Merge pull request #19 from ristekusdi/minor-patch

Minor patch
ristekusdi · Mar 19, 2024 · 37b6089 · 37b6089
2 parents 3d09bfe + 26af6fb
commit 37b6089
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 29 deletions.
diff --git a/src/Services/SSOService.php b/src/Services/SSOService.php
@@ -235,7 +235,7 @@ public function forgetToken()
 
         // Remove all session variables.
         if (isset($_SESSION[self::SSO_SESSION_IMPERSONATE])) {
-            unset($_SESSION[self::SSO_SESSION_IMPERSONATE]);
+            $this->forgetImpersonateToken();
         } else {
             unset($_SESSION[self::SSO_SESSION]);
         }
@@ -331,35 +331,25 @@ public function getLogoutUrl()
 
         $decoded_access_token = (new AccessToken($token))->parseAccessToken();
 
+        $this->invalidateRefreshToken($token['refresh_token']);
+
         if (isset($decoded_access_token['impersonator'])) {
-            $this->invalidateRefreshToken($token['refresh_token']);
-            $this->forgetImpersonateToken();
             return $this->getRedirectUrl();
         } else {
-            $this->forgetToken();
-            return $this->logout($token['id_token']);
-        }
-    }
-
-    /**
-     * Logout user based on id_token
-     * 
-     * @return string
-     */
-    public function logout($id_token = null)
-    {
-        $url = (new OpenIDConfig)->get('end_session_endpoint');
+            $id_token = isset($token['id_token']) ? $token['id_token'] : null;
+
+            $url = (new OpenIDConfig)->get('end_session_endpoint');
+            $params = [
+                'client_id' => $this->getClientId(),
+            ];
 
-        $params = [
-            'client_id' => $this->getClientId(),
-        ];
+            if ($id_token !== null) {
+                $params['id_token_hint'] = $id_token;
+                $params['post_logout_redirect_uri'] = url('/');
+            }
 
-        if ($id_token !== null) {
-            $params['id_token_hint'] = $id_token;
-            $params['post_logout_redirect_uri'] = url('/');
+            return build_url($url, $params);
         }
-
-        return build_url($url, $params);
     }
 
     /**
@@ -442,7 +432,7 @@ public function refreshAccessToken($credentials)
      * Invalidate Refresh
      *
      * @param  string $refreshToken
-     * @return array
+     * @return void
      */
     public function invalidateRefreshToken($refreshToken)
     {
@@ -457,13 +447,10 @@ public function invalidateRefreshToken($refreshToken)
         }
 
         try {
-            $response = (new \GuzzleHttp\Client())->request('POST', $url, ['form_params' => $params]);
-            return $response->getStatusCode() === 204;
+            (new \GuzzleHttp\Client())->request('POST', $url, ['form_params' => $params]);
         } catch (GuzzleException $e) {
             log_exception($e);
         }
-
-        return false;
     }
 
     /**

diff --git a/stubs/ci3/libraries/Webguard.php b/stubs/ci3/libraries/Webguard.php
@@ -93,4 +93,33 @@ public function hasPermission($permission)
         $this->user->hasPermission = $result;
         return $this->user->hasPermission;
     }
+
+    public function restrictAjax()
+    {
+        if (!$this->is_logged_in()) {
+            $response['submit'] = 403;
+            $response['error'] = 'Your session has been expired, please login again';
+            header('Content-Type: application/json; charset=utf-8');
+            http_response_code(403);
+            echo json_encode($response);
+            exit();
+        }
+        return TRUE;
+    }
+
+    public function restrictAjaxDatatable()
+    {
+        if (! $this->check()) {
+            $response = '{
+                "iTotalRecords": 0,
+                "iTotalDisplayRecords": 0,
+                "aaData": [],
+                "submit":403,
+                "error":"Your session has been expired, please login again"
+            }';
+            echo $response;
+            exit();
+        }
+        return true;
+    }
 }