Skip to content
Snippets Groups Projects
Commit 209dcc4c authored by Peter Rotich's avatar Peter Rotich Committed by Peter Rotich
Browse files

Provide facility for the backend to signout on user logout.

parent 1c3b2df2
Branches
Tags
No related merge requests found
...@@ -43,11 +43,9 @@ require_once(INCLUDE_DIR.'class.dept.php'); ...@@ -43,11 +43,9 @@ require_once(INCLUDE_DIR.'class.dept.php');
//clear some vars //clear some vars
$errors=array(); $errors=array();
$msg=''; $msg='';
$thisclient=$nav=null; $nav=null;
//Make sure the user is valid..before doing anything else. //Make sure the user is valid..before doing anything else.
if($_SESSION['_client']['userID'] && $_SESSION['_client']['key']) $thisclient = UserAuthenticationBackend::getUser();
$thisclient = new ClientSession($_SESSION['_client']['userID'],$_SESSION['_client']['key']);
//is the user logged in? //is the user logged in?
if($thisclient && $thisclient->getId() && $thisclient->isValid()){ if($thisclient && $thisclient->getId() && $thisclient->isValid()){
$thisclient->refreshSession(); $thisclient->refreshSession();
......
...@@ -11,6 +11,7 @@ abstract class AuthenticatedUser { ...@@ -11,6 +11,7 @@ abstract class AuthenticatedUser {
abstract function getId(); abstract function getId();
abstract function getUsername(); abstract function getUsername();
abstract function getRole(); abstract function getRole();
abstract function logOut();
function setAuthKey($key) { function setAuthKey($key) {
$this->authkey = $key; $this->authkey = $key;
...@@ -195,6 +196,7 @@ abstract class AuthenticationBackend { ...@@ -195,6 +196,7 @@ abstract class AuthenticationBackend {
abstract static function getUser(); //Validates authenticated users. abstract static function getUser(); //Validates authenticated users.
abstract function getAllowedBackends($userid); abstract function getAllowedBackends($userid);
abstract protected function getAuthKey($user); abstract protected function getAuthKey($user);
abstract static function signOut($user);
} }
class RemoteAuthenticationBackend { class RemoteAuthenticationBackend {
...@@ -289,6 +291,20 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend { ...@@ -289,6 +291,20 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
return true; return true;
} }
static function signOut($staff) {
global $ost;
list($id, $auth) = explode(':', $_SESSION['_auth']['staff']['key']);
//TODO: Lookup the backed and request logout..
$_SESSION['_auth']['staff'] = array();
$ost->logDebug('Staff logout',
sprintf("%s logged out [%s]",
$staff->getUserName(),
$_SERVER['REMOTE_ADDR'])); //Debug.
}
static function getUser() { static function getUser() {
if (!isset($_SESSION['_auth']['staff']) if (!isset($_SESSION['_auth']['staff'])
...@@ -370,6 +386,17 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend { ...@@ -370,6 +386,17 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
return true; return true;
} }
static function signOut($user) {
global $ost;
list($id, $auth) = explode(':', $_SESSION['_auth']['user']['key']);
//TODO: Lookup the backed and request logout..
$_SESSION['_auth']['user'] = array();
$ost->logDebug('User logout',
sprintf("%s logged out [%s]",
$user->getUserName(), $_SERVER['REMOTE_ADDR']));
}
protected function getAuthKey($user) { protected function getAuthKey($user) {
return null; return null;
...@@ -425,6 +452,11 @@ abstract class AuthStrikeBackend extends AuthenticationBackend { ...@@ -425,6 +452,11 @@ abstract class AuthStrikeBackend extends AuthenticationBackend {
return static::authStrike('Unknown'); return static::authStrike('Unknown');
} }
static function signOut($user) {
return false;
}
function login($user, $bk) { function login($user, $bk) {
return false; return false;
} }
......
...@@ -292,6 +292,10 @@ class EndUser extends AuthenticatedUser { ...@@ -292,6 +292,10 @@ class EndUser extends AuthenticatedUser {
return $this->isOwner() ? 'owner' : 'collaborator'; return $this->isOwner() ? 'owner' : 'collaborator';
} }
function logOut() {
return UserAuthenticationBackend::signOut($this);
}
} }
?> ?>
...@@ -101,6 +101,10 @@ class Staff extends AuthenticatedUser { ...@@ -101,6 +101,10 @@ class Staff extends AuthenticatedUser {
return 'staff'; return 'staff';
} }
function logOut() {
return StaffAuthenticationBackend::signOut($this);
}
/*compares user password*/ /*compares user password*/
function check_passwd($password, $autoupdate=true) { function check_passwd($password, $autoupdate=true) {
......
