Fix login redirects; fix logout problems; add new casost_config parameter

fb33815d · Σταύρος Παπαδάκης · df04a646 · fb33815d · fb33815d · fb33815d
Commit fb33815d authored May 25, 2017 by Σταύρος Παπαδάκης
5 changed files
--- a/drupal/modules/casost/src/Controller/CASLogin.php
+++ b/drupal/modules/casost/src/Controller/CASLogin.php
@@ -99,15 +99,13 @@ class CASLogin extends ControllerBase
            // Enable verbose error messages. Disable in production!
            //phpCAS::setVerbose(true);

-            phpCAS::client($this->serverVersion,
+            phpCAS::client(
+                $this->serverVersion,
                $this->serverHostname,
                intval($this->serverPort),
                $this->serverUri,
-                boolval($this->changeSessionId));
-
-
-//            \phpCAS::setServerLoginURL('http://sso-test.sch.gr/login');
-//            \phpCAS::setServerServiceValidateURL('http://sso-test.sch.gr/cas/samlValidate');
+                boolval($this->changeSessionId)
+            );

            if ($this->CASServerCACert) {
                if ($this->CASServerCNValidate) {
@@ -124,12 +122,9 @@ class CASLogin extends ControllerBase
                return $this->redirectForbidden($configRowName, '5001');
            }
            $attributes = phpCAS::getAttributes();
-/*            foreach ($attributes as $attr_key => $attr_value) {
-                $this->logger->warning($attr_key);
-                $this->logger->warning(phpCAS::getAttribute($attr_key));
-            } */

-/*            $isAllowed = true;
+/* 
+            $isAllowed = true;
            $att1 = $attributes[$this->allowed1];
            $att2 = $attributes[$this->allowed2];
            if (!isset($att1) || !isset($att2)) {
@@ -155,15 +150,17 @@ class CASLogin extends ControllerBase
            }
            if (!$found1 || !$found2) {
                $isAllowed = false;
-            } */
-
-    /*        if (!$isAllowed) {
+            } 
+            
+            if (!$isAllowed) {
                $response = new Response();
                $response->setContent(t('Access is allowed only to official school accounts'));
                $response->setStatusCode(Response::HTTP_FORBIDDEN);
                $response->headers->set('Content-Type', 'application/json;charset=UTF-8');
                return $response;
-            } */
+            }
+*/
+
            $CASUser = phpCAS::getUser();

            $this->logger->warning($CASUser);
@@ -179,14 +176,15 @@ class CASLogin extends ControllerBase
            $physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");


-/****** the following is for production ***************************/
-
-        /*    if (!$umdobject || $umdobject !== "Account") {
+/****** the following is for production : Χρήση μόνο από ΕΠΙΣΗΜΟΥΣ ΛΟΓΑΡΙΑΣΜΟΥΣ ***************************/
+/*
+            if (!$umdobject || $umdobject !== "Account") {
                return $this->redirectForbidden($configRowName, '5002');
            }
            if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
                return $this->redirectForbidden($configRowName, '5003');
-            } */
+            }
+*/

            phpCAS::trace($umdobject);
            phpCAS::trace($physicaldeliveryofficename);
@@ -198,20 +196,14 @@ class CASLogin extends ControllerBase
                return $this->redirectForbidden($configRowName, '5004');
            }

-// $this->logger->warning('redirecturl=' . $this->redirectUrl);
            $epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
            if ($epalToken) {
                if ('casost_sch_sso_config' === $configRowName) {
-                /*    $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
-                    $cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */
-
                    return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
                } else {
                    \Drupal::service('page_cache_kill_switch')->trigger();
                    return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
                }
-//                $headers = array("auth_token" => $epalToken, "auth_role" => "director");
-//                return new RedirectResponse($this->redirectUrl, 302, $headers);
            } else {
                return $this->redirectForbidden($configRowName, '5005');
            }

