From 209dcc4c8bb2e523f1b7654279398a9bfbf54803 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@enhancesoft.com>
Date: Tue, 7 Jan 2014 03:17:08 +0000
Subject: [PATCH] Provide facility for the backend to signout on user logout.
---
client.inc.php | 6 ++----
include/class.auth.php | 32 ++++++++++++++++++++++++++++++++
include/class.client.php | 4 ++++
include/class.staff.php | 4 ++++
logout.php | 6 ++----
scp/login.php | 7 +++----
scp/logout.php | 7 +------
scp/staff.inc.php | 7 +++----
view.php | 21 +++++++--------------
9 files changed, 58 insertions(+), 36 deletions(-)
diff --git a/client.inc.php b/client.inc.php
index 2ab016d15..84eeaca11 100644
--- a/client.inc.php
+++ b/client.inc.php
@@ -43,11 +43,9 @@ require_once(INCLUDE_DIR.'class.dept.php');
//clear some vars
$errors=array();
$msg='';
-$thisclient=$nav=null;
+$nav=null;
//Make sure the user is valid..before doing anything else.
-if($_SESSION['_client']['userID'] && $_SESSION['_client']['key'])
- $thisclient = new ClientSession($_SESSION['_client']['userID'],$_SESSION['_client']['key']);
-
+$thisclient = UserAuthenticationBackend::getUser();
//is the user logged in?
if($thisclient && $thisclient->getId() && $thisclient->isValid()){
$thisclient->refreshSession();
diff --git a/include/class.auth.php b/include/class.auth.php
index 88c899cd9..11399808b 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -11,6 +11,7 @@ abstract class AuthenticatedUser {
abstract function getId();
abstract function getUsername();
abstract function getRole();
+ abstract function logOut();
function setAuthKey($key) {
$this->authkey = $key;
@@ -195,6 +196,7 @@ abstract class AuthenticationBackend {
abstract static function getUser(); //Validates authenticated users.
abstract function getAllowedBackends($userid);
abstract protected function getAuthKey($user);
+ abstract static function signOut($user);
}
class RemoteAuthenticationBackend {
@@ -289,6 +291,20 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
return true;
}
+ static function signOut($staff) {
+ global $ost;
+
+ list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);
+ //TODO: Lookup the backed and request logout..
+
+ $_SESSION['_auth']['staff'] = array();
+ $ost->logDebug('Staff logout',
+ sprintf("%s logged out [%s]",
+ $staff->getUserName(),
+ $_SERVER['REMOTE_ADDR'])); //Debug.
+
+ }
+
static function getUser() {
if (!isset($_SESSION['_auth']['staff'])
@@ -370,6 +386,17 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return true;
}
+ static function signOut($user) {
+ global $ost;
+
+ list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']);
+ //TODO: Lookup the backed and request logout..
+
+ $_SESSION['_auth']['user'] = array();
+ $ost->logDebug('User logout',
+ sprintf("%s logged out [%s]",
+ $user->getUserName(), $_SERVER['REMOTE_ADDR']));
+ }
protected function getAuthKey($user) {
return null;
@@ -425,6 +452,11 @@ abstract class AuthStrikeBackend extends AuthenticationBackend {
return static::authStrike('Unknown');
}
+ static function signOut($user) {
+ return false;
+ }
+
+
function login($user, $bk) {
return false;
}
diff --git a/include/class.client.php b/include/class.client.php
index b6f9779fb..486cf6e74 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -292,6 +292,10 @@ class EndUser extends AuthenticatedUser {
return $this->isOwner() ? 'owner' : 'collaborator';
}
+ function logOut() {
+ return UserAuthenticationBackend::signOut($this);
+ }
+
}
?>
diff --git a/include/class.staff.php b/include/class.staff.php
index 73a2c963f..961186e73 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -101,6 +101,10 @@ class Staff extends AuthenticatedUser {
return 'staff';
}
+ function logOut() {
+ return StaffAuthenticationBackend::signOut($this);
+ }
+
/*compares user password*/
function check_passwd($password, $autoupdate=true) {
diff --git a/logout.php b/logout.php
index 6c6482d9c..4b9ea91b1 100644
--- a/logout.php
+++ b/logout.php
@@ -16,12 +16,10 @@
require('client.inc.php');
//Check token: Make sure the user actually clicked on the link to logout.
