[Rt-commit] rt branch 5.0/improve-log-info-for-web-remote-user-auth created. rt-5.0.3-216-g6fef1765e2
BPS Git Server
git at git.bestpractical.com
Wed Dec 28 20:20:39 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/improve-log-info-for-web-remote-user-auth has been created
at 6fef1765e2bbce4dba2060c65872224e164c58ae (commit)
- Log -----------------------------------------------------------------
commit 6fef1765e2bbce4dba2060c65872224e164c58ae
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Tue Dec 27 12:43:28 2022 -0300
Add Log Info/Debug/Error when user log in and out with web remote user auth.
Change Logout menu behavior when LogoutURL is set to first delete session from RT and then redirect.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index da6382ec27..622da5fe00 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -603,14 +603,14 @@ sub IntuitNextPage {
return $next;
}
-=head2 MaybeShowInstallModePage
+=head2 MaybeShowInstallModePage
This function, called exclusively by RT's autohandler, dispatches
a request to RT's Installation workflow, only if Install Mode is enabled in the configuration file.
If it serves a page, it stops mason processing. Otherwise, mason just keeps running through the autohandler
-=cut
+=cut
sub MaybeShowInstallModePage {
return unless RT->InstallMode;
@@ -633,7 +633,7 @@ a request to the page a user requested (but only if it matches the "noauth" rege
If it serves a page, it stops mason processing. Otherwise, mason just keeps running through the autohandler
-=cut
+=cut
sub MaybeShowNoAuthPage {
my $ARGS = shift;
@@ -697,7 +697,7 @@ This function, called exclusively by RT's autohandler, dispatches
a request to the page a user requested (making sure that unpriviled users
can only see self-service pages.
-=cut
+=cut
sub ShowRequestedPage {
my $ARGS = shift;
@@ -806,6 +806,7 @@ sub AttemptExternalAuth {
}
if ( _UserLoggedIn() ) {
+ RT->Logger->info("Session created from REMOTE_USER for user $user");
$HTML::Mason::Commands::session{'WebExternallyAuthed'} = 1;
$m->callback( %$ARGS, CallbackName => 'ExternalAuthSuccessfulLogin', CallbackPage => '/autohandler' );
# It is possible that we did a redirect to the login page,
@@ -1014,9 +1015,9 @@ sub GetWebURLFromRequest {
=head2 Redirect URL
-This routine tells the current user's browser to redirect to URL.
-Additionally, it unties the user's currently active session, helping to avoid
-A bug in Apache::Session 1.81 and earlier which clobbers sessions if we try to use
+This routine tells the current user's browser to redirect to URL.
+Additionally, it unties the user's currently active session, helping to avoid
+A bug in Apache::Session 1.81 and earlier which clobbers sessions if we try to use
a cached DBI statement handle twice at the same time.
=cut
@@ -1026,7 +1027,7 @@ sub Redirect {
untie $HTML::Mason::Commands::session;
my $uri = URI->new($redir_to);
my $server_uri = URI->new( RT->Config->Get('WebURL') );
-
+
# Make relative URIs absolute from the server host and scheme
$uri->scheme($server_uri->scheme) if not defined $uri->scheme;
if (not defined $uri->host) {
@@ -1106,7 +1107,7 @@ sub CacheControlExpiresHeaders {
} );
}
-=head2 StaticFileHeaders
+=head2 StaticFileHeaders
Send the browser a few headers to try to get it to (somewhat agressively)
cache RT's static Javascript and CSS files.
