[Rt-commit] rt branch 5.0/login-logout-adjustments created. rt-5.0.3-228-g134f6846c5
BPS Git Server
git at git.bestpractical.com
Thu Mar 2 13:19:52 UTC 2023
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/login-logout-adjustments has been created
at 134f6846c50b4f7eadcd9bb450e366d5a86b75e3 (commit)
- Log -----------------------------------------------------------------
commit 134f6846c50b4f7eadcd9bb450e366d5a86b75e3
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Thu Mar 2 10:12:34 2023 -0300
Move ModifyLoginRedirect Callback to the end of Logout processing
The URL generated by the ModifyLoginRedirect callback could be
overwritten by the LogoutURL config if Web External Auth was enabled.
This change moves the callback to the end of the Logout processing so
that the callback can override the final URL to redirect the user.
diff --git a/share/html/NoAuth/Logout.html b/share/html/NoAuth/Logout.html
index 53b689a988..a8715346dc 100644
--- a/share/html/NoAuth/Logout.html
+++ b/share/html/NoAuth/Logout.html
@@ -71,10 +71,6 @@
<%INIT>
my $URL = RT->Config->Get('WebPath')."/";
-# Allow a callback to modify the URL we redirect to, which is useful for
-# external webauth systems
-$m->callback( %ARGS, CallbackName => 'ModifyLoginRedirect', URL => \$URL );
-
$m->callback( %ARGS, CallbackName => 'BeforeSessionDelete' );
my $username;
@@ -104,6 +100,10 @@ if (keys %session && $session{'CurrentUser'}->Name) {
}
$m->callback( %ARGS, CallbackName => 'AfterSessionDelete' );
+
+# Allow a callback to modify the URL we redirect to, which is useful for
+# external webauth systems
+$m->callback( %ARGS, CallbackName => 'ModifyLoginRedirect', URL => \$URL );
$m->notes->{RefreshURL} = $URL;
RT->Logger->info("User $username logged out. Redirecting to $URL") if $username;
commit b8858a67bd3579ec6b05f44a6e8566454ea44c56
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Thu Mar 2 10:05:02 2023 -0300
Add Web External Auth logout Logic to Logout.html
We moved the URL redirection logic from MenuBuilder to the Logout.html.
This is because now we always redirect first to our Logout.html page
for generating appropriate logout messages. Only after that the user
is redirected to the external logout URL.
Also added new logs to warn RT admin if the external LogoutURL is not
set.
diff --git a/share/html/NoAuth/Logout.html b/share/html/NoAuth/Logout.html
index f6bd25ea3b..53b689a988 100644
--- a/share/html/NoAuth/Logout.html
+++ b/share/html/NoAuth/Logout.html
@@ -78,20 +78,29 @@ $m->callback( %ARGS, CallbackName => 'ModifyLoginRedirect', URL => \$URL );
$m->callback( %ARGS, CallbackName => 'BeforeSessionDelete' );
my $username;
-if (keys %session) {
+if (keys %session && $session{'CurrentUser'}->Name) {
$username = $session{'CurrentUser'}->Name;
-
- # If WebRemoteUserAuth and LogoutURL are set, redirect to the LogoutURL set on Config
- if (
- $session{'WebExternallyAuthed'}
- && RT->Config->Get('LogoutURL')
- ) {
- $URL = RT->Config->Get('LogoutURL');
+ my $remote_addr = ( RT::Interface::Web::RequestENV('REMOTE_ADDR')
+ || 'UNKNOWN');
+ my $LogoutURL = RT->Config->Get('LogoutURL');
+ if ($session{'WebExternallyAuthed'}){
+ if ($LogoutURL
+ && $LogoutURL ne '/NoAuth/Logout.html'
+ )
+ {
+ $URL = $LogoutURL;
+ } else {
+ RT->Logger->warn("Going to clear session for ".
+ $username . " for logout request from ".
+ $remote_addr .
