[icinga-checkins] icinga.org: icinga-web/jmosshammer/multiconnection: * Added filter to clean db session after logout (fixes #2501)

git at icinga.org git at icinga.org
Wed Apr 11 14:26:29 CEST 2012


Module: icinga-web
Branch: jmosshammer/multiconnection
Commit: d2eaf104d3b2f685a72b76d1d749a95adaed808b
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=d2eaf104d3b2f685a72b76d1d749a95adaed808b

Author: Marius Hein <marius.hein at netways.de>
Date:   Wed Apr  4 13:38:26 2012 +0200

* Added filter to clean db session after logout (fixes #2501)

---

 app/modules/Api/config/action_filters.xml          |   13 ++++++
 app/modules/Api/config/autoload.xml                |   43 ++++++++++----------
 ...IcingaApiAuthentificationLogoutFilter.class.php |   20 +++++++++
 ...ngaApiAuthentificationRoutingCallback.class.php |    1 +
 4 files changed, 56 insertions(+), 21 deletions(-)

diff --git a/app/modules/Api/config/action_filters.xml b/app/modules/Api/config/action_filters.xml
new file mode 100644
index 0000000..94e9686
--- /dev/null
+++ b/app/modules/Api/config/action_filters.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ae:configurations xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0" xmlns="http://agavi.org/agavi/config/parts/filters/1.0">
+
+    <ae:configuration context="web">
+        <filters>
+
+            <filter name="AuthKeyLogoutFilter" class="IcingaApiAuthentificationLogoutFilter">
+            </filter>
+
+        </filters>
+    </ae:configuration>
+
+</ae:configurations>
\ No newline at end of file
diff --git a/app/modules/Api/config/autoload.xml b/app/modules/Api/config/autoload.xml
index 498bf33..8e07d97 100644
--- a/app/modules/Api/config/autoload.xml
+++ b/app/modules/Api/config/autoload.xml
@@ -1,31 +1,31 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <ae:configurations xmlns="http://agavi.org/agavi/config/parts/autoload/1.0" xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0">
-	<ae:configuration>
-		
-		<autoload name="IcingaApiBaseAction">%core.module_dir%/Api/lib/action/IcingaApiBaseAction.class.php</autoload>
-		<autoload name="IcingaApiBaseModel">%core.module_dir%/Api/lib/model/IcingaApiBaseModel.class.php</autoload>
+    <ae:configuration>
+
+        <autoload name="IcingaApiBaseAction">%core.module_dir%/Api/lib/action/IcingaApiBaseAction.class.php</autoload>
+        <autoload name="IcingaApiBaseModel">%core.module_dir%/Api/lib/model/IcingaApiBaseModel.class.php</autoload>
         <autoload name="ApiDataRequestBaseModel">%core.module_dir%/Api/lib/model/ApiDataRequestBaseModel.class.php</autoload>
 
         <autoload name="AccessConfig">%core.module_dir%/Api/lib/config/AccessConfig.class.php</autoload>		
         <autoload name="AccessConfigHandler">%core.module_dir%/Api/lib/config/AccessConfigHandler.class.php</autoload>
         <autoload name="DQLViewConfigHandler">%core.module_dir%/Api/lib/config/DQLViewConfigHandler.class.php</autoload>
         <autoload name="DQLViewExtender">%core.module_dir%/Api/lib/database/DQLViewExtender.php</autoload>
-		<autoload name="IcingaDoctrineDatabase">%core.module_dir%/Api/lib/database/IcingaDoctrineDatabase.class.php</autoload>
-		<autoload name="IcingaDoctrine_Query">%core.module_dir%/Api/lib/database/IcingaDoctrine_Query.class.php</autoload>
-		<autoload name="Icinga_Doctrine_Table">%core.module_dir%/Api/lib/database/IcingaDoctrineTable.class.php</autoload>
+        <autoload name="IcingaDoctrineDatabase">%core.module_dir%/Api/lib/database/IcingaDoctrineDatabase.class.php</autoload>
+        <autoload name="IcingaDoctrine_Query">%core.module_dir%/Api/lib/database/IcingaDoctrine_Query.class.php</autoload>
+        <autoload name="Icinga_Doctrine_Table">%core.module_dir%/Api/lib/database/IcingaDoctrineTable.class.php</autoload>
         <autoload name="IcingaDoctrineQueryFilterChain">%core.module_dir%/Api/lib/database/filter/IcingaDoctrineQueryFilterChain.class.php</autoload>
         <autoload name="IcingaDoctrineFilterMap">%core.module_dir%/Api/lib/database/filter/IcingaDoctrineFilterMap.class.php</autoload>
-		<autoload name="IcingaApiBaseView">%core.module_dir%/Api/lib/view/IcingaApiBaseView.class.php</autoload>		
-		<autoload name="BaseConsoleConnection">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
-		<autoload name="LocalConsoleConnection">%core.module_dir%/Api/lib/console/LocalConsoleConnection.class.php</autoload>
-		<autoload name="SshConsoleConnection">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>	
-
-		<!-- Connection exceptions -->
-		<autoload name="ApiSSHNotInstalledException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
-		<autoload name="ApiInvalidAuthTypeException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
-		<autoload name="ApiCommandFailedException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
-		<autoload name="ApiRestrictedCommandException">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
-		<autoload name="ApiAuthorisationFailedException">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
+        <autoload name="IcingaApiBaseView">%core.module_dir%/Api/lib/view/IcingaApiBaseView.class.php</autoload>		
+        <autoload name="BaseConsoleConnection">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
+        <autoload name="LocalConsoleConnection">%core.module_dir%/Api/lib/console/LocalConsoleConnection.class.php</autoload>
+        <autoload name="SshConsoleConnection">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>	
+        
+        <!-- Connection exceptions -->
+        <autoload name="ApiSSHNotInstalledException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
+        <autoload name="ApiInvalidAuthTypeException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
+        <autoload name="ApiCommandFailedException">%core.module_dir%/Api/lib/console/SshConsoleConnection.class.php</autoload>
+        <autoload name="ApiRestrictedCommandException">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
+        <autoload name="ApiAuthorisationFailedException">%core.module_dir%/Api/lib/console/BaseConsoleConnection.class.php</autoload>
 
