You are here

Home » API reference » DrupalAuth for SimpleSAMLphp 8 » drupalauth4ssp.module

function drupalauth4ssp_user_logout in DrupalAuth for SimpleSAMLphp 8

Same name and namespace in other branches
  1. 7 drupalauth4ssp.module \drupalauth4ssp_user_logout()

Implements hook_user_logout().

1 string reference to 'drupalauth4ssp_user_logout'
DrupalAuthForSSPSubscriber::checkRedirection in src/EventSubscriber/DrupalAuthForSSPSubscriber.php
Kernel response event handler.

File

./drupalauth4ssp.module, line 58
DrupalAuth For simpleSAMLphp module.

Code

function drupalauth4ssp_user_logout($account) {

  /** @var \Drupal\Core\Session\AccountProxy $account */

  // Get the configuration information from SimpleSAMLphp.
  $ssp_config = _drupalauth4ssp_get_simplesamlphp_config();

  // If we don't have configuration, exit without doing anything.
  if (!is_array($ssp_config)) {

    // The least we can do is write something to the watchdog so someone will
    // know what's happening.
    \Drupal::logger('drupalauth4ssp')
      ->warning('Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', [
      '%name' => $account->name,
    ]);
    return;
  }

  // Delete the cookie.
  $hash = Crypt::hmacBase64($account
    ->id(), $ssp_config['secretsalt'] . \Drupal::service('private_key')
    ->get());
  setcookie($ssp_config['cookie_name'], $hash . ':' . $account
    ->id(), time() - 3600, $ssp_config['baseurlpath']);

  // Invalidate SimpleSAML session by expiring it.
  $session = Session::getSessionFromRequest();

  // Backward compatibility with SimpleSAMP older than 1.14.
  // SimpleSAML_Session::getAuthority() has been removed in 1.14.
  // @see https://simplesamlphp.org/docs/development/simplesamlphp-upgrade-notes-1.14
  if (method_exists($session, 'getAuthority')) {
    $session
      ->setAuthorityExpire($session
      ->getAuthority(), 1);
  }
  else {
    foreach ($session
      ->getAuthorities() as $authority) {
      $session
        ->setAuthorityExpire($authority, 1);
    }
  }
  $drupaluath4ssp_settings = \Drupal::service('config.factory')
    ->get('drupalauth4ssp.settings');
  $request = \Drupal::request();
  $returnTo = $request->query
    ->get('ReturnTo');
  if (empty($returnTo)) {

    // IdP-initiated logout.
    $destination =& drupal_static(__FUNCTION__);
    $idp_logout_returnto = $drupaluath4ssp_settings
      ->get('idp_logout_returnto');
    if (empty($idp_logout_returnto)) {
      $idp_logout_returnto = base_path();
    }
    $destination = $ssp_config['baseurlpath'] . 'saml2/idp/SingleLogoutService.php?ReturnTo=' . $idp_logout_returnto;
  }
  else {

    // If the ReturnTo URL is present, send the user to the URL.
    $returnto_list = $drupaluath4ssp_settings
      ->get('returnto_list');
    $path_matcher = \Drupal::service('path.matcher');

    // Check the ReturnTo if it's in the allowed list.
    if ($path_matcher
      ->matchPath($returnTo, $returnto_list)) {
      $destination =& drupal_static(__FUNCTION__);
      $destination = $returnTo;
    }
  }
}