--- a/drupal/modules/casost/src/Controller/CASLogout.php
+++ b/drupal/modules/casost/src/Controller/CASLogout.php
@@ -20,6 +20,7 @@ class CASLogout extends ControllerBase
    protected $serverPort;
    protected $serverUri;
    protected $changeSessionId;
+    protected $logoutRedirectUrl;
    protected $CASServerCACert;
    protected $CASServerCNValidate;
    protected $noCASServerValidation;
@@ -76,6 +77,7 @@ class CASLogout extends ControllerBase
                $this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value;
                $this->redirectUrl = $CASOSTConfig->redirecturl->value;
                $this->changeSessionId = $CASOSTConfig->changesessionid->value;
+                $this->logoutRedirectUrl = $CASOSTConfig->logoutredirecturl->value;
                $this->CASServerCACert = $CASOSTConfig->casservercacert->value;
                $this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value;
                $this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value;
@@ -96,11 +98,13 @@ class CASLogout extends ControllerBase
            phpCAS::setVerbose(true);

            // Initialize phpCAS
-            phpCAS::client($this->serverVersion,
+            phpCAS::client(
+                $this->serverVersion,
                $this->serverHostname,
                intval($this->serverPort),
                $this->serverUri,
-                boolval($this->changeSessionId));
+                boolval($this->changeSessionId)
+            );

            $authToken = $request->headers->get('PHP_AUTH_USER');
            $users = $this->entityTypeManager->getStorage('user')->loadByProperties(array('name' => $authToken));
@@ -109,32 +113,22 @@ class CASLogout extends ControllerBase
            if (!$user) {
                return $this->redirectForbidden($configRowName, '7002');
            }
-//            phpCAS::handleLogoutRequests();
-
-//            phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
-//            session_unset();
-//            session_destroy();
            $user->setPassword(uniqid('pw'));
            $user->save();

-
-
-
            $response = new Response();
-            $response->setContent('logout successful');
+            $response->setContent("{\"message\": \"Server logout successful\",\"next\": \"{$this->logoutRedirectUrl}\"}");
            $response->setStatusCode(Response::HTTP_OK);
            $response->headers->set('Content-Type', 'application/json');

-        //    phpCAS::logout(array('url'=>$this->redirectUrl));
-        //    phpCAS::logout();
-        session_unset();
-        session_destroy();
+            session_unset();
+            session_destroy();
            \Drupal::service('page_cache_kill_switch')->trigger();
-//            phpCAS::logoutWithRedirectServiceAndUrl('https://sso-test.sch.gr/logout','');
-//            header('Location: '.'https://sso-test.sch.gr/login?service=https%3A%2F%2Feduslim2.minedu.gov.gr%2Fdrupal%2Fcas%2Flogin%3Fconfig%3D2');
-//            header('Location: https://sso-test.sch.gr/logout');
-    //        exit(0);
-    //        return new RedirectResponseWithCookieExt("https://sso-test.sch.gr/logout", 302, []);
+            // phpCAS::logout(array('service' => 'http://eduslim2.minedu.gov.gr/dist/#/school'));
+            // phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
+            // phpCAS::handleLogoutRequests();
+
+            session_start();
            return $response;
        } catch (\Exception $e) {
            $this->logger->warning($e->getMessage());

--- a/drupal/modules/casost/src/Entity/CASOSTConfig.php
+++ b/drupal/modules/casost/src/Entity/CASOSTConfig.php
@@ -60,124 +60,124 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
  /**
   * {@inheritdoc}
   */
-  public static function preCreate(EntityStorageInterface $storage_controller, array &$values)
-  {
-      parent::preCreate($storage_controller, $values);
-      $values += array(
-      'user_id' => \Drupal::currentUser()->id(),
-    );
-  }
+    public static function preCreate(EntityStorageInterface $storage_controller, array &$values)
+    {
+        parent::preCreate($storage_controller, $values);
+        $values += array(
+        'user_id' => \Drupal::currentUser()->id(),
+        );
+    }

