Simple logout works (#595)

Makefile

@@ -364,7 +364,7 @@ prepare_test_server:
 		VHOSTLISTEN='*:$(TESTWEBSERVERPORT)' \
 		PORT=$(TESTWEBSERVERPORT) \
 		FASTCGISOCKDIR=`pwd`/e2e-tests/conf \
-		PORTALDIR=`pwd`/$(SRCPORTALDIR)/example \
+		PORTALDIR=`pwd`/$(SRCPORTALDIR)/site/htdocs \
 		MANAGERDIR=`pwd`/$(SRCMANAGERDIR)/site \
 		TESTDIR=`pwd`/e2e-tests/conf/site \
 		MANAGERPSGIDIR=`pwd`/e2e-tests \

_example/etc/portal-apache2.X.conf

@@ -22,12 +22,6 @@
         Options +ExecCGI +FollowSymLinks
     </Directory>
 
-    # Perl script
-    <Files *.pl>
-        SetHandler perl-script
-        PerlResponseHandler ModPerl::Registry
-    </Files>
-
     # Temporary hook
     <Files *.fcgi>
         SetHandler fcgid-script
@@ -35,7 +29,7 @@
     </Files>
 
     <IfModule mod_dir.c>
-        DirectoryIndex index.pl index.html
+        DirectoryIndex index.html index.fcgi
     </IfModule>
 
     # SOAP functions for sessions management (disabled by default)

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm

@@ -104,6 +104,122 @@ sub controlUrl {
     PE_OK;
 }
 
+sub checkLogout {
+    my ( $self, $req ) = @_;
+    if ( $req->param('logout') ) {
+        my $apacheSession = $self->getApacheSession($req->id);
+        unless ( $self->_deleteSession( $req, $apacheSession ) ) {
+            $self->lmLog( "Unable to delete session ".$req->id, 'error' );
+            $self->lmLog( $apacheSession->error,          'error' );
+            return PE_ERROR;
+        }
+        else {
+            $self->lmLog( "Session $req->{id} deleted from global storage", 'debug' );
+        }
+
+ # TODO
+ # Call issuerDB logout on each used issuerDBmodule
+ #my $issuerDBList = $req->{sessionInfo}->{_issuerDB};
+ #if ( defined $issuerDBList ) {
+ #    foreach my $issuerDBtype (
+ #        split( /\Q$self->{conf}->{multiValuesSeparator}\E/o, $issuerDBList ) )
+ #    {
+ #        my $module_name = "Lemonldap::NG::Portal::IssuerDB/$issuerDBtype";
+ #        $self->lmLog(
+ #            "Process logout for issuerDB module $issuerDBtype",
+ #            'debug' );
+
+        #        $self->{error} = $self->_subProcess(
+        #            $module_name . "::issuerDBInit",
+        #            $module_name . '::issuerLogout'
+        #        );
+
+        #    }
+        #}
+
+        # Call logout for the module used to authenticate
+        #$self->lmLog(
+        #    "Process logout for authentication module "
+        #      . $self->{sessionInfo}->{_auth},
+        #    'debug'
+        #);
+
+        #if ( $self->{sessionInfo}->{'_auth'} ne $self->get_module('auth') ) {
+        #    my $module_name =
+        #      'Lemonldap::NG::Portal::Auth' . $self->{sessionInfo}->{_auth};
+
+       #    unless ( $self->loadModule($module_name) ) {
+       #        $self->lmLog( "Unable to load $module_name", 'error' );
+       #    }
+       #    else {
+       #        eval {
+       #            $self->{error} = $self->_subProcess(
+       #                $module_name . "::authInit",
+       #                $module_name . "::authLogout"
+       #            );
+       #        };
+       #    }
+       #}
+       #else {
+       #    eval {
+       #        $self->{error} = $self->_subProcess( 'authInit', 'authLogout' );
+       #    };
+       #}
+       #if ($@) {
+       #    $self->lmLog( "Error when calling authentication logout: $@",
+       #        'debug' );
+       #}
+       #return $self->{error} if $self->{error} > 0;
+
+        # Collect logout services and build hidden iFrames
+        #if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
+
+        #    $self->lmLog( "Create iFrames to forward logout to services",
+        #        'debug' );
+
+        #    $self->info( "<h3>" . $self->msg(PM_LOGOUT) . "</h3>" );
+
+        #    foreach ( keys %{ $self->{logoutServices} } ) {
+        #        my $logoutServiceName = $_;
+        #        my $logoutServiceUrl =
+        #          $self->{logoutServices}->{$logoutServiceName};
+
+        #        $self->lmLog(
+        #"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
+
+          #            'debug'
+          #        );
+
+#        my $iframe =
+#            "<iframe src=\"$logoutServiceUrl\""
+#          . " alt=\"$logoutServiceName\" marginwidth=\"0\""
+#          . " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
+#          . " width=\"0\" height=\"0\" frameborder=\"0\">"
+#          . "</iframe>";
+
+          #        $self->info($iframe);
+          #    }
+
+          #    # Redirect on logout page if no other target defined
+          #    if ( !$self->{urldc} and !$self->{postUrl} ) {
+          #        $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
+          #    }
+          #}
+
+          # Redirect or Post if asked by authLogout
+          #return $self->_subProcess(qw(autoRedirect))
+          #  if (  $self->{urldc}
+          #    and $self->{urldc} ne $self->{portal} );
+
+          #return $self->_subProcess(qw(autoPost))
+          #  if ( $self->{postUrl} );
+
+          # Display logout message
+          return PE_LOGOUT_OK;
+    }
+
+}
+
 # Check value to detect XSS attack
 # @param name Parameter name
 # @param value Parameter value

