Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: b5dc16bf99
Ветки Метки
zammad
/
app
/
graphql
/
gql
/
mutations
/
logout.rb

logout.rb 2.1 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module Gql::Mutations
    4. 

  4.   class Logout < BaseMutation
    5. 

  5.     description 'End the current session'
    6. 

  6. 

  7.     field :success, Boolean, null: false, description: 'Was the logout successful?'
    8. 

  8.     field :external_logout_url, String, null: true, description: 'External logout URL (e.g. for SAML)?'
    9. 

  9. 

  10.     # Don't require an authenticated user, because that is not present in maintenance_mode,
    11. 

  11.     #   when users still need to be correctly logged out.
    12. 

  12.     def self.authorize(...)
    13. 

  13.       true
    14. 

  14.     end
    15. 

  15. 

  16.     def self.requires_csrf_verification?
    17. 

  17.       false
    18. 

  18.     end
    19. 

  19. 

  20.     def resolve(...)
    21. 

  21.       # Special handling for SAML logout (we need to redirect to the ISP).
    22. 

  22.       if saml_session?
    23. 

  23.         begin
    24. 

  24.           return saml_destroy
    25. 

  25.         rescue => e
    26. 

  26.           Rails.logger.error "SAML SLO failed: #{e.message}"
    27. 

  27.         end
    28. 

  28.       end
    29. 

  29. 

  30.       context[:controller].reset_session
    31. 

  31.       context[:current_user] = nil
    32. 

  32.       context[:controller].request.env['rack.session.options'][:expire_after] = nil
    33. 

  33. 

  34.       { success: true }
    35. 

  35.     end
    36. 

  36. 

  37.     def saml_destroy
    38. 

  38.       { success: true, external_logout_url: saml_logout_url }
    39. 

  39.     end
    40. 

  40. 

  41.     def saml_session?
    42. 

  42.       (session['saml_uid'] || session['saml_session_index']) && OmniAuth::Strategies::SamlDatabase.setup.fetch('idp_slo_service_url', nil)
    43. 

  43.     end
    44. 

  44. 

  45.     def saml_logout_url
    46. 

  46.       options = OmniAuth::Strategies::SamlDatabase.setup
    47. 

  47.       settings = OneLogin::RubySaml::Settings.new(options)
    48. 

  48. 

  49.       logout_request = OneLogin::RubySaml::Logoutrequest.new
    50. 

  50. 

  51.       # Since we created a new SAML request, save the transaction_id
    52. 

  52.       # to compare it with the response we get back
    53. 

  53.       session['saml_transaction_id'] = logout_request.uuid
    54. 

  54. 

  55.       settings.name_identifier_value = session['saml_uid']
    56. 

  56.       settings.sessionindex = session['saml_session_index']
    57. 

  57. 

  58.       saml_remember_origin
    59. 

  59. 

  60.       logout_request.create(settings)
    61. 

  61.     end
    62. 

  62. 

  63.     def saml_remember_origin
    64. 

  64.       session['omniauth.origin'] = context[:controller].request.env['HTTP_REFERER']
    65. 

  65.     end
    66. 

  66. 

  67.     def session
    68. 

  68.       @session ||= context[:controller].session
    69. 

  69.     end
    70. 

  70.   end
    71. 

  71. end
    72.