  /**
   * {@inheritdoc}
   */
-  public function getName()
-  {
-      return $this->get('name')->value;
-  }
+    public function getName()
+    {
+        return $this->get('name')->value;
+    }

  /**
   * {@inheritdoc}
   */
-  public function setName($name)
-  {
-      $this->set('name', $name);
+    public function setName($name)
+    {
+        $this->set('name', $name);

-      return $this;
-  }
+        return $this;
+    }

  /**
   * {@inheritdoc}
   */
-  public function getCreatedTime()
-  {
-      return $this->get('created')->value;
-  }
+    public function getCreatedTime()
+    {
+        return $this->get('created')->value;
+    }

  /**
   * {@inheritdoc}
   */
-  public function setCreatedTime($timestamp)
-  {
-      $this->set('created', $timestamp);
+    public function setCreatedTime($timestamp)
+    {
+        $this->set('created', $timestamp);

-      return $this;
-  }
+        return $this;
+    }

  /**
   * {@inheritdoc}
   */
-  public function getOwner()
-  {
-      return $this->get('user_id')->entity;
-  }
+    public function getOwner()
+    {
+        return $this->get('user_id')->entity;
+    }

  /**
   * {@inheritdoc}
   */
-  public function getOwnerId()
-  {
-      return $this->get('user_id')->target_id;
-  }
+    public function getOwnerId()
+    {
+        return $this->get('user_id')->target_id;
+    }

  /**
   * {@inheritdoc}
   */
-  public function setOwnerId($uid)
-  {
-      $this->set('user_id', $uid);
+    public function setOwnerId($uid)
+    {
+        $this->set('user_id', $uid);

-      return $this;
-  }
+        return $this;
+    }

  /**
   * {@inheritdoc}
   */
-  public function setOwner(UserInterface $account)
-  {
-      $this->set('user_id', $account->id());
+    public function setOwner(UserInterface $account)
+    {
+        $this->set('user_id', $account->id());

-      return $this;
-  }
+        return $this;
+    }

  /**
   * {@inheritdoc}
   */
-  public function isPublished()
-  {
-      return (bool) $this->getEntityKey('status');
-  }
+    public function isPublished()
+    {
+        return (bool) $this->getEntityKey('status');
+    }

  /**
   * {@inheritdoc}
   */
-  public function setPublished($published)
-  {
-      $this->set('status', $published ? true : false);
+    public function setPublished($published)
+    {
+        $this->set('status', $published ? true : false);

