[Rt-commit] rt branch 5.0/improve-log-info-for-web-remote-user-auth created. rt-5.0.3-216-gce213db444
BPS Git Server
git at git.bestpractical.com
Tue Dec 27 17:20:48 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/improve-log-info-for-web-remote-user-auth has been created
at ce213db444e82a106af52bfe92df7e79f4d35529 (commit)
- Log -----------------------------------------------------------------
commit ce213db444e82a106af52bfe92df7e79f4d35529
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Tue Dec 27 12:43:28 2022 -0300
Add Log Info/Debug/Error when user log in and out with web remote user auth.
Change Logout menu behavior when LogoutURL is set to first delete session from RT and then redirect.
Updated remote_user.t for checking the expected info message
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index da6382ec27..95ea9a59e9 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -763,6 +763,10 @@ sub AttemptExternalAuth {
and (not _UserLoggedIn() or $logged_in_external_user) )
{
$user = RT::Interface::Web::WebCanonicalizeInfo();
+
+ # Log user is logged in
+ RT->Logger->info("User logged in via Web Remote User auth: $user");
+
my $load_method = RT->Config->Get('WebRemoteUserGecos') ? 'LoadByGecos' : 'Load';
my $next = RemoveNextPage($ARGS->{'next'});
@@ -783,6 +787,9 @@ sub AttemptExternalAuth {
if ($val) {
+ # debug User creation
+ RT->Logger->info("Created user '$user' via Web Remote User auth");
+
# now get user specific information, to better create our user.
my $new_user_info = RT::Interface::Web::WebRemoteUserAutocreateInfo($user);
@@ -834,6 +841,7 @@ sub AttemptExternalAuth {
}
elsif (not RT->Config->Get('WebFallbackToRTLogin')) {
# Abort if we don't want to fallback internally
+ RT->Logger->error("No REMOTE_USER or equivalent provided and RT is not configured to fallback to internal auth");
AbortExternalAuth( Error => "NoRemoteUser" );
}
}
diff --git a/lib/RT/Interface/Web/MenuBuilder.pm b/lib/RT/Interface/Web/MenuBuilder.pm
index f3dc87c541..83285f8103 100644
--- a/lib/RT/Interface/Web/MenuBuilder.pm
+++ b/lib/RT/Interface/Web/MenuBuilder.pm
@@ -338,12 +338,10 @@ sub BuildMainNav {
);
}
}
- my $logout_url = RT->Config->Get('LogoutURL');
- if ( $current_user->Name
- && ( !RT->Config->Get('WebRemoteUserAuth')
- || RT->Config->Get('WebFallbackToRTLogin') )) {
- $about_me->child( logout => title => loc('Logout'), path => $logout_url );
+ if ( $current_user->Name ) {
+ _BuildLogoutMenu( $about_me );
}
+
if ( $request_path =~ m{^/Dashboards/(\d+)?}) {
if ( my $id = ( $1 || $HTML::Mason::Commands::DECODED_ARGS->{'id'} ) ) {
my $obj = RT::Dashboard->new( $current_user );
@@ -1624,6 +1622,37 @@ sub _BuildAdminMenu {
}
}
+sub _BuildLogoutMenu {
+ my $about_me = shift;
+
+ my $logout_url = RT->Config->Get('LogoutURL') || '';
+ # the user should use the built in RT logout page IFF
+ # WebRemoteUserAuth is not enabled
+ # OR
+ # WebFallbackToRTLogin is enabled AND the user is not externally authed
+ # the user should use the LogoutURL config page IFF
+ # WebRemoteUserAuth is enabled
+ # AND
+ # the user is externally authed use the
+ # AND
+ # LogoutURL is not the built in RT logout page
+ if (
+ ( !RT->Config->Get('WebRemoteUserAuth')
+ || ( RT->Config->Get('WebFallbackToRTLogin')
+ && !$HTML::Mason::Commands::session{'WebExternallyAuthed'} )
+ )
+ ||
+ ( RT->Config->Get('WebRemoteUserAuth')
+ && $HTML::Mason::Commands::session{'WebExternallyAuthed'}
+ && ( $logout_url ne '' )
+ && ( $logout_url ne '/NoAuth/Logout.html' ) )
+ )
+ {
+ $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
+ }
+
+}
+
sub BuildSelfServiceNav {
my $request_path = shift;
my $top = shift;
@@ -1694,11 +1723,8 @@ sub BuildSelfServiceNav {
$about_me->child( prefs => title => loc('Preferences'), path => '/SelfService/Prefs.html' );
}
- my $logout_url = RT->Config->Get('LogoutURL');
- if ( $current_user->Name
- && ( !RT->Config->Get('WebRemoteUserAuth')
- || RT->Config->Get('WebFallbackToRTLogin') )) {
- $about_me->child( logout => title => loc('Logout'), path => $logout_url );
+ if ( $current_user->Name ) {
+ _BuildLogoutMenu($about_me);
}
if ( RT->Config->Get('SelfServiceShowArticleSearch') ) {
diff --git a/share/html/NoAuth/Logout.html b/share/html/NoAuth/Logout.html
index 4587533211..4526dc28f5 100644
--- a/share/html/NoAuth/Logout.html
+++ b/share/html/NoAuth/Logout.html
@@ -71,17 +71,26 @@
<%INIT>
my $URL = RT->Config->Get('WebPath')."/";
+# If WebRemoteUserAuth and LogoutURL are set, redirect to the LogoutURL
+if ( RT->Config->Get('WebRemoteUserAuth') && RT->Config->Get('LogoutURL') ) {
+ $URL = RT->Config->Get('LogoutURL');
+}
+
# Allow a callback to modify the URL we redirect to, which is useful for
# external webauth systems
$m->callback( %ARGS, CallbackName => 'ModifyLoginRedirect', URL => \$URL );
$m->callback( %ARGS, CallbackName => 'BeforeSessionDelete' );
+my $username;
if (keys %session) {
+ $username = $session{'CurrentUser'}->Name;
RT::Interface::Web::InstantiateNewSession();
$session{'CurrentUser'} = RT::CurrentUser->new;
}
$m->callback( %ARGS, CallbackName => 'AfterSessionDelete' );
$m->notes->{RefreshURL} = $URL;
+
+RT->Logger->info("User $username logged out. Redirecting to $URL");
</%INIT>
diff --git a/t/web/remote_user.t b/t/web/remote_user.t
index c17a933798..c2bac70c49 100644
--- a/t/web/remote_user.t
+++ b/t/web/remote_user.t
@@ -128,6 +128,7 @@ diag "Fallback OFF";
$m->auth("");
$m->get($url);
is $m->status, 403, "Forbidden";
+ $m->next_warning_like(qr/No REMOTE_USER or equivalent provided and RT is not configured to fallback to internal auth/, "found warning for no REMOTE_USER");
}
stop_server(\$m);
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list