Provide facility for the backend to signout on user logout.

209dcc4c · Peter Rotich · Peter Rotich · 1c3b2df2 · 209dcc4c · 209dcc4c
Commit 209dcc4c authored 11 years ago by Peter Rotich Committed by Peter Rotich 11 years ago
--- a/client.inc.php
+++ b/client.inc.php
@@ -43,11 +43,9 @@ require_once(INCLUDE_DIR.'class.dept.php');
 //clear some vars
 $errors=array();
 $msg='';
-$thisclient=$nav=null;
+$nav=null;
 //Make sure the user is valid..before doing anything else.
-if($_SESSION['_client']['userID'] && $_SESSION['_client']['key'])
+$thisclient = UserAuthenticationBackend::getUser();
-    $thisclient = new ClientSession($_SESSION['_client']['userID'],$_SESSION['_client']['key']);
 //is the user logged in?
 if($thisclient && $thisclient->getId() && $thisclient->isValid()){
     $thisclient->refreshSession();

--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -11,6 +11,7 @@ abstract class AuthenticatedUser {
    abstract function getId();
    abstract function getUsername();
    abstract function getRole();
+    abstract function logOut();
    function setAuthKey($key) {
        $this->authkey = $key;
@@ -195,6 +196,7 @@ abstract class AuthenticationBackend {
    abstract static function getUser(); //Validates  authenticated users.
    abstract function getAllowedBackends($userid);
    abstract protected function getAuthKey($user);
+    abstract static function signOut($user);
 }
 class RemoteAuthenticationBackend {
@@ -289,6 +291,20 @@ abstract class StaffAuthenticationBackend  extends AuthenticationBackend {
        return true;
    }
+    static function signOut($staff) {
+        global $ost;
+        list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);
+        //TODO: Lookup the backed and request logout..
+        $_SESSION['_auth']['staff'] = array();
+        $ost->logDebug('Staff logout',
+                sprintf("%s logged out [%s]",
+                    $staff->getUserName(),
+                    $_SERVER['REMOTE_ADDR'])); //Debug.
+    }
    static function getUser() {
        if (!isset($_SESSION['_auth']['staff'])
@@ -370,6 +386,17 @@ abstract class UserAuthenticationBackend  extends AuthenticationBackend {
        return true;
    }
+    static function signOut($user) {
+        global $ost;
+        list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']);
+        //TODO: Lookup the backed and request logout..
+        $_SESSION['_auth']['user'] = array();
+        $ost->logDebug('User logout',
+                sprintf("%s logged out [%s]",
+                    $user->getUserName(), $_SERVER['REMOTE_ADDR']));
+    }
    protected function getAuthKey($user) {
        return null;
@@ -425,6 +452,11 @@ abstract class AuthStrikeBackend extends AuthenticationBackend {
        return static::authStrike('Unknown');
    }
+    static function signOut($user) {
+        return false;
+    }
    function login($user, $bk) {
        return false;
    }

--- a/include/class.client.php
+++ b/include/class.client.php
@@ -292,6 +292,10 @@ class  EndUser extends AuthenticatedUser {
        return $this->isOwner() ? 'owner' : 'collaborator';
    }
+    function logOut() {
+        return UserAuthenticationBackend::signOut($this);
+    }
 }
 ?>
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -101,6 +101,10 @@ class Staff extends AuthenticatedUser {
        return 'staff';
    }
+    function logOut() {
+        return StaffAuthenticationBackend::signOut($this);
+    }
    /*compares user password*/
    function check_passwd($password, $autoupdate=true) {

--- a/logout.php
+++ b/logout.php
@@ -16,12 +16,10 @@
 require('client.inc.php');
 //Check token: Make sure the user actually clicked on the link to logout.
-if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
+if(!$thisclient || !$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
   @header('Location: index.php');
-$_SESSION['_client']=array();
+$thisclient->logOut();
-session_unset();
-session_destroy();
 header('Location: index.php');
 require('index.php');
 ?>
--- a/scp/login.php
+++ b/scp/login.php
@@ -35,11 +35,10 @@ if($_POST) {
    $msg = $errors['err']?$errors['err']:'Invalid login';
 }
 // Consider single sign-on authentication backends
-if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
+else if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
-    if (($user = AuthenticationBackend::singleSignOn($errors))
+    if (($user = StaffAuthenticationBackend::singleSignOn($errors))
-            && ($user instanceof Staff))
+            && ($user instanceof StaffSession))
       @header("Location: $dest");
 }

--- a/scp/logout.php
+++ b/scp/logout.php
@@ -19,12 +19,7 @@ require('staff.inc.php');
 if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
    @header('Location: index.php');
-$ost->logDebug('Staff logout',
+$thisstaff->logOut();
-        sprintf("%s logged out [%s]", 
-            $thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
-$_SESSION['_staff']=array();
-session_unset();
-session_destroy();
 @header('Location: login.php');
 require('login.php');
 ?>
--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -57,14 +57,13 @@ if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the fu
    }
 }
-$thisstaff = new StaffSession($_SESSION['_staff']['userID']); //Set staff object.
+$thisstaff = StaffAuthenticationBackend::getUser();
 //1) is the user Logged in for real && is staff.
-if(!$thisstaff->getId() || !$thisstaff->isValid()){
+if (!$thisstaff || !$thisstaff->getId() || !$thisstaff->isValid()) {
    if (isset($_SESSION['_staff']['auth']['msg'])) {
        $msg = $_SESSION['_staff']['auth']['msg'];
        unset($_SESSION['_staff']['auth']['msg']);
-    }
+    } elseif ($thisstaff && !$thisstaff->isValid())
-    elseif (isset($_SESSION['_staff']['userID']) && !$thisstaff->isValid())
        $msg = 'Session timed out due to inactivity';
    else
        $msg = 'Authentication Required';

--- a/view.php
+++ b/view.php
@@ -3,7 +3,6 @@
    view.php
    Ticket View.
-    TODO: Support different views based on auth_token - e.g for BCC'ed users vs. Ticket owner.
    Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2010 osTicket
@@ -17,22 +16,16 @@
 **********************************************************************/
 require_once('client.inc.php');
-//If the user is NOT logged in - try auto-login (if params exists).
-if(!$thisclient || !$thisclient->isValid()) {
-    // * On login Client::login will redirect the user to tickets.php view.
-    // * See TODO above for planned multi-view.
-    $user = null;
-    if ($_GET['t'] && $_GET['e'] && $_GET['a'])
-        $user = Client::login($_GET['t'], $_GET['e'], $_GET['a'], $errors);
-    elseif ($_GET['auth'])
-        var_dump(Client::authlogin($_GET['auth']));
-    //XXX: For now we're assuming the user is the ticket owner
+//If the user is NOT logged in - try auto-login (if params exists).
-    // (multi-view based on auth token will come later).
+if (!$thisclient || !$thisclient->isValid()) {
-    if($user && $user->getTicketID()==trim($_GET['t']))
+    // Try autologin the user
+    // Authenticated user can be of type ticket owner or collaborator
+    $errors = array();
+    $user =  UserAuthenticationBackend::singleSignOn($errors);
+    if ($user && $user->getTicketID())
        @header('Location: tickets.php?id='.$user->getTicketID());
 }
 //Simply redirecting to tickets.php until multiview is implemented.
 require('tickets.php');
 ?>