Logout is cool too :)

This commit is contained in:
Kload 2013-10-16 23:53:14 +02:00
parent 8af807a98b
commit 800d8ccf44
2 changed files with 74 additions and 38 deletions

View file

@ -154,10 +154,18 @@ function display_login_form ()
ngx.req.set_header("Cache-Control", "no-cache") ngx.req.set_header("Cache-Control", "no-cache")
if args.action and args.action == 'logout' then if args.action and args.action == 'logout' then
-- Logout if check_cookie() then
delete_cookie() local user = ngx.var.cookie_SSOwAuthUser
return redirect(portal_url) logout[user] = {}
else logout[user]["redirect_url"] = portal_url
logout[user]["domains"] = {}
for _, value in ipairs(conf["domains"]) do
table.insert(logout[user]["domains"], value)
end
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
end
end
-- Set redirect -- Set redirect
if args.r then set_redirect_cookie(ngx.decode_base64(args.r)) end if args.r then set_redirect_cookie(ngx.decode_base64(args.r)) end
-- Set token -- Set token
@ -165,7 +173,6 @@ function display_login_form ()
ngx.header["Cache-Control"] = "no-cache" ngx.header["Cache-Control"] = "no-cache"
ngx.header["Set-Cookie"] = cookies ngx.header["Set-Cookie"] = cookies
return return
end
end end
function do_login () function do_login ()
@ -186,20 +193,60 @@ function do_login ()
redirect_url = ngx.decode_base64(uri_args.r) redirect_url = ngx.decode_base64(uri_args.r)
end end
if not redirect_url then redirect_url = portal_url end if not redirect_url then redirect_url = portal_url end
connections[args.user] = {} login[args.user] = {}
connections[args.user]["redirect_url"] = redirect_url login[args.user]["redirect_url"] = redirect_url
connections[args.user]["domains"] = {} login[args.user]["domains"] = {}
for _, value in ipairs(conf["domains"]) do for _, value in ipairs(conf["domains"]) do
table.insert(connections[args.user]["domains"], value) table.insert(login[args.user]["domains"], value)
end end
-- Connect to the first domain (self) -- Connect to the first domain (self)
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssoconnect="..args.user) return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
end end
end end
return redirect(portal_url) return redirect(portal_url)
end end
function login_walkthrough (user)
-- Set Authentication cookies
set_auth_cookie(user, ngx.var.host)
-- Remove domain from login table
domain_key = is_in_table(login[user]["domains"], ngx.var.host)
table.remove(login[user]["domains"], domain_key)
if table.getn(login[user]["domains"]) == 0 then
-- All the redirections has been made
local redirect_url = login[user]["redirect_url"]
login[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(login[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssologin="..user)
end
end
end
function logout_walkthrough (user)
-- Expire Authentication cookies
delete_cookie()
-- Remove domain from logout table
domain_key = is_in_table(logout[user]["domains"], ngx.var.host)
table.remove(logout[user]["domains"], domain_key)
if table.getn(logout[user]["domains"]) == 0 then
-- All the redirections has been made
local redirect_url = logout[user]["redirect_url"]
logout[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(logout[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssologout="..user)
end
end
end
function redirect (url) function redirect (url)
ngx.header["Set-Cookie"] = cookies ngx.header["Set-Cookie"] = cookies
return ngx.redirect(url) return ngx.redirect(url)
@ -215,30 +262,18 @@ end
-- Routing -- Routing
-- --
-- Connection -- Logging in/out
if ngx.var.request_method == "GET" then if ngx.var.request_method == "GET" then
local args = ngx.req.get_uri_args() local args = ngx.req.get_uri_args()
-- /?ssoconnect=user local user = args.ssologin
local user = args.ssoconnect if user and login[user] then
if user and connections[user] then return login_walkthrough(user)
-- Set Authentication cookie end
set_auth_cookie(user, ngx.var.host)
-- Remove domain from connection table
domain_key = is_in_table(connections[user]["domains"], ngx.var.host)
table.remove(connections[user]["domains"], domain_key)
if table.getn(connections[user]["domains"]) == 0 then user = args.ssologout
-- All the redirections has been made if user and logout[user] then
local redirect_url = connections[user]["redirect_url"] return logout_walkthrough(user)
connections[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(connections[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssoconnect="..user)
end
end
end end
end end
@ -279,7 +314,7 @@ else
end end
-- Connect with HTTP Auth if credentials are brought -- Login with HTTP Auth if credentials are brought
local auth_header = ngx.req.get_headers()["Authorization"] local auth_header = ngx.req.get_headers()["Authorization"]
if auth_header then if auth_header then
_, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$") _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")

View file

@ -10,7 +10,8 @@ srvkey = math.random(1111111, 9999999)
-- Shared table -- Shared table
tokens = {} tokens = {}
cache = {} cache = {}
connections = {} login = {}
logout = {}
-- Path of the configuration -- Path of the configuration
conf_path = '/etc/ssowat/conf.json' conf_path = '/etc/ssowat/conf.json'