added real logout support & tests

pborreli · Jul 14, 2011 · bf68af6 · bf68af6
1 parent 68424c6
commit bf68af6
Show file tree

Hide file tree

Showing 17 changed files with 212 additions and 25 deletions.
diff --git a/Controller/Controller.php b/Controller/Controller.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace BeSimple\SsoAuthBundle\Controller;
+
+use Symfony\Component\DependencyInjection\ContainerAware;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+class Controller extends ContainerAware
+{
+    public function __construct(ContainerInterface $container)
+    {
+        $this->container = $container;
+    }
+
+    protected function render($view, array $parameters)
+    {
+        return $this
+            ->container
+            ->get('templating')
+            ->renderResponse($view, $parameters)
+        ;
+    }
+}
diff --git a/Controller/OpenSsoController.php b/Controller/OpenSsoController.php
@@ -4,10 +4,15 @@
 
 use Symfony\Component\HttpKernel\Exception\HttpException;
 
-class OpenSsoController
+class OpenSsoController extends Controller
 {
     public function loginAction()
     {
-        throw new HttpException(500, 'Method not implemented.');
+        throw new HttpException(500, 'Not implemented.');
+    }
+
+    public function logoutAction()
+    {
+        throw new HttpException(500, 'Not implemented.');
     }
 }
diff --git a/Controller/TrustedSsoController.php b/Controller/TrustedSsoController.php
@@ -2,18 +2,25 @@
 
 namespace BeSimple\SsoAuthBundle\Controller;
 
-use Symfony\Component\DependencyInjection\ContainerAware;
+use BeSimple\SsoAuthBundle\Sso\SsoProviderInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use BeSimple\SsoAuthBundle\Sso\SsoProviderInterface;
 
-class TrustedSsoController extends ContainerAware
+class TrustedSsoController extends Controller
 {
     public function loginAction(SsoProviderInterface $provider, Request $request, AuthenticationException $exception = null)
     {
-        $view       = 'BeSimpleSsoAuthBundle:TrustedSso:login.html.twig';
-        $parameters = array('provider'  => $provider, 'request' => $request, 'exception' => $exception);
+        return $this->render(
+            'BeSimpleSsoAuthBundle:TrustedSso:login.html.twig',
+            array('provider'  => $provider, 'request' => $request, 'exception' => $exception)
+        );
+    }
 
-        return $this->container->get('templating')->renderResponse($view, $parameters);
+    public function logoutAction(SsoProviderInterface $provider, Request $request)
+    {
+        return $this->render(
+            'BeSimpleSsoAuthBundle:TrustedSso:logout.html.twig',
+            array('provider'  => $provider, 'request' => $request)
+        );
     }
 }
diff --git a/DependencyInjection/Security/Factory/AbstractSsoFactory.php b/DependencyInjection/Security/Factory/AbstractSsoFactory.php
@@ -9,6 +9,13 @@
 
 abstract class AbstractSsoFactory extends AbstractFactory
 {
+    public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
+    {
+        $this->createLogoutSuccessHandler($container, $config);
+
+        return parent::create($container, $id, $config, $userProviderId, $defaultEntryPointId);
+    }
+
     public function getPosition()
     {
         return 'form';
@@ -21,9 +28,20 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
         $container
             ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.sso'))
             ->replaceArgument(0, new Reference($userProviderId))
-//            ->replaceArgument(2, $id) // dont need provider id
         ;
 
