KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement logout functionality

Browse source
This commit is contained in:
Dmitrii Metelkin 2020-05-08 22:57:13 +10:00
parent 2038257a9e
commit 650c772707
5 changed files with 136 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -82,18 +82,29 @@ get an error.
If this setting is set to yes, then your web application has to provie user's ip address to generate a user key. Then If this setting is set to yes, then your web application has to provie user's ip address to generate a user key. Then
the user should have provided ip when using this key. If ip address is different a user will get an error. the user should have provided ip when using this key. If ip address is different a user will get an error.
**Logout redirect URL** **Redirect after logout from Moodle**
You can set URL to redirect users after they logged out from Moodle. For example you can redirect them You can set URL to redirect users after they logged out from Moodle. For example you can redirect them
to logout script of your web application to log users out from it as well. This setting is optional. to logout script of your web application to log users out from it as well. This setting is optional.
**URL of SSO host** **URL of SSO host**
You can set URL to redirect users before they see Moodle login page. For example you can redirect them You can set URL to redirect users before they see Moodle login page. For example you can redirect them
to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option. to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option.
E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1 E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1
**Logout URL**
If you need to logout users after they logged out from the external application, you can redirect them
to logout script with required parameter "return".
E.g. http://yourmoodle.com/auth/userkey/logout.php?return=www.google.com
Users will be logged out from Moodle and then redirected to the provided URL.
In case when a user session is already expired, the user will be still redirected.
**Example client** **Example client**
**Note:** the code below is not for production use. It's just a quick and dirty way to test the functionality. **Note:** the code below is not for production use. It's just a quick and dirty way to test the functionality.
@ -161,10 +172,6 @@ function getloginurl($useremail, $firstname, $lastname, $username, $courseid = n
echo getloginurl('barrywhite@googlemail.com', 'barry', 'white', 'barrywhite', 2, 'certificate', 8); echo getloginurl('barrywhite@googlemail.com', 'barry', 'white', 'barrywhite', 2, 'certificate', 8);
``` ```
TODO:
-----
1. Implement logout webservice to be able to call it from external application.
# Crafted by Catalyst IT # Crafted by Catalyst IT

19
auth.php
View file

@ -637,4 +637,23 @@ class auth_plugin_userkey extends auth_plugin_base {
$redirect = $this->config->redirecturl; $redirect = $this->config->redirecturl;
} }
} }
/**
* Log out user and redirect.
*/
public function user_logout_userkey() {
global $CFG, $USER;
$redirect = required_param('return', PARAM_URL);
// We redirect when user's session in Moodle already has expired
// or the user is still logged in using "userkey" auth type.
if (!isloggedin() || $USER->auth == 'userkey') {
require_logout();
$this->redirect($redirect);
} else {
// If logged in with different auth type, then display an error.
print_error('incorrectlogout', 'auth_userkey', $CFG->wwwroot);
}
}
} }

1
lang/en/auth_userkey.php
View file

@ -53,3 +53,4 @@ $string['ssourl_desc'] = 'URL of the SSO host to redirect users to. If defined u
$string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execution terminated.'; $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execution terminated.';
$string['noip'] = 'Unable to fetch IP address of client.'; $string['noip'] = 'Unable to fetch IP address of client.';
$string['privacy:metadata'] = 'User key authentication plugin does not store any personal data.'; $string['privacy:metadata'] = 'User key authentication plugin does not store any personal data.';
$string['incorrectlogout'] = 'Incorrect logout request';

31
logout.php Normal file
View file

@ -0,0 +1,31 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Logout page for auth_userkey.
*
* @package auth_userkey
* @copyright 2016 Dmitrii Metelkin (dmitriim@catalyst-au.net)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once(dirname(__FILE__) . '/../../config.php');
if (!is_enabled_auth('userkey')) {
print_error(get_string('pluginisdisabled', 'auth_userkey'));
}
get_auth_plugin('userkey')->user_logout_userkey();

72
tests/phpunit/auth_plugin_test.php
View file

@ -1021,4 +1021,76 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
} }
} }
/**
* Test when try to logout, but required return is not set.
*
* @expectedException moodle_exception
* @expectedExceptionMessage A required parameter (return) was missing
*/
public function test_user_logout_userkey_when_required_return_not_set() {
$this->auth->user_logout_userkey();
}
/**
* Test when try to logout, but user is not logged in.
*
* @expectedException moodle_exception
* @expectedExceptionMessage Unsupported redirect to http://google.com detected, execution terminated.
*/
public function test_user_logout_userkey_when_user_is_not_logged_in() {
$_POST['return'] = 'http://google.com';
$this->auth->user_logout_userkey();
}
/**
* Test when try to logout, but user logged in with different auth type.
*/
public function test_user_logout_userkey_when_user_logged_in_with_different_auth() {
global $USER;
$_POST['return'] = 'http://google.com';
$this->setUser($this->user);
try {
$this->auth->user_logout_userkey();
} catch (moodle_exception $e) {
$this->assertTrue(isloggedin());
$this->assertEquals($USER->id, $this->user->id);
$this->assertEquals(
'Incorrect logout request',
$e->getMessage()
);
}
}
/**
* Test when try to logout, but user logged in with different auth type.
*
* @expectedException moodle_exception
* @expectedExceptionMessage A required parameter (return) was missing
*/
public function test_user_logout_userkey_when_user_logged_in_but_return_not_set() {
$this->setUser($this->user);
$this->auth->user_logout_userkey();
}
/**
* Test successful logout.
*/
public function test_user_logout_userkey_logging_out() {
global $USER;
$this->setUser($this->user);
$USER->auth = 'userkey';
$_POST['return'] = 'http://google.com';
try {
$this->auth->user_logout_userkey();
} catch (moodle_exception $e) {
$this->assertFalse(isloggedin());
$this->assertEquals('Unsupported redirect to http://google.com detected, execution terminated.', $e->getMessage());
}
}
} }