER->logout();
// TODO: This should probably be handled by some kind of logout hook
// that the users' authinstance can implement
if ($authinstance) {
// Send them back to their remote application. We send them back to
// the remote host they originally logged in from.
//
// TODO: We are not handling the case where Mahara is an IDP
$authobj = AuthFactory::create($authinstance);
if (get_config('usersuniquebyusername')) {
// The auth_remote_user will have a row for the institution in
// which the user SSOed into first. However, they could have
// been coming from somewhere else this time, which is why we
// can't use auth_remote_user for the lookup. Their username
// won't change for their Mahara account anyway, so just grab
// it out of the usr table.
$remoteusername = get_field('usr', 'username', 'id', $userid);
}
else {
// Check the auth_remote_user table for what the remote
// application thinks the username is
$remoteusername = get_field('auth_remote_user', 'remoteusername', 'localusr', $userid, 'authinstance', $authinstance);
if (!$remoteusername && $authobj->parent) {
$remoteusername = get_field('auth_remote_user', 'remoteusername', 'localusr', $userid, 'authinstance', $authobj->parent);
}
}
$authobj->kill_parent($remoteusername);
redirect($authobj->wwwroot);
}
$SESSION->add_ok_msg(get_string('loggedoutok'));
redirect();
}
......
......@@ -482,6 +482,20 @@ class AuthXmlrpc extends Auth {
}
}
public function kill_parent($username) {
require_once(get_config('docroot') . 'api/xmlrpc/client.php');
$peer = get_peer($this->wwwroot);
// Note: We are not bothering to check whether this succeeds or fails.
// There's not much we can do about it anyhow. We might need to catch
// XmlrpcClientExceptions though.
$client = new Client();
$client->set_method('auth/mnet/auth.php/kill_children')
->add_param($username)
->add_param(sha1($_SERVER['HTTP_USER_AGENT']))
->send($this->wwwroot);
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment