[Rt-commit] rt branch 5.0/fix-web-remote-user-auth-logout-url-bug created. rt-5.0.3-86-g87248dc346

BPS Git Server git at git.bestpractical.com
Fri Oct 28 16:10:24 UTC 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 5.0/fix-web-remote-user-auth-logout-url-bug has been created
        at  87248dc3467dc388a404db2fa36217221b989aa5 (commit)

- Log -----------------------------------------------------------------
commit 87248dc3467dc388a404db2fa36217221b989aa5
Author: Brad Embree <brad at bestpractical.com>
Date:   Fri Sep 2 08:42:35 2022 -0700

    Fix logic in Logout menu option
    
    When WebRemoteUserAuth is enabled and WebFallbackToRTLogin is not enabled
    the user would not see the Logout menu option.
    
    When WebFallbackToRTLogin is enabled the user would always see the native
    RT logout even if they were externally authed.
    
    Changed the logic to use the native RT logout when using native RT login
    and only use the LogoutURL config option if the user is actually
    authorized externally and the LogoutURL config option is not set to the
    native RT logout.

diff --git a/lib/RT/Interface/Web/MenuBuilder.pm b/lib/RT/Interface/Web/MenuBuilder.pm
index 7260a75c78..6885a4b084 100644
--- a/lib/RT/Interface/Web/MenuBuilder.pm
+++ b/lib/RT/Interface/Web/MenuBuilder.pm
@@ -338,10 +338,29 @@ sub BuildMainNav {
             );
         }
     }
-    my $logout_url = RT->Config->Get('LogoutURL');
+    my $logout_url = RT->Config->Get('LogoutURL') || '';
+    # the user should use the built in RT logout page IFF
+    #   WebRemoteUserAuth is not enabled
+    #   OR
+    #   WebFallbackToRTLogin is enabled AND the user is not externally authed
+    # the user should use the LogoutURL config page IFF
+    #   WebRemoteUserAuth is enabled
+    #   AND
+    #   the user is externally authed use the
+    #   AND
+    #   LogoutURL is not the built in RT logout page
     if ( $current_user->Name
          && (   !RT->Config->Get('WebRemoteUserAuth')
-              || RT->Config->Get('WebFallbackToRTLogin') )) {
+              || ( RT->Config->Get('WebFallbackToRTLogin')
+                && !$HTML::Mason::Commands::session{'WebExternallyAuthed'} ) ) ) {
+        # using RT login so use default RT logout
+        $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
+    } elsif ( RT->Config->Get('WebRemoteUserAuth')
+        && $HTML::Mason::Commands::session{'WebExternallyAuthed'}
+        && ( $logout_url ne '/NoAuth/Logout.html' ) )
+    {
+        # using remote user auth so use logout url if it is not the default RT logout
+        # for remote user auth logout url should point to SP or IdP logout
         $about_me->child( logout => title => loc('Logout'), path => $logout_url );
     }
     if ( $request_path =~ m{^/Dashboards/(\d+)?}) {
@@ -1694,10 +1713,29 @@ sub BuildSelfServiceNav {
         $about_me->child( prefs => title => loc('Preferences'), path => '/SelfService/Prefs.html' );
     }
 
-    my $logout_url = RT->Config->Get('LogoutURL');
+    my $logout_url = RT->Config->Get('LogoutURL') || '';
+    # the user should use the built in RT logout page IFF
+    #   WebRemoteUserAuth is not enabled
+    #   OR
+    #   WebFallbackToRTLogin is enabled AND the user is not externally authed
+    # the user should use the LogoutURL config page IFF
+    #   WebRemoteUserAuth is enabled
+    #   AND
+    #   the user is externally authed use the
+    #   AND
+    #   LogoutURL is not the built in RT logout page
     if ( $current_user->Name
          && (   !RT->Config->Get('WebRemoteUserAuth')
-              || RT->Config->Get('WebFallbackToRTLogin') )) {
+              || ( RT->Config->Get('WebFallbackToRTLogin')
+                && !$HTML::Mason::Commands::session{'WebExternallyAuthed'} ) ) ) {
+        # using RT login so use default RT logout
+        $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
+    } elsif ( RT->Config->Get('WebRemoteUserAuth')
+        && $HTML::Mason::Commands::session{'WebExternallyAuthed'}
+        && ( $logout_url ne '/NoAuth/Logout.html' ) )
+    {
+        # using remote user auth so use logout url if it is not the default RT logout
+        # for remote user auth logout url should point to SP or IdP logout
         $about_me->child( logout => title => loc('Logout'), path => $logout_url );
     }
 

-----------------------------------------------------------------------


hooks/post-receive
-- 
rt

More information about the rt-commit mailing list