Implement logout functionality

README.md

@@ -82,18 +82,29 @@ get an error.
 If this setting is set to yes, then your web application has to provie user's ip address to generate a user key. Then
 the user should have provided ip when using this key. If ip address is different a user will get an error.
 
-**Logout redirect URL**
+**Redirect after logout from Moodle**
 
 You can set URL to redirect users after they logged out from Moodle. For example you can redirect them
 to logout script of your web application to log users out from it as well. This setting is optional.
 
-
 **URL of SSO host**
 
 You can set URL to redirect users before they see Moodle login page. For example you can redirect them
 to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option.
 E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1
 
+**Logout URL**
+
+If you need to logout users after they logged out from the external application, you can redirect them 
+to logout script with required parameter "return". 
+
+E.g. http://yourmoodle.com/auth/userkey/logout.php?return=www.google.com 
+
+
+Users will be logged out from Moodle and then redirected to the provided URL. 
+In case when a user session is already expired, the user will be still redirected.  
+  
+
 **Example client**
 
 **Note:** the code below is not for production use. It's just a quick and dirty way to test the functionality.
@@ -161,10 +172,6 @@ function getloginurl($useremail, $firstname, $lastname, $username, $courseid = n
 echo getloginurl('barrywhite@googlemail.com', 'barry', 'white', 'barrywhite', 2, 'certificate', 8);
 ```
 
-TODO:
------
-1. Implement logout webservice to be able to call it from external application.
-
 
 # Crafted by Catalyst IT
 

auth.php

@@ -637,4 +637,23 @@ class auth_plugin_userkey extends auth_plugin_base {
             $redirect = $this->config->redirecturl;
         }
     }
+
+    /**
+     * Log out user and redirect.
+     */
+    public function user_logout_userkey() {
+        global $CFG, $USER;
+
+        $redirect = required_param('return', PARAM_URL);
+
+        // We redirect when user's session in Moodle already has expired
+        // or the user is still logged in using "userkey" auth type.
+        if (!isloggedin() || $USER->auth == 'userkey') {
+            require_logout();
+            $this->redirect($redirect);
+        } else {
+            // If logged in with different auth type, then display an error.
+            print_error('incorrectlogout', 'auth_userkey', $CFG->wwwroot);
+        }
+    }
 }

lang/en/auth_userkey.php

@@ -53,3 +53,4 @@ $string['ssourl_desc'] = 'URL of the SSO host to redirect users to. If defined u
 $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execution terminated.';
 $string['noip'] = 'Unable to fetch IP address of client.';
 $string['privacy:metadata'] = 'User key authentication plugin does not store any personal data.';
+$string['incorrectlogout'] = 'Incorrect logout request';

logout.php

@@ -0,0 +1,31 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Logout page for auth_userkey.
+ *
+ * @package    auth_userkey
+ * @copyright  2016 Dmitrii Metelkin (dmitriim@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+require_once(dirname(__FILE__) . '/../../config.php');
+
+if (!is_enabled_auth('userkey')) {
+    print_error(get_string('pluginisdisabled', 'auth_userkey'));
+}
+
+get_auth_plugin('userkey')->user_logout_userkey();

tests/phpunit/auth_plugin_test.php

@@ -1021,4 +1021,76 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
         }
     }
 
+    /**
+     * Test when try to logout, but required return is not set.
+     *
+     * @expectedException moodle_exception
+     * @expectedExceptionMessage A required parameter (return) was missing
+     */
+    public function test_user_logout_userkey_when_required_return_not_set() {
+        $this->auth->user_logout_userkey();
+    }
+
+    /**
+     * Test when try to logout, but user is not logged in.
+     *
+     * @expectedException moodle_exception
+     * @expectedExceptionMessage Unsupported redirect to http://google.com detected, execution terminated.
+     */
+    public function test_user_logout_userkey_when_user_is_not_logged_in() {
+        $_POST['return'] = 'http://google.com';
+
+        $this->auth->user_logout_userkey();
+    }
+
+    /**
+     * Test when try to logout, but user logged in with different auth type.
+     */
+    public function test_user_logout_userkey_when_user_logged_in_with_different_auth() {
+        global $USER;
+
+        $_POST['return'] = 'http://google.com';
+
+        $this->setUser($this->user);
+        try {
+            $this->auth->user_logout_userkey();
+        } catch (moodle_exception $e) {
+            $this->assertTrue(isloggedin());
+            $this->assertEquals($USER->id, $this->user->id);
+            $this->assertEquals(
+                'Incorrect logout request',
+                $e->getMessage()
+            );
+        }
+    }
+
+    /**
+     * Test when try to logout, but user logged in with different auth type.
+     *
+     * @expectedException moodle_exception
+     * @expectedExceptionMessage A required parameter (return) was missing
+     */
+    public function test_user_logout_userkey_when_user_logged_in_but_return_not_set() {
+        $this->setUser($this->user);
+        $this->auth->user_logout_userkey();
+    }
+
+    /**
+     * Test successful logout.
+     */
+    public function test_user_logout_userkey_logging_out() {
+        global $USER;
+
+        $this->setUser($this->user);
+        $USER->auth = 'userkey';
+        $_POST['return'] = 'http://google.com';
+
+        try {
+            $this->auth->user_logout_userkey();
+        } catch (moodle_exception $e) {
+            $this->assertFalse(isloggedin());
+            $this->assertEquals('Unsupported redirect to http://google.com detected, execution terminated.', $e->getMessage());
+        }
+    }
+
 }