-      return $this;
-  }
+        return $this;
+    }

  /**
   * {@inheritdoc}
   */
-  public static function baseFieldDefinitions(EntityTypeInterface $entity_type)
-  {
-      $fields = parent::baseFieldDefinitions($entity_type);
-
-      $fields['user_id'] = BaseFieldDefinition::create('entity_reference')
-      ->setLabel(t('Authored by'))
-      ->setDescription(t('The user ID of author of the CASOST Config entity.'))
-      ->setRevisionable(true)
-      ->setSetting('target_type', 'user')
-      ->setSetting('handler', 'default')
-      ->setTranslatable(true)
-      ->setDisplayOptions('view', array(
+    public static function baseFieldDefinitions(EntityTypeInterface $entity_type)
+    {
+        $fields = parent::baseFieldDefinitions($entity_type);
+
+        $fields['user_id'] = BaseFieldDefinition::create('entity_reference')
+        ->setLabel(t('Authored by'))
+        ->setDescription(t('The user ID of author of the CASOST Config entity.'))
+        ->setRevisionable(true)
+        ->setSetting('target_type', 'user')
+        ->setSetting('handler', 'default')
+        ->setTranslatable(true)
+        ->setDisplayOptions('view', array(
        'label' => 'hidden',
        'type' => 'author',
        'weight' => 0,
-      ))
-      ->setDisplayOptions('form', array(
+        ))
+        ->setDisplayOptions('form', array(
        'type' => 'entity_reference_autocomplete',
        'weight' => 5,
        'settings' => array(
@@ -186,31 +186,31 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
          'autocomplete_type' => 'tags',
          'placeholder' => '',
        ),
-      ))
-      ->setDisplayConfigurable('form', true)
-      ->setDisplayConfigurable('view', true);
-
-      $fields['name'] = BaseFieldDefinition::create('string')
-      ->setLabel(t('Name'))
-      ->setDescription(t('The name of the CASOST Config entity.'))
-      ->setSettings(array(
+        ))
+        ->setDisplayConfigurable('form', true)
+        ->setDisplayConfigurable('view', true);
+
+        $fields['name'] = BaseFieldDefinition::create('string')
+        ->setLabel(t('Name'))
+        ->setDescription(t('The name of the CASOST Config entity.'))
+        ->setSettings(array(
        'max_length' => 50,
        'text_processing' => 0,
-      ))
-      ->setDefaultValue('casost_sch_sso_config')
-      ->setDisplayOptions('view', array(
+        ))
+        ->setDefaultValue('casost_sch_sso_config')
+        ->setDisplayOptions('view', array(
        'label' => 'above',
        'type' => 'string',
-        'weight' => -4,
-      ))
-      ->setDisplayOptions('form', array(
+        'weight' => -100,
+        ))
+        ->setDisplayOptions('form', array(
        'type' => 'string_textfield',
-        'weight' => -4,
-      ))
-      ->setDisplayConfigurable('form', true)
-      ->setDisplayConfigurable('view', true);
+        'weight' => -100,
+        ))
+        ->setDisplayConfigurable('form', true)
+        ->setDisplayConfigurable('view', true);

-  $fields['serverversion'] = BaseFieldDefinition::create('string')
+        $fields['serverversion'] = BaseFieldDefinition::create('string')
            ->setLabel(t('Server Version'))
            ->setDescription(t('The Server Version'))
            ->setSettings(array(
@@ -230,7 +230,7 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
            ->setDisplayConfigurable('form', true)
            ->setDisplayConfigurable('view', true);

-      $fields['serverhostname'] = BaseFieldDefinition::create('string')
+        $fields['serverhostname'] = BaseFieldDefinition::create('string')
            ->setLabel(t('Server Hostname'))
            ->setDescription(t('The Server Hostname'))
            ->setSettings(array(
@@ -250,7 +250,7 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
            ->setDisplayConfigurable('form', true)
            ->setDisplayConfigurable('view', true);

-      $fields['serverport'] = BaseFieldDefinition::create('integer')
+        $fields['serverport'] = BaseFieldDefinition::create('integer')
             ->setLabel(t('User Authorization Url'))
             ->setDescription(t('The User Authorization Url'))
             ->setSettings(array(
@@ -270,7 +270,7 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
             ->setDisplayConfigurable('form', true)
             ->setDisplayConfigurable('view', true);

-       $fields['serveruri'] = BaseFieldDefinition::create('string')
+         $fields['serveruri'] = BaseFieldDefinition::create('string')
                    ->setLabel(t('Server Uri'))
                    ->setDescription(t('The Server Uri'))
                    ->setSettings(array(
@@ -313,7 +313,39 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
        $fields['changesessionid'] = BaseFieldDefinition::create('boolean')
            ->setLabel(t('Change Session Id'))
            ->setDescription(t('A boolean indicating whether we change session id.'))
-            ->setDefaultValue(false);
+            ->setDefaultValue(true)
+            ->setDisplayOptions('view', array(
+                    'label' => 'above',
+                    'type' => 'string',
+                    'weight' => -5,
+                ))
+            ->setDisplayOptions('form', array(
+                    'type' => 'boolean_checkbox',
+                    'settings' => array('display_label' => true),
+                    'weight' => -5,
+                ))
+            ->setDisplayConfigurable('form', true)
+            ->setDisplayConfigurable('view', true);
+
+        $fields['logoutredirecturl'] = BaseFieldDefinition::create('string')
+            ->setLabel(t('Logout Redirect Url'))
+            ->setDescription(t('Logout Redirect Url used by the client application after drupal logout.'))
+            ->setSettings(array(
+                    'max_length' => 500,
+                    'text_processing' => 0,
+                ))
+            ->setDefaultValue('https://sso-test.sch.gr/logout?service=https%3A%2F%2Fe-epal.minedu.gov.gr%2F%23%2Fschool')
+            ->setDisplayOptions('view', array(
+                    'label' => 'above',
+                    'type' => 'string',
+                    'weight' => -5,
+                ))
+            ->setDisplayOptions('form', array(
+                    'type' => 'string_textfield',
+                    'weight' => -5,
+                ))
+            ->setDisplayConfigurable('form', true)
+            ->setDisplayConfigurable('view', true);