         <autoload name="StoreFilterBase">%core.module_dir%/Api/lib/datastore/filter/StoreFilterBase.class.php</autoload> 
         <autoload name="GenericStoreFilterGroup">%core.module_dir%/Api/lib/datastore/filter/GenericStoreFilterGroup.class.php</autoload> 
@@ -48,9 +48,10 @@
         <autoload name="ApiStoreFilterGroup">%core.module_dir%/Api/lib/datastore/filter/ApiStoreFilterGroup.class.php</autoload> 
         <autoload name="DataStoreFilterModifier">%core.module_dir%/Api/lib/datastore/DataStoreFilterModifier.class.php</autoload> 
 
-		<autoload name="IcingaCommandsConfigHandler">%core.module_dir%/Api/lib/config/IcingaCommandsConfigHandler.class.php</autoload>
-		
-		<autoload name="IcingaApiAuthentificationRoutingCallback">%core.module_dir%/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php</autoload>
+        <autoload name="IcingaCommandsConfigHandler">%core.module_dir%/Api/lib/config/IcingaCommandsConfigHandler.class.php</autoload>
+
+        <autoload name="IcingaApiAuthentificationRoutingCallback">%core.module_dir%/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php</autoload>
+        <autoload name="IcingaApiAuthentificationLogoutFilter">%core.module_dir%/Api/lib/auth/IcingaApiAuthentificationLogoutFilter.class.php</autoload>
         
         <!-- Interfaces -->
         <autoload name="IcingaConsoleInterface">%core.module_dir%/Api/lib/console/IcingaConsoleInterface.php</autoload>
diff --git a/app/modules/Api/lib/auth/IcingaApiAuthentificationLogoutFilter.class.php b/app/modules/Api/lib/auth/IcingaApiAuthentificationLogoutFilter.class.php
new file mode 100644
index 0000000..ea13041
--- /dev/null
+++ b/app/modules/Api/lib/auth/IcingaApiAuthentificationLogoutFilter.class.php
@@ -0,0 +1,20 @@
+<?php
+
+class IcingaApiAuthentificationLogoutFilter extends AgaviFilter implements AgaviIActionFilter {
+    /**
+     * If authkey was used, do a logout after executing
+     * 
+     * (non-PHPdoc)
+     * @see AgaviIFilter::execute()
+     */
+    public function execute(AgaviFilterChain $filterChain, AgaviExecutionContainer $container) {
+        $filterChain->execute($container);
+        $flag = (bool)$container->getAttribute('flag', 'org.icinga.api.auth', false);
+        $user = $container->getContext()->getUser();
+        
+        if ($flag === true && $user->isAuthenticated()) {
+            $user->doLogout();
+            session_destroy(); // Remove session from database
+        }
+    }
+}
\ No newline at end of file
diff --git a/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php b/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php
index 16c25a3..9209e32 100644
--- a/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php
+++ b/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php
@@ -33,6 +33,7 @@ class IcingaApiAuthentificationRoutingCallback extends AgaviRoutingCallback {
         $errors = array ();
         
         if (isset($parameters['authkey'])) {
+            $container->setAttribute('flag', true, 'org.icinga.api.auth');
             try {
                 $this->user->doAuthKeyLogin($parameters['authkey']);
             } catch (AgaviSecurityException $e) {





More information about the icinga-checkins mailing list