diff --git a/README.md b/README.md index ab516a6..30e4f43 100644 --- a/README.md +++ b/README.md @@ -82,18 +82,29 @@ get an error. If this setting is set to yes, then your web application has to provie user's ip address to generate a user key. Then the user should have provided ip when using this key. If ip address is different a user will get an error. -**Logout redirect URL** +**Redirect after logout from Moodle** You can set URL to redirect users after they logged out from Moodle. For example you can redirect them to logout script of your web application to log users out from it as well. This setting is optional. - **URL of SSO host** You can set URL to redirect users before they see Moodle login page. For example you can redirect them to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option. E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1 +**Logout URL** + +If you need to logout users after they logged out from the external application, you can redirect them +to logout script with required parameter "return". + +E.g. http://yourmoodle.com/auth/userkey/logout.php?return=www.google.com + + +Users will be logged out from Moodle and then redirected to the provided URL. +In case when a user session is already expired, the user will be still redirected. + + **Example client** **Note:** the code below is not for production use. It's just a quick and dirty way to test the functionality. @@ -161,10 +172,6 @@ function getloginurl($useremail, $firstname, $lastname, $username, $courseid = n echo getloginurl('barrywhite@googlemail.com', 'barry', 'white', 'barrywhite', 2, 'certificate', 8); ``` -TODO: ------ -1. Implement logout webservice to be able to call it from external application. - # Crafted by Catalyst IT diff --git a/auth.php b/auth.php index 1abead0..73fa83b 100644 --- a/auth.php +++ b/auth.php @@ -637,4 +637,23 @@ class auth_plugin_userkey extends auth_plugin_base { $redirect = $this->config->redirecturl; } } + + /** + * Log out user and redirect. + */ + public function user_logout_userkey() { + global $CFG, $USER; + + $redirect = required_param('return', PARAM_URL); + + // We redirect when user's session in Moodle already has expired + // or the user is still logged in using "userkey" auth type. + if (!isloggedin() || $USER->auth == 'userkey') { + require_logout(); + $this->redirect($redirect); + } else { + // If logged in with different auth type, then display an error. + print_error('incorrectlogout', 'auth_userkey', $CFG->wwwroot); + } + } } diff --git a/lang/en/auth_userkey.php b/lang/en/auth_userkey.php index 27f4ecf..4b87032 100644 --- a/lang/en/auth_userkey.php +++ b/lang/en/auth_userkey.php @@ -53,3 +53,4 @@ $string['ssourl_desc'] = 'URL of the SSO host to redirect users to. If defined u $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execution terminated.'; $string['noip'] = 'Unable to fetch IP address of client.'; $string['privacy:metadata'] = 'User key authentication plugin does not store any personal data.'; +$string['incorrectlogout'] = 'Incorrect logout request'; diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..026f6ad --- /dev/null +++ b/logout.php @@ -0,0 +1,31 @@ +. + +/** + * Logout page for auth_userkey. + * + * @package auth_userkey + * @copyright 2016 Dmitrii Metelkin (dmitriim@catalyst-au.net) + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +require_once(dirname(__FILE__) . '/../../config.php'); + +if (!is_enabled_auth('userkey')) { + print_error(get_string('pluginisdisabled', 'auth_userkey')); +} + +get_auth_plugin('userkey')->user_logout_userkey(); \ No newline at end of file diff --git a/tests/phpunit/auth_plugin_test.php b/tests/phpunit/auth_plugin_test.php index 8e8ef99..26a5dfc 100644 --- a/tests/phpunit/auth_plugin_test.php +++ b/tests/phpunit/auth_plugin_test.php @@ -1021,4 +1021,76 @@ class auth_plugin_userkey_testcase extends advanced_testcase { } } + /** + * Test when try to logout, but required return is not set. + * + * @expectedException moodle_exception + * @expectedExceptionMessage A required parameter (return) was missing + */ + public function test_user_logout_userkey_when_required_return_not_set() { + $this->auth->user_logout_userkey(); + } + + /** + * Test when try to logout, but user is not logged in. + * + * @expectedException moodle_exception + * @expectedExceptionMessage Unsupported redirect to http://google.com detected, execution terminated. + */ + public function test_user_logout_userkey_when_user_is_not_logged_in() { + $_POST['return'] = 'http://google.com'; + + $this->auth->user_logout_userkey(); + } + + /** + * Test when try to logout, but user logged in with different auth type. + */ + public function test_user_logout_userkey_when_user_logged_in_with_different_auth() { + global $USER; + + $_POST['return'] = 'http://google.com'; + + $this->setUser($this->user); + try { + $this->auth->user_logout_userkey(); + } catch (moodle_exception $e) { + $this->assertTrue(isloggedin()); + $this->assertEquals($USER->id, $this->user->id); + $this->assertEquals( + 'Incorrect logout request', + $e->getMessage() + ); + } + } + + /** + * Test when try to logout, but user logged in with different auth type. + * + * @expectedException moodle_exception + * @expectedExceptionMessage A required parameter (return) was missing + */ + public function test_user_logout_userkey_when_user_logged_in_but_return_not_set() { + $this->setUser($this->user); + $this->auth->user_logout_userkey(); + } + + /** + * Test successful logout. + */ + public function test_user_logout_userkey_logging_out() { + global $USER; + + $this->setUser($this->user); + $USER->auth = 'userkey'; + $_POST['return'] = 'http://google.com'; + + try { + $this->auth->user_logout_userkey(); + } catch (moodle_exception $e) { + $this->assertFalse(isloggedin()); + $this->assertEquals('Unsupported redirect to http://google.com detected, execution terminated.', $e->getMessage()); + } + } + }