        $fields['casservercacert'] = BaseFieldDefinition::create('string')
            ->setLabel(t('CAS Server CaCert'))
@@ -471,19 +503,19 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
            ->setDisplayConfigurable('view', true);


-      $fields['status'] = BaseFieldDefinition::create('boolean')
-      ->setLabel(t('Publishing status'))
-      ->setDescription(t('A boolean indicating whether the OAuthOST Config is published.'))
-      ->setDefaultValue(true);
+        $fields['status'] = BaseFieldDefinition::create('boolean')
+        ->setLabel(t('Publishing status'))
+        ->setDescription(t('A boolean indicating whether the OAuthOST Config is published.'))
+        ->setDefaultValue(true);

-      $fields['created'] = BaseFieldDefinition::create('created')
-      ->setLabel(t('Created'))
-      ->setDescription(t('The time that the entity was created.'));
+        $fields['created'] = BaseFieldDefinition::create('created')
+        ->setLabel(t('Created'))
+        ->setDescription(t('The time that the entity was created.'));

-      $fields['changed'] = BaseFieldDefinition::create('changed')
-      ->setLabel(t('Changed'))
-      ->setDescription(t('The time that the entity was last edited.'));
+        $fields['changed'] = BaseFieldDefinition::create('changed')
+        ->setLabel(t('Changed'))
+        ->setDescription(t('The time that the entity was last edited.'));

-      return $fields;
-  }
+        return $fields;
+    }
 }
--- a/source/components/header/header.component.ts
+++ b/source/components/header/header.component.ts
@@ -83,13 +83,22 @@ export default class HeaderComponent implements OnInit, OnDestroy {
        this._hds.signOut().then(data => {
            this._ata.initLoginInfo();
            if (this.authRole === SCHOOL_ROLE) {
-                this.router.navigate(['/school']);
+                // this.router.navigate(['/school']);
+                this.authToken = '';
+                this.authRole = '';
+                window.location.assign((<any> data).next);
            }
            else if (this.authRole === PDE_ROLE) {
-                this.router.navigate(['/school']);
+                // this.router.navigate(['/school']);
+                this.authToken = '';
+                this.authRole = '';
+                window.location.assign((<any> data).next);
            }
            else if (this.authRole === DIDE_ROLE) {
-                this.router.navigate(['/school']);
+                // this.router.navigate(['/school']);
+                this.authToken = '';
+                this.authRole = '';
+                window.location.assign((<any> data).next);
            }
            else if (this.authRole === STUDENT_ROLE) {
                this._eca.initEpalClasses();

--- a/source/services/helper-data-service.ts
+++ b/source/services/helper-data-service.ts
@@ -414,7 +414,7 @@ export class HelperDataService implements OnInit, OnDestroy {

        return new Promise((resolve, reject) => {
            this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}${AppSettings.API_ENDPOINT_PARAMS}`, {}, options)
-                .map(response => response)
+                .map(response => response.json())
                .subscribe(data => {
                    this._cookieService.removeAll();
                    window.onbeforeunload = function () {console.log("unloading")};