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

@@ -83,8 +83,13 @@ sub postLogin {
 
 sub authenticatedRequest {
     my ( $self, $req ) = @_;
-    return $self->do( $req,
-        [ 'importHandlerDatas', 'controlUrl', @{ $self->forAuthUser } ] );
+    return $self->do(
+        $req,
+        [
+            'importHandlerDatas', 'checkLogout',
+            'controlUrl',         @{ $self->forAuthUser }
+        ]
+    );
 }
 
 sub postAuthenticatedRequest {
@@ -92,8 +97,9 @@ sub postAuthenticatedRequest {
     return $self->do(
         $req,
         [
-            'importHandlerDatas', 'restoreArgs',
-            'controlUrl',         @{ $self->forAuthUser }
+            'importHandlerDatas', 'checkLogout',
+            'restoreArgs',        'controlUrl',
+            @{ $self->forAuthUser }
         ]
     );
 }
@@ -258,6 +264,62 @@ sub getPersistentSession {
     return $ps;
 }
 
+# Delete an existing session. If "securedCookie" is set to 2, the http session
+# will also be removed.
+# @param h tied Apache::Session object
+# @param preserveCookie do not delete cookie
+# @return True if session has been deleted
+sub _deleteSession {
+    my ( $self, $req, $session, $preserveCookie ) = @_;
+
+    # Invalidate http cookie and session, if set
+    if ( $self->{securedCookie} >= 2 ) {
+
+        # Try to find a linked http session (securedCookie == 2)
+        if ( my $id2 = $session->data->{_httpSession} ) {
+            if ( my $session2 = $self->getApacheSession( $id2, 1 ) ) {
+                $session2->remove;
+                if ( $session2->error ) {
+                    $self->lmLog( "Unable to remove linked session $id2",
+                        'debug' );
+                    $self->lmLog( $session2->error, 'debug' );
+                }
+            }
+        }
+
+        # Create an obsolete cookie to remove it
+        push @{ $req->respHeaders },
+          'Set-Cookie' => $self->cookie(
+            name    => $self->conf->{cookieName} . 'http',
+            value   => 0,
+            domain  => $self->conf->{domain},
+            path    => "/",
+            secure  => 0,
+            expires => '-1d',
+          ) unless ($preserveCookie);
+    }
+
+    $session->remove;
+
+    # Create an obsolete cookie to remove it
+    push @{ $req->respHeaders },
+      'Set-Cookie' => $self->cookie(
+        name    => $self->conf->{cookieName},
+        value   => 0,
+        domain  => $self->conf->{domain},
+        path    => "/",
+        secure  => 0,
+        expires => '-1d',
+        @_,
+      ) unless ($preserveCookie);
+
+    # Log
+    my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
+    $self->userNotice("User $user has been disconnected") if $user;
+
+    return $session->error ? 0 : 1;
+}
+
 # Return md5(s)
 sub _md5hash {
     my ( $self, $s ) = @_;