+ " but LogoutURL Config is undefined or invalid");
+ }
}
# Clear the session
RT::Interface::Web::InstantiateNewSession();
$session{'CurrentUser'} = RT::CurrentUser->new;
+ RT->Logger->info("Successful logout for $username from $remote_addr");
}
$m->callback( %ARGS, CallbackName => 'AfterSessionDelete' );
commit 5196ea671d701f74311b6a304040ff098f3509bd
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Thu Mar 2 09:03:48 2023 -0300
Remove LogoutURL logic from MenuBuilder.pm
We will not hide the logout option anymore so there is no need to have
logic in MenuBuilder for hidding it. For this reason we removed the
_BuildLogoutMenu sub routine and added Logout menu with about_me->child.
diff --git a/lib/RT/Interface/Web/MenuBuilder.pm b/lib/RT/Interface/Web/MenuBuilder.pm
index b6260023a8..52adfa844f 100644
--- a/lib/RT/Interface/Web/MenuBuilder.pm
+++ b/lib/RT/Interface/Web/MenuBuilder.pm
@@ -339,7 +339,7 @@ sub BuildMainNav {
}
}
if ( $current_user->Name ) {
- _BuildLogoutMenu( $about_me );
+ $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
}
if ( $request_path =~ m{^/Dashboards/(\d+)?}) {
if ( my $id = ( $1 || $HTML::Mason::Commands::DECODED_ARGS->{'id'} ) ) {
@@ -1621,18 +1621,6 @@ sub _BuildAdminMenu {
}
}
-sub _BuildLogoutMenu {
- my $about_me = shift;
-
- my $logout_url = RT->Config->Get('LogoutURL') || '/NoAuth/Logout.html';
- # If user is not externally authenticated, show the logout link
- # otherwise, show the logout link if LogoutURL is set to something other than the default
- if ( !$HTML::Mason::Commands::session{'WebExternallyAuthed'} || $logout_url ne '/NoAuth/Logout.html' )
- {
- $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
- }
-}
-
sub BuildSelfServiceNav {
my $request_path = shift;
my $top = shift;
@@ -1704,7 +1692,7 @@ sub BuildSelfServiceNav {
}
if ( $current_user->Name ) {
- _BuildLogoutMenu($about_me);
+ $about_me->child( logout => title => loc('Logout'), path => '/NoAuth/Logout.html' );
}
if ( RT->Config->Get('SelfServiceShowArticleSearch') ) {
commit 0bf59f3d3ea218346cd35d25ae58a958a483d3bd
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Fri Jan 6 17:43:05 2023 -0300
Update basic_auth.t test since logout will be always available
diff --git a/t/web/basic_auth.t b/t/web/basic_auth.t
index ff77f29f26..2eea552fec 100644
--- a/t/web/basic_auth.t
+++ b/t/web/basic_auth.t
@@ -23,7 +23,7 @@ $m->content_like(
qr{<span class="current-user">\Qroot\E</span>}i,
"Has user on the page"
);
-$m->content_unlike(qr/Logout/i, "Has no logout button, no WebFallbackToRTLogin");
+$m->content_like(qr/Logout/i, "Has logout button");
# Again, testing the plack middleware
$m->get($url);
commit 5a3f27dcb9a4b1f3fae60bdba9c024187776b3e9
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date: Fri Jan 6 17:20:51 2023 -0300
Add REMOTE ADDRESS to the debug of auth web remote log in
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 7de6dcf3fc..d8e66866cd 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -806,7 +806,8 @@ sub AttemptExternalAuth {
}
if ( _UserLoggedIn() ) {
- RT->Logger->info("Session created from REMOTE_USER for user $user");
+ my $remote_addr = RequestENV('REMOTE_ADDR');
+ RT->Logger->info("Successful login for $user from $remote_addr");
$HTML::Mason::Commands::session{'WebExternallyAuthed'} = 1;
$m->callback( %$ARGS, CallbackName => 'ExternalAuthSuccessfulLogin', CallbackPage => '/autohandler' );
# It is possible that we did a redirect to the login page,
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list