Loggout Controller

ioigoume · ioigoume · commit cc0dbaf04192 · 2024-11-19T22:01:01.000+02:00
diff --git a/public/logout.php b/public/logout.php
diff --git a/routing/routes/routes.php b/routing/routes/routes.php
@@ -9,6 +9,7 @@
 use SimpleSAML\Module\casserver\Codebooks\RoutesEnum;
 use SimpleSAML\Module\casserver\Codebooks\LegacyRoutesEnum;
 use SimpleSAML\Module\casserver\Controller\Cas10Controller;
+use SimpleSAML\Module\casserver\Controller\LogoutController;
 use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator;
 
 /** @psalm-suppress InvalidArgument */
@@ -18,8 +19,12 @@
     // New Routes
     $routes->add(RoutesEnum::Validate->name, RoutesEnum::Validate->value)
         ->controller([Cas10Controller::class, 'validate']);
+    $routes->add(RoutesEnum::Validate->name, RoutesEnum::Logout->value)
+        ->controller([LogoutController::class, 'logout']);
 
     // Legacy Routes
     $routes->add(LegacyRoutesEnum::LegacyValidate->name, LegacyRoutesEnum::LegacyValidate->value)
         ->controller([Cas10Controller::class, 'validate']);
+    $routes->add(LegacyRoutesEnum::LegacyValidate->name, LegacyRoutesEnum::LegacyLogout->value)
+        ->controller([LogoutController::class, 'logout']);
 };
diff --git a/src/Controller/Cas10Controller.php b/src/Controller/Cas10Controller.php
@@ -43,7 +43,6 @@ class Cas10Controller
      *
      * It initializes the global configuration for the controllers implemented here.
      *
-     * @throws Exception
      */
     public function __construct()
     {
diff --git a/src/Controller/LogoutController.php b/src/Controller/LogoutController.php
@@ -0,0 +1,120 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\casserver\Controller;
+
+use SimpleSAML\Auth\Simple;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Module\casserver\Cas\Factories\TicketFactory;
+use SimpleSAML\Module\casserver\Controller\Traits\UrlTrait;
+use SimpleSAML\Session;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Attribute\MapQueryParameter;
+
+class LogoutController
+{
+    use UrlTrait;
+
+    /** @var Logger */
+    protected Logger $logger;
+
+    /** @var Configuration */
+    protected Configuration $casConfig;
+
+    /** @var TicketFactory */
+    protected TicketFactory $ticketFactory;
+
+    /** @var Simple  */
+    protected Simple $authSource;
+
+    // this could be any configured ticket store
+    /** @var mixed */
+    protected mixed $ticketStore;
+
+    /**
+     * Controller constructor.
+     *
+     * It initializes the global configuration for the controllers implemented here.
+     *
+     */
+    public function __construct()
+    {
+        $this->casConfig = Configuration::getConfig('module_casserver.php');
+        /* Instantiate ticket factory */
+        $this->ticketFactory = new TicketFactory($this->casConfig);
+        /* Instantiate ticket store */
+        $ticketStoreConfig = $this->casConfig->getOptionalValue(
+            'ticketstore',
+            ['class' => 'casserver:FileSystemTicketStore'],
+        );
+        $ticketStoreClass = 'SimpleSAML\\Module\\casserver\\Cas\\Ticket\\'
+            . explode(':', $ticketStoreConfig['class'])[1];
+        $this->ticketStore = new $ticketStoreClass($this->casConfig);
+        $this->authSource = new Simple($this->casConfig->getValue('authsource'));
+    }
+
+    /**
+     *
+     * @param   string|null  $url
+     *
+     * @return RedirectResponse|null
+     */
+    public function logout(
+        #[MapQueryParameter] ?string $url = null,
+    ): RedirectResponse|null {
+        if (!$this->casConfig->getOptionalValue('enable_logout', false)) {
+            $this->handleExceptionThrown('Logout not allowed');
+        }
+
+        // Skip Logout Page configuration
+        $skipLogoutPage = $this->casConfig->getOptionalValue('skip_logout_page', false);
+
+        if ($skipLogoutPage && $url === null) {
+            $this->handleExceptionThrown('Required URL query parameter [url] not provided. (CAS Server)');
+        }
+
+        // Construct the logout redirect url
+        $logoutRedirectUrl =  ($skipLogoutPage || $url === null) ? $url
+            : $url . '?' . http_build_query(['url' => $url]);
+
+        // Delete the ticket from the session
+        $session = $this->getSession();
+        if ($session !== null) {
+            $this->ticketStore->deleteTicket($session->getSessionId());
+        }
+
+        // Redirect
+        if (!$this->authSource->isAuthenticated()) {
+            $this->redirect($logoutRedirectUrl);
+        }
+
+        // Logout and redirect
+        $this->authSource->logout($logoutRedirectUrl);
+
+        // We should never get here
+        return null;
+    }
+
+    /**
+     * @param   string  $message
+     *
+     * @return void
+     */
+    protected function handleExceptionThrown(string $message): void
+    {
+        Logger::debug('casserver:' . $message);
+        throw new \RuntimeException($message);
+    }
+
+    /**
+     * Get the Session
+     *
+     * @return Session|null
+     */
+    protected function getSession(): ?Session
+    {
+        return Session::getSession();
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,6 @@ class Cas10Controller`
`43`	`43`	`*`
`44`	`44`	`* It initializes the global configuration for the controllers implemented here.`
`45`	`45`	`*`
`46`		`- * @throws Exception`
`47`	`46`	`*/`
`48`	`47`	`public function __construct()`
`49`	`48`	`{`