diff --git a/src/Services/SSOService.php b/src/Services/SSOService.php index 7a31fff..d3afed6 100644 --- a/src/Services/SSOService.php +++ b/src/Services/SSOService.php @@ -235,7 +235,7 @@ public function forgetToken() // Remove all session variables. if (isset($_SESSION[self::SSO_SESSION_IMPERSONATE])) { - unset($_SESSION[self::SSO_SESSION_IMPERSONATE]); + $this->forgetImpersonateToken(); } else { unset($_SESSION[self::SSO_SESSION]); } @@ -331,35 +331,25 @@ public function getLogoutUrl() $decoded_access_token = (new AccessToken($token))->parseAccessToken(); + $this->invalidateRefreshToken($token['refresh_token']); + if (isset($decoded_access_token['impersonator'])) { - $this->invalidateRefreshToken($token['refresh_token']); - $this->forgetImpersonateToken(); return $this->getRedirectUrl(); } else { - $this->forgetToken(); - return $this->logout($token['id_token']); - } - } - - /** - * Logout user based on id_token - * - * @return string - */ - public function logout($id_token = null) - { - $url = (new OpenIDConfig)->get('end_session_endpoint'); + $id_token = isset($token['id_token']) ? $token['id_token'] : null; + + $url = (new OpenIDConfig)->get('end_session_endpoint'); + $params = [ + 'client_id' => $this->getClientId(), + ]; - $params = [ - 'client_id' => $this->getClientId(), - ]; + if ($id_token !== null) { + $params['id_token_hint'] = $id_token; + $params['post_logout_redirect_uri'] = url('/'); + } - if ($id_token !== null) { - $params['id_token_hint'] = $id_token; - $params['post_logout_redirect_uri'] = url('/'); + return build_url($url, $params); } - - return build_url($url, $params); } /** @@ -442,7 +432,7 @@ public function refreshAccessToken($credentials) * Invalidate Refresh * * @param string $refreshToken - * @return array + * @return void */ public function invalidateRefreshToken($refreshToken) { @@ -457,13 +447,10 @@ public function invalidateRefreshToken($refreshToken) } try { - $response = (new \GuzzleHttp\Client())->request('POST', $url, ['form_params' => $params]); - return $response->getStatusCode() === 204; + (new \GuzzleHttp\Client())->request('POST', $url, ['form_params' => $params]); } catch (GuzzleException $e) { log_exception($e); } - - return false; } /** diff --git a/stubs/ci3/libraries/Webguard.php b/stubs/ci3/libraries/Webguard.php index a9d9bee..5cc59f8 100644 --- a/stubs/ci3/libraries/Webguard.php +++ b/stubs/ci3/libraries/Webguard.php @@ -93,4 +93,33 @@ public function hasPermission($permission) $this->user->hasPermission = $result; return $this->user->hasPermission; } + + public function restrictAjax() + { + if (!$this->is_logged_in()) { + $response['submit'] = 403; + $response['error'] = 'Your session has been expired, please login again'; + header('Content-Type: application/json; charset=utf-8'); + http_response_code(403); + echo json_encode($response); + exit(); + } + return TRUE; + } + + public function restrictAjaxDatatable() + { + if (! $this->check()) { + $response = '{ + "iTotalRecords": 0, + "iTotalDisplayRecords": 0, + "aaData": [], + "submit":403, + "error":"Your session has been expired, please login again" + }'; + echo $response; + exit(); + } + return true; + } }