From ea844867abb9bf0ab914e33bf194f2f786d53ba2 Mon Sep 17 00:00:00 2001 From: gyufi Date: Fri, 30 Jun 2017 08:27:52 +0200 Subject: [PATCH] logoutReturnPath can get receive symfony named route too. --- README.md | 15 ++++++++++++++- Resources/config/services.yml | 2 +- Security/ShibbolethAuthenticator.php | 15 +++++++++++---- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9cb2bb8..790e643 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ niif_shib_auth: ~ # baseURL: "%shib_auth_base_url%" # optional, have default value: /Shibboleth.sso/ # sessionInitiator: "%shib_auth_session_initiator%" # optional, have default value: Login # logoutPath: "%shib_auth_logout_path%" # optional, have default value: Logout - # logoutReturnPath: "%shib_auth_logout_return_path%" # optional, have default value: "/" + # logoutReturnPath: "%shib_auth_logout_return_path%" # optional, have default value: "/" you should use absolute url, or named symfony route too. # usernameAttribute: "%shib_auth_username_attribute%" # optional, have default value: REMOTE_USER ... ``` @@ -62,6 +62,19 @@ in `app/config/security.yml` success_handler: niif_shib_auth.shib_authenticator ... ``` +You should create a simple the logout action in any controller: + + ```php + /** + * @Route("/logout") + * @Template() + * @return \Symfony\Component\HttpFoundation\RedirectResponse + */ + public function logoutAction() + { + return $this->redirect($this->generateUrl('logged_out')); + } +``` # Impersonate The authenticator support the impersonate feature. diff --git a/Resources/config/services.yml b/Resources/config/services.yml index 8c82bd8..177da63 100644 --- a/Resources/config/services.yml +++ b/Resources/config/services.yml @@ -1,4 +1,4 @@ services: niif_shib_auth.shib_authenticator: class: Niif\ShibAuthBundle\Security\ShibbolethAuthenticator - arguments: ["@logger", "%niif_shib_auth%", "@security.token_storage"] + arguments: ["@logger", "%niif_shib_auth%", "@security.token_storage", "@router"] diff --git a/Security/ShibbolethAuthenticator.php b/Security/ShibbolethAuthenticator.php index e128eac..9f90b16 100644 --- a/Security/ShibbolethAuthenticator.php +++ b/Security/ShibbolethAuthenticator.php @@ -2,6 +2,8 @@ namespace Niif\ShibAuthBundle\Security; +use Symfony\Bundle\FrameworkBundle\Routing\Router; +use Symfony\Component\Routing\Exception\RouteNotFoundException; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\RedirectResponse; @@ -12,7 +14,6 @@ use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; use Symfony\Component\Security\Core\Role\SwitchUserRole; - use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; class ShibbolethAuthenticator extends AbstractGuardAuthenticator implements LogoutSuccessHandlerInterface @@ -20,12 +21,14 @@ class ShibbolethAuthenticator extends AbstractGuardAuthenticator implements Logo private $logger; private $config; private $tokenStorage; + private $router; - public function __construct($logger, $config, TokenStorage $tokenStorage) + public function __construct($logger, $config, TokenStorage $tokenStorage, Router $router) { $this->config = $config; $this->logger = $logger; $this->tokenStorage = $tokenStorage; + $this->router = $router; } /** @@ -146,8 +149,12 @@ private function getLoginURL() private function getLogoutURL() { - $currentURL = urlencode($this->getProtocol().'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); - return $this->config['baseURL'].$this->config['logoutPath'].'?return='.$this->config['logoutReturnPath']; + try { + $returnPath = $this->router->generate($this->config['logoutReturnPath'], array(), $this->router::ABSOLUTE_URL); + } catch (RouteNotFoundException $e) { + $returnPath = $this->config['logoutReturnPath']; + } + return $this->config['baseURL'].$this->config['logoutPath'].'?return='.$returnPath; } private function getProtocol()