Logout is cool too :)

This commit is contained in:
Kload 2013-10-16 23:53:14 +02:00
parent 8af807a98b
commit 800d8ccf44
2 changed files with 74 additions and 38 deletions

View file

@ -154,10 +154,18 @@ function display_login_form ()
ngx.req.set_header("Cache-Control", "no-cache")
if args.action and args.action == 'logout' then
-- Logout
delete_cookie()
return redirect(portal_url)
else
if check_cookie() then
local user = ngx.var.cookie_SSOwAuthUser
logout[user] = {}
logout[user]["redirect_url"] = portal_url
logout[user]["domains"] = {}
for _, value in ipairs(conf["domains"]) do
table.insert(logout[user]["domains"], value)
end
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
end
end
-- Set redirect
if args.r then set_redirect_cookie(ngx.decode_base64(args.r)) end
-- Set token
@ -166,7 +174,6 @@ function display_login_form ()
ngx.header["Set-Cookie"] = cookies
return
end
end
function do_login ()
ngx.req.read_body()
@ -186,20 +193,60 @@ function do_login ()
redirect_url = ngx.decode_base64(uri_args.r)
end
if not redirect_url then redirect_url = portal_url end
connections[args.user] = {}
connections[args.user]["redirect_url"] = redirect_url
connections[args.user]["domains"] = {}
login[args.user] = {}
login[args.user]["redirect_url"] = redirect_url
login[args.user]["domains"] = {}
for _, value in ipairs(conf["domains"]) do
table.insert(connections[args.user]["domains"], value)
table.insert(login[args.user]["domains"], value)
end
-- Connect to the first domain (self)
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssoconnect="..args.user)
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
end
end
return redirect(portal_url)
end
function login_walkthrough (user)
-- Set Authentication cookies
set_auth_cookie(user, ngx.var.host)
-- Remove domain from login table
domain_key = is_in_table(login[user]["domains"], ngx.var.host)
table.remove(login[user]["domains"], domain_key)
if table.getn(login[user]["domains"]) == 0 then
-- All the redirections has been made
local redirect_url = login[user]["redirect_url"]
login[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(login[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssologin="..user)
end
end
end
function logout_walkthrough (user)
-- Expire Authentication cookies
delete_cookie()
-- Remove domain from logout table
domain_key = is_in_table(logout[user]["domains"], ngx.var.host)
table.remove(logout[user]["domains"], domain_key)
if table.getn(logout[user]["domains"]) == 0 then
-- All the redirections has been made
local redirect_url = logout[user]["redirect_url"]
logout[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(logout[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssologout="..user)
end
end
end
function redirect (url)
ngx.header["Set-Cookie"] = cookies
return ngx.redirect(url)
@ -215,30 +262,18 @@ end
-- Routing
--
-- Connection
-- Logging in/out
if ngx.var.request_method == "GET" then
local args = ngx.req.get_uri_args()
-- /?ssoconnect=user
local user = args.ssoconnect
if user and connections[user] then
-- Set Authentication cookie
set_auth_cookie(user, ngx.var.host)
-- Remove domain from connection table
domain_key = is_in_table(connections[user]["domains"], ngx.var.host)
table.remove(connections[user]["domains"], domain_key)
local user = args.ssologin
if user and login[user] then
return login_walkthrough(user)
end
if table.getn(connections[user]["domains"]) == 0 then
-- All the redirections has been made
local redirect_url = connections[user]["redirect_url"]
connections[user] = nil
return redirect(ngx.unescape_uri(redirect_url))
else
-- Redirect to the next domain
for _, domain in ipairs(connections[user]["domains"]) do
return redirect(ngx.var.scheme.."://"..domain.."/?ssoconnect="..user)
end
end
user = args.ssologout
if user and logout[user] then
return logout_walkthrough(user)
end
end
@ -279,7 +314,7 @@ else
end
-- Connect with HTTP Auth if credentials are brought
-- Login with HTTP Auth if credentials are brought
local auth_header = ngx.req.get_headers()["Authorization"]
if auth_header then
_, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")

View file

@ -10,7 +10,8 @@ srvkey = math.random(1111111, 9999999)
-- Shared table
tokens = {}
cache = {}
connections = {}
login = {}
logout = {}
-- Path of the configuration
conf_path = '/etc/ssowat/conf.json'