Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: e263ff029e
Ветки Метки
zammad
/
app
/
graphql
/
gql
/
mutations
/
logout.rb

logout.rb 2.1 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module Gql::Mutations
    4. 

  4.   class Logout < BaseMutation
    5. 

  5.     include Gql::Mutations::Concerns::Logout::HandlesOidcAuthorization
    6. 

  6. 

  7.     description 'End the current session'
    8. 

  8. 

  9.     field :success, Boolean, null: false, description: 'Was the logout successful?'
    10. 

  10.     field :external_logout_url, String, null: true, description: 'External logout URL (e.g. for SAML)?'
    11. 

  11. 

  12.     # Don't require an authenticated user, because that is not present in maintenance_mode,
    13. 

  13.     #   when users still need to be correctly logged out.
    14. 

  14.     def self.authorize(...)
    15. 

  15.       true
    16. 

  16.     end
    17. 

  17. 

  18.     def self.requires_csrf_verification?
    19. 

  19.       false
    20. 

  20.     end
    21. 

  21. 

  22.     def resolve(...)
    23. 

  23.       # Handling of third-party logouts (we need to redirect to the IDP).
    24. 

  24.       return saml_destroy if saml_session?
    25. 

  25.       return oidc_destroy if oidc_session?
    26. 

  26. 

  27.       context[:controller].reset_session
    28. 

  28.       context[:current_user] = nil
    29. 

  29.       context[:controller].request.env['rack.session.options'][:expire_after] = nil
    30. 

  30. 

  31.       { success: true }
    32. 

  32.     end
    33. 

  33. 

  34.     def saml_destroy
    35. 

  35.       { success: true, external_logout_url: saml_logout_url }
    36. 

  36.     rescue => e
    37. 

  37.       Rails.logger.error "SAML SLO failed: #{e.message}"
    38. 

  38.     end
    39. 

  39. 

  40.     def saml_session?
    41. 

  41.       (session['saml_uid'] || session['saml_session_index']) && OmniAuth::Strategies::SamlDatabase.setup.fetch('idp_slo_service_url', nil)
    42. 

  42.     end
    43. 

  43. 

  44.     def saml_logout_url
    45. 

  45.       options = OmniAuth::Strategies::SamlDatabase.setup
    46. 

  46.       settings = OneLogin::RubySaml::Settings.new(options)
    47. 

  47. 

  48.       logout_request = OneLogin::RubySaml::Logoutrequest.new
    49. 

  49. 

  50.       # Since we created a new SAML request, save the transaction_id
    51. 

  51.       # to compare it with the response we get back
    52. 

  52.       session['saml_transaction_id'] = logout_request.uuid
    53. 

  53. 

  54.       settings.name_identifier_value = session['saml_uid']
    55. 

  55.       settings.sessionindex = session['saml_session_index']
    56. 

  56. 

  57.       saml_remember_origin
    58. 

  58. 

  59.       logout_request.create(settings)
    60. 

  60.     end
    61. 

  61. 

  62.     def saml_remember_origin
    63. 

  63.       session['omniauth.origin'] = context[:controller].request.env['HTTP_REFERER']
    64. 

  64.     end
    65. 

  65. 

  66.     def session
    67. 

  67.       @session ||= context[:controller].session
    68. 

  68.     end
    69. 

  69.   end
    70. 

  70. end
    71.