         return $provider;
     }
+
+    protected function createLogoutSuccessHandler(ContainerBuilder $container, $config)
+    {
+        $templateHandler = 'security.logout.sso.success_handler';
+        $realHandler     = 'security.logout.success_handler';
+
+        // dont know if this is the right way, but it works
+        $container
+            ->setDefinition($realHandler, new DefinitionDecorator($templateHandler))
+            ->addArgument($config)
+        ;
+    }
 }
diff --git a/DependencyInjection/Security/Factory/OpenSsoFactory.php b/DependencyInjection/Security/Factory/OpenSsoFactory.php
@@ -12,7 +12,8 @@ class OpenSsoFactory extends AbstractSsoFactory
 {
     public function __construct()
     {
-        $this->addOption('login_controller', 'BeSimpleSsoAuthBundle:OpenSso:login');
+        $this->addOption('login_action', 'BeSimpleSsoAuthBundle:TrustedSso:login');
+        $this->addOption('logout_action', 'BeSimpleSsoAuthBundle:TrustedSso:logout');
     }
 
     public function getKey()

diff --git a/DependencyInjection/Security/Factory/TrustedSsoFactory.php b/DependencyInjection/Security/Factory/TrustedSsoFactory.php
@@ -14,6 +14,7 @@ public function __construct()
     {
         $this->addOption('server');
         $this->addOption('login_action', 'BeSimpleSsoAuthBundle:TrustedSso:login');
+        $this->addOption('logout_action', 'BeSimpleSsoAuthBundle:TrustedSso:logout');
     }
 
     public function getKey()
@@ -41,7 +42,8 @@ protected function createEntryPoint($container, $id, $config, $defaultEntryPoint
     protected function createListener($container, $id, $config, $userProvider)
     {
         $listenerId = $this->getListenerId();
-        $listener = new DefinitionDecorator($listenerId);
+        $listener   = new DefinitionDecorator($listenerId);
+
         $listener->replaceArgument(4, $id);
         $listener->replaceArgument(6, array_intersect_key($config, $this->options));
 

diff --git a/Resources/config/security_listeners.xml b/Resources/config/security_listeners.xml
@@ -8,6 +8,8 @@
         <parameter key="security.authentication.trusted_sso_entry_point.class">BeSimple\SsoAuthBundle\Security\Http\EntryPoint\TrustedSsoAuthenticationEntryPoint</parameter>
         <parameter key="security.authentication.provider.sso.class">BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationProvider</parameter>
         <parameter key="security.authentication.listener.trusted_sso.class">BeSimple\SsoAuthBundle\Security\Http\Firewall\TrustedSsoAuthenticationListener</parameter>
+        <parameter key="security.logout.handler.sso.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutHandler</parameter>
+        <parameter key="security.logout.sso_success_handler.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutSuccessHandler</parameter>
     </parameters>
 
     <services>
@@ -24,6 +26,14 @@
             <!-- $hideUserNotFoundExceptions = true -->
         </service>
 
+        <service id="security.logout.handler.sso" class="%security.logout.handler.sso.class%" public="false" />
+
+        <service id="security.logout.sso.success_handler" class="%security.logout.sso_success_handler.class%">
+            <argument type="service" id="http_kernel" />
+            <argument type="service" id="be_simple_sso_auth.sso_factory" />
+            <!-- $ssoProviderFactoryConfig -->
+        </service>
+
         <service id="security.authentication.listener.trusted_sso" class="%security.authentication.listener.trusted_sso.class%" public="false">
             <argument type="service" id="security.context" />
             <argument type="service" id="security.authentication.manager" />

diff --git a/Resources/views/TrustedSso/logout.html.twig b/Resources/views/TrustedSso/logout.html.twig
@@ -0,0 +1,13 @@
+{% extends "::base.html.twig" %}
+
+{% block body %}
+
+    <h1>You're about to logout</h1>
+
+    <p class="notice">
+        Follow this link to logout from external
+        <strong>{{ provider.protocolName | upper }}</strong> server :
+        <a href="{{ provider.server.logoutUrl }}">{{ provider.server.logoutUrl }}</a>.
+    </p>
+
+{% endblock body %}
diff --git a/Security/Http/Firewall/TrustedSsoAuthenticationListener.php b/Security/Http/Firewall/TrustedSsoAuthenticationListener.php
@@ -34,8 +34,6 @@ protected function attemptAuthentication(Request $request)
             return null;
         }
 