@@ -1192,7 +1193,7 @@ sub PathIsSafe {
return 1;
}
-=head2 SendStaticFile
+=head2 SendStaticFile
Takes a File => path and a Type => Content-type
@@ -2109,7 +2110,7 @@ sub RenderMenu {
=head2 loc ARRAY
loc is a nice clean global routine which calls $session{'CurrentUser'}->loc()
-with whatever it's called with. If there is no $session{'CurrentUser'},
+with whatever it's called with. If there is no $session{'CurrentUser'},
it creates a temporary user, so we have something to get a localisation handle
through
@@ -5306,4 +5307,4 @@ sub GetDashboards {
package RT::Interface::Web;
RT::Base->_ImportOverlays();
-1;
+1;
\ No newline at end of file
diff --git a/lib/RT/Interface/Web/MenuBuilder.pm b/lib/RT/Interface/Web/MenuBuilder.pm
index f3dc87c541..324bb76919 100644
--- a/lib/RT/Interface/Web/MenuBuilder.pm
+++ b/lib/RT/Interface/Web/MenuBuilder.pm
@@ -338,12 +338,10 @@ sub BuildMainNav {
);
}
}
- my $logout_url = RT->Config->Get('LogoutURL');
- if ( $current_user->Name
- && ( !RT->Config->Get('WebRemoteUserAuth')
- || RT->Config->Get('WebFallbackToRTLogin') )) {
- $about_me->child( logout => title => loc('Logout'), path => $logout_url );
+ if ( $current_user->Name ) {
+ _BuildLogoutMenu( $about_me );
}
+
if ( $request_path =~ m{^/Dashboards/(\d+)?}) {
if ( my $id = ( $1 || $HTML::Mason::Commands::DECODED_ARGS->{'id'} ) ) {
my $obj = RT::Dashboard->new( $current_user );
@@ -1624,6 +1622,27 @@ sub _BuildAdminMenu {
}
}
+sub _BuildLogoutMenu {
+ my $about_me = shift;
+
+ my $logout_url = RT->Config->Get('LogoutURL') || '';
+ # the user should use the built in RT logout page IFF
+ # WebRemoteUserAuth is not enabled
+ # OR
+ # WebFallbackToRTLogin is enabled AND the user is not externally authed
+ # the user should use the LogoutURL config page IFF
+ # WebRemoteUserAuth is enabled
+ # AND
+ # the user is externally authed use the
+ # AND
+ # LogoutURL is not the built in RT logout page
+ if ( !$HTML::Mason::Commands::session{'WebExternallyAuthed'} || $logout_url ne '/NoAuth/Logout.html' )
+ {
+ $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
+ }
+
+}
+
sub BuildSelfServiceNav {
my $request_path = shift;
my $top = shift;
@@ -1694,11 +1713,8 @@ sub BuildSelfServiceNav {
$about_me->child( prefs => title => loc('Preferences'), path => '/SelfService/Prefs.html' );
}
- my $logout_url = RT->Config->Get('LogoutURL');
- if ( $current_user->Name
- && ( !RT->Config->Get('WebRemoteUserAuth')
- || RT->Config->Get('WebFallbackToRTLogin') )) {
- $about_me->child( logout => title => loc('Logout'), path => $logout_url );
+ if ( $current_user->Name ) {
+ _BuildLogoutMenu($about_me);
}
if ( RT->Config->Get('SelfServiceShowArticleSearch') ) {
diff --git a/share/html/NoAuth/Logout.html b/share/html/NoAuth/Logout.html
index 4587533211..07703660bb 100644
--- a/share/html/NoAuth/Logout.html
+++ b/share/html/NoAuth/Logout.html
@@ -77,11 +77,26 @@ $m->callback( %ARGS, CallbackName => 'ModifyLoginRedirect', URL => \$URL );
$m->callback( %ARGS, CallbackName => 'BeforeSessionDelete' );
+my $username;
if (keys %session) {
+ $username = $session{'CurrentUser'}->Name;
+
+ # If WebRemoteUserAuth and LogoutURL are set, redirect to the LogoutURL set on Config
+ if (
+ RT->Config->Get('WebRemoteUserAuth')
+ && $session{'WebExternallyAuthed'}
+ && RT->Config->Get('LogoutURL')
+ ) {
+ $URL = RT->Config->Get('LogoutURL');
+ }
+
+ # Clear the session
RT::Interface::Web::InstantiateNewSession();
$session{'CurrentUser'} = RT::CurrentUser->new;
}
$m->callback( %ARGS, CallbackName => 'AfterSessionDelete' );
$m->notes->{RefreshURL} = $URL;
+
+RT->Logger->info("User $username logged out. Redirecting to $URL") if $username;
</%INIT>
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list