From a04feff9a780d77ca172ba7558a7d0cc4e01dc36 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 18 Aug 2017 12:16:43 +0200 Subject: Properly allow \OCP\Authentication\IApacheBackend to specify logout URL Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string. This string is directly injected into the logout `` tag, so returning something like `href="foo"` would result in ``. This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with 054e161eb5f4a5c5c13ee322ae8e93ce66f01b13 inside the navigation manager where one cannot simply inject attributes. Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112, people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects you to the IdP and properly logs you out there as well. Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but I'm not aware of any and there's simply no way to fix this properly otherwise. Signed-off-by: Lukas Reschke --- core/Controller/TwoFactorChallengeController.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'core/Controller/TwoFactorChallengeController.php') diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php index 9f379ad30d7..af69b55173e 100644 --- a/core/Controller/TwoFactorChallengeController.php +++ b/core/Controller/TwoFactorChallengeController.php @@ -69,8 +69,8 @@ class TwoFactorChallengeController extends Controller { /** * @return string */ - protected function getLogoutAttribute() { - return OC_User::getLogoutAttribute(); + protected function getLogoutUrl() { + return OC_User::getLogoutUrl(); } /** @@ -89,7 +89,7 @@ class TwoFactorChallengeController extends Controller { 'providers' => $providers, 'backupProvider' => $backupProvider, 'redirect_url' => $redirect_url, - 'logout_attribute' => $this->getLogoutAttribute(), + 'logout_url' => $this->getLogoutUrl(), ]; return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest'); } @@ -131,7 +131,7 @@ class TwoFactorChallengeController extends Controller { 'error_message' => $errorMessage, 'provider' => $provider, 'backupProvider' => $backupProvider, - 'logout_attribute' => $this->getLogoutAttribute(), + 'logout_url' => $this->getLogoutUrl(), 'redirect_url' => $redirect_url, 'template' => $tmpl->fetchPage(), ]; -- cgit v1.2.3