-        //$request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
-
         return $this->authenticationManager->authenticate($ssoProvider->createToken($request));
     }
 }
diff --git a/Security/Http/Logout/SsoLogoutHandler.php b/Security/Http/Logout/SsoLogoutHandler.php
@@ -6,6 +6,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Request;
+use BeSimple\SsoAuthBundle\Security\Core\Authentication\Token\SsoToken;
 
 class SsoLogoutHandler implements LogoutHandlerInterface
 {

diff --git a/Security/Http/Logout/SsoLogoutSuccessHandler.php b/Security/Http/Logout/SsoLogoutSuccessHandler.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace BeSimple\SsoAuthBundle\Security\Http\Logout;
+
+use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Bundle\FrameworkBundle\HttpKernel;
+use BeSimple\SsoAuthBundle\Sso\SsoFactory;
+
+class SsoLogoutSuccessHandler implements LogoutSuccessHandlerInterface
+{
+    /**
+     * @var HttpKernel
+     */
+    protected $httpKernel;
+
+    /**
+     * @var SsoFactory
+     */
+    protected $ssoFactory;
+
+    /**
+     * @var array
+     */
+    protected $config;
+
+    /**
+     * @param HttpKernel $httpKernel
+     * @param SsoProviderFactory $ssoFactory
+     * @param array $ssoConfig
+     */
+    public function __construct(HttpKernel $httpKernel, SsoFactory $ssoFactory, array $config)
+    {
+        $this->httpKernel = $httpKernel;
+        $this->ssoFactory = $ssoFactory;
+        $this->config     = $config;
+    }
+
+    /**
+     * @param Request $request
+     * @param null|AuthenticationException $authException
+     * @return Response
+     */
+    public function onLogoutSuccess(Request $request)
+    {
+        $action   = $this->config['logout_action'];
+        $provider = $this->ssoFactory->createProvider($this->config['server'], $this->config['check_path']);
+
+        if ($action) {
+            return $this->httpKernel->forward($action, array(
+                'provider' => $provider,
+                'request'  => $request,
+            ));
+        }
+
+        return new RedirectResponse($provider->getServer()->getLogoutUrl());
+    }
+}
diff --git a/Tests/Controller/Server/CasController.php b/Tests/Controller/Server/CasController.php
@@ -8,7 +8,6 @@
 class CasController extends Controller
 {
     /**
-     * @abstract
      * @param \Symfony\Component\HttpFoundation\Request $request
      * @param string $credentials
      * @return string
@@ -20,13 +19,25 @@ protected function getLoginRedirectUrl(Request $request, Login $login)
         return sprintf('%s?ticket=%s', $url, $login->getCredentials());
     }
 
+    /**
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     * @return string
+     */
+    protected function getLogoutRedirectUrl(Request $request)
+    {
+        return urldecode($request->query->get('service'));
+    }
+
+    /**
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     * @return string
+     */
     protected function getCredentials(Request $request)
     {
         return $request->query->get('ticket');
     }
 
     /**
-     * @abstract
      * @param \Symfony\Component\HttpFoundation\Request $request
      * @param string $view
      * @return string

diff --git a/Tests/Controller/Server/Controller.php b/Tests/Controller/Server/Controller.php
@@ -11,6 +11,8 @@
 
 abstract class Controller extends BaseController
 {
+    const LOGOUT_MESSAGE = 'you are logged out';
+
     /**
      * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
      */
@@ -44,6 +46,14 @@ public function validationAction()
         return $this->render($view, array('username' => $credentials));
     }
 
+    public function logoutAction()
+    {
+        return $this->render('common/link.html.twig', array(
+            'message' => self::LOGOUT_MESSAGE,
+            'url'     => $this->getLogoutRedirectUrl($this->getRequest()),
+        ));
+    }
+
     /**
      * @return \Symfony\Component\Form\Form
      */
@@ -69,6 +79,13 @@ protected function isValidCredentials($credentials)
      */
     abstract protected function getLoginRedirectUrl(Request $request, Login $login);
 
+    /**
+     * @abstract
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     * @return string
+     */
+    abstract protected function getLogoutRedirectUrl(Request $request);
+
     /**
      * @abstract
      * @param \Symfony\Component\HttpFoundation\Request $request

diff --git a/Tests/Controller/TrustedSsoController.php b/Tests/Controller/TrustedSsoController.php
@@ -8,13 +8,22 @@
 
 class TrustedSsoController extends Controller
 {
-    const LOGIN_REQUIRED_MESSAGE = 'login required';
+    const LOGIN_REQUIRED_MESSAGE  = 'login required';
+    const LOGOUT_REDIRECT_MESSAGE = 'logout redirection';
 
     public function loginAction(SsoProviderInterface $provider, Request $request, AuthenticationException $exception = null)
     {
-        return $this->render('common/trusted_login.html.twig', array(
+        return $this->render('common/link.html.twig', array(
             'message' => self::LOGIN_REQUIRED_MESSAGE,
             'url'     => $provider->getServer()->getLoginUrl()
         ));
     }
+
+    public function logoutAction(SsoProviderInterface $provider, Request $request)
+    {
+        return $this->render('common/link.html.twig', array(
+            'message' => self::LOGOUT_REDIRECT_MESSAGE,
+            'url'     => $provider->getServer()->getLogoutUrl()
+        ));
+    }
 }
diff --git a/Tests/Functional/LoginTest.php b/Tests/Functional/LoginTest.php
@@ -5,6 +5,7 @@
 use Symfony\Bundle\FrameworkBundle\Client;
 use BeSimple\SsoAuthBundle\Tests\Controller\TestController;
 use BeSimple\SsoAuthBundle\Tests\Controller\TrustedSsoController;
+use BeSimple\SsoAuthBundle\Tests\Controller\Server\Controller as ServerController;
 
 class LoginTest extends WebTestCase
 {
@@ -29,8 +30,16 @@ public function testLogin(Client $client, $securedUrl, $login, $expectedMessage)
         $crawler = $client->submit($form, array('login[username]' => $login, 'login[password]' => $login));
         $this->assertEquals($expectedMessage, $crawler->filter('#message')->text());
 
-        // logout
+        // logout -> got logout redirect
         $crawler = $client->request('GET', '/secured/logout');
+        $this->assertEquals(TrustedSsoController::LOGOUT_REDIRECT_MESSAGE, $crawler->filter('#message')->text());
+
+        // click link -> got logout done
+        $crawler = $client->click($crawler->filter('#url')->link());
+        $this->assertEquals(ServerController::LOGOUT_MESSAGE, $crawler->filter('#message')->text());
+
+        // click link -> return to secured page anonymously
+        $crawler = $client->click($crawler->filter('#url')->link());
         $this->assertEquals(TrustedSsoController::LOGIN_REQUIRED_MESSAGE, $crawler->filter('#message')->text());
     }
 
@@ -53,8 +62,7 @@ private function provideCases()
             array('/secured',       self::LOGIN_INVALID, TrustedSsoController::LOGIN_REQUIRED_MESSAGE),
             array('/secured/user',  self::LOGIN_USER,    TestController::USER_MESSAGE),
             array('/secured/admin', self::LOGIN_ADMIN,   TestController::ADMIN_MESSAGE),
-            // array('/secured/admin', self::LOGIN_USER,    TrustedSsoController::LOGIN_REQUIRED_MESSAGE),
-            // get 500 AccessDenied ...
+            // got 500 AccessDenied with array('/secured/admin', self::LOGIN_USER, TrustedSsoController::LOGIN_REQUIRED_MESSAGE)
         );
     }
 }