-if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
+if(!$thisclient || !$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php');
-$_SESSION['_client']=array();
-session_unset();
-session_destroy();
+$thisclient->logOut();
header('Location: index.php');
require('index.php');
?>
diff --git a/scp/login.php b/scp/login.php
index 5027bbb6b..3fb7da412 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -35,11 +35,10 @@ if($_POST) {
$msg = $errors['err']?$errors['err']:'Invalid login';
}
-
// Consider single sign-on authentication backends
-if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
- if (($user = AuthenticationBackend::singleSignOn($errors))
- && ($user instanceof Staff))
+else if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
+ if (($user = StaffAuthenticationBackend::singleSignOn($errors))
+ && ($user instanceof StaffSession))
@header("Location: $dest");
}
diff --git a/scp/logout.php b/scp/logout.php
index 7076dcec4..0c78cd00e 100644
--- a/scp/logout.php
+++ b/scp/logout.php
@@ -19,12 +19,7 @@ require('staff.inc.php');
if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php');
-$ost->logDebug('Staff logout',
- sprintf("%s logged out [%s]",
- $thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
-$_SESSION['_staff']=array();
-session_unset();
-session_destroy();
+$thisstaff->logOut();
@header('Location: login.php');
require('login.php');
?>
diff --git a/scp/staff.inc.php b/scp/staff.inc.php
index 359663a4c..2a2070509 100644
--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -57,14 +57,13 @@ if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the fu
}
}
-$thisstaff = new StaffSession($_SESSION['_staff']['userID']); //Set staff object.
+$thisstaff = StaffAuthenticationBackend::getUser();
//1) is the user Logged in for real && is staff.
-if(!$thisstaff->getId() || !$thisstaff->isValid()){
+if (!$thisstaff || !$thisstaff->getId() || !$thisstaff->isValid()) {
if (isset($_SESSION['_staff']['auth']['msg'])) {
$msg = $_SESSION['_staff']['auth']['msg'];
unset($_SESSION['_staff']['auth']['msg']);
- }
- elseif (isset($_SESSION['_staff']['userID']) && !$thisstaff->isValid())
+ } elseif ($thisstaff && !$thisstaff->isValid())
$msg = 'Session timed out due to inactivity';
else
$msg = 'Authentication Required';
diff --git a/view.php b/view.php
index 5adb76b67..c7b7eaab7 100644
--- a/view.php
+++ b/view.php
@@ -3,7 +3,6 @@
view.php
Ticket View.
- TODO: Support different views based on auth_token - e.g for BCC'ed users vs. Ticket owner.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2010 osTicket
@@ -17,22 +16,16 @@
**********************************************************************/
require_once('client.inc.php');
-//If the user is NOT logged in - try auto-login (if params exists).
-if(!$thisclient || !$thisclient->isValid()) {
- // * On login Client::login will redirect the user to tickets.php view.
- // * See TODO above for planned multi-view.
- $user = null;
- if ($_GET['t'] && $_GET['e'] && $_GET['a'])
- $user = Client::login($_GET['t'], $_GET['e'], $_GET['a'], $errors);
- elseif ($_GET['auth'])
- var_dump(Client::authlogin($_GET['auth']));
- //XXX: For now we're assuming the user is the ticket owner
- // (multi-view based on auth token will come later).
- if($user && $user->getTicketID()==trim($_GET['t']))
+//If the user is NOT logged in - try auto-login (if params exists).
+if (!$thisclient || !$thisclient->isValid()) {
+ // Try autologin the user
+ // Authenticated user can be of type ticket owner or collaborator
+ $errors = array();
+ $user = UserAuthenticationBackend::singleSignOn($errors);
+ if ($user && $user->getTicketID())
@header('Location: tickets.php?id='.$user->getTicketID());
}
-
//Simply redirecting to tickets.php until multiview is implemented.
require('tickets.php');
?>
--
GitLab