...@@ -16,12 +16,10 @@ ...@@ -16,12 +16,10 @@
require('client.inc.php'); require('client.inc.php');
//Check token: Make sure the user actually clicked on the link to logout. //Check token: Make sure the user actually clicked on the link to logout.
if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth'])) if(!$thisclient || !$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php'); @header('Location: index.php');
$_SESSION['_client']=array(); $thisclient->logOut();
session_unset();
session_destroy();
header('Location: index.php'); header('Location: index.php');
require('index.php'); require('index.php');
?> ?>
...@@ -35,11 +35,10 @@ if($_POST) { ...@@ -35,11 +35,10 @@ if($_POST) {
$msg = $errors['err']?$errors['err']:'Invalid login'; $msg = $errors['err']?$errors['err']:'Invalid login';
} }
// Consider single sign-on authentication backends // Consider single sign-on authentication backends
if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) { else if (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
if (($user = AuthenticationBackend::singleSignOn($errors)) if (($user = StaffAuthenticationBackend::singleSignOn($errors))
&& ($user instanceof Staff)) && ($user instanceof StaffSession))
@header("Location: $dest"); @header("Location: $dest");
} }
......
...@@ -19,12 +19,7 @@ require('staff.inc.php'); ...@@ -19,12 +19,7 @@ require('staff.inc.php');
if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth'])) if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
@header('Location: index.php'); @header('Location: index.php');
$ost->logDebug('Staff logout', $thisstaff->logOut();
sprintf("%s logged out [%s]",
$thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
$_SESSION['_staff']=array();
session_unset();
session_destroy();
@header('Location: login.php'); @header('Location: login.php');
require('login.php'); require('login.php');
?> ?>
...@@ -57,14 +57,13 @@ if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the fu ...@@ -57,14 +57,13 @@ if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the fu
} }
} }
$thisstaff = new StaffSession($_SESSION['_staff']['userID']); //Set staff object. $thisstaff = StaffAuthenticationBackend::getUser();
//1) is the user Logged in for real && is staff. //1) is the user Logged in for real && is staff.
if(!$thisstaff->getId() || !$thisstaff->isValid()){ if (!$thisstaff || !$thisstaff->getId() || !$thisstaff->isValid()) {
if (isset($_SESSION['_staff']['auth']['msg'])) { if (isset($_SESSION['_staff']['auth']['msg'])) {
$msg = $_SESSION['_staff']['auth']['msg']; $msg = $_SESSION['_staff']['auth']['msg'];
unset($_SESSION['_staff']['auth']['msg']); unset($_SESSION['_staff']['auth']['msg']);
} } elseif ($thisstaff && !$thisstaff->isValid())
elseif (isset($_SESSION['_staff']['userID']) && !$thisstaff->isValid())
$msg = 'Session timed out due to inactivity'; $msg = 'Session timed out due to inactivity';
else else
$msg = 'Authentication Required'; $msg = 'Authentication Required';
......
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
view.php view.php
Ticket View. Ticket View.
TODO: Support different views based on auth_token - e.g for BCC'ed users vs. Ticket owner.
Peter Rotich <peter@osticket.com> Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2010 osTicket Copyright (c) 2006-2010 osTicket
...@@ -17,22 +16,16 @@ ...@@ -17,22 +16,16 @@
**********************************************************************/ **********************************************************************/
require_once('client.inc.php'); require_once('client.inc.php');
//If the user is NOT logged in - try auto-login (if params exists).
if(!$thisclient || !$thisclient->isValid()) {
// * On login Client::login will redirect the user to tickets.php view.
// * See TODO above for planned multi-view.
$user = null;
if ($_GET['t'] && $_GET['e'] && $_GET['a'])
$user = Client::login($_GET['t'], $_GET['e'], $_GET['a'], $errors);
elseif ($_GET['auth'])
var_dump(Client::authlogin($_GET['auth']));
//XXX: For now we're assuming the user is the ticket owner //If the user is NOT logged in - try auto-login (if params exists).
// (multi-view based on auth token will come later). if (!$thisclient || !$thisclient->isValid()) {
if($user && $user->getTicketID()==trim($_GET['t'])) // Try autologin the user
// Authenticated user can be of type ticket owner or collaborator
$errors = array();
$user = UserAuthenticationBackend::singleSignOn($errors);
if ($user && $user->getTicketID())
@header('Location: tickets.php?id='.$user->getTicketID()); @header('Location: tickets.php?id='.$user->getTicketID());
} }
//Simply redirecting to tickets.php until multiview is implemented. //Simply redirecting to tickets.php until multiview is implemented.
require('tickets.php'); require('tickets.php');
?> ?>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment