Commit 9e2ae129 authored by o's avatar o
Browse files

store where user logged in to be able to log out specifically

parent 55d5b04b
......@@ -72,32 +72,23 @@ class ApplicationController < ActionController::Base
helper_method :update_session_expiry
def where_am_i_logged_in
return [] unless session[:logged_in]
return [] unless session[:login_user]
session[:logged_in][session[:login_user]] || []
JSON.parse(cookies.encrypted[:logged_in] || "[]")
end
def remember_login(what)
session[:logged_in] ||= {}
session[:logged_in][session[:login_user]] ||= []
session[:logged_in][session[:login_user]] << what
session[:logged_in][session[:login_user]].uniq!
l = where_am_i_logged_in
l << what
l.uniq!
cookies.encrypted[:logged_in] = l.to_json
end
def reset_user_session
session[:user_id] = nil
unless session_expired?
url = session[:origin_url]
# remember the list of places where we logged in in the past. this is just
# for the UI, not actually auth
if session[:login_user]
logged_in = session[:logged_in]
end
end
reset_session
session[:locale] = I18n.locale
session[:origin_url] = url
session[:logged_in] = logged_in
update_session_expiry
end
end
......@@ -8,8 +8,8 @@ class HandoffLoginController < LoginController
totp: totp)
end
def current_login_service_name
@handoff
def current_login_service
{name: @handoff, url: handoff_url}
end
protected
......
......@@ -9,7 +9,7 @@ class LoginController < ApplicationController
def save_login_token(res, user)
session[:login_token] = res['login_token']
session[:login_user] = user
remember_login(current_login_service_name)
remember_login(current_login_service)
end
def login
......
class LogoutController < ApplicationController
def new
reset_user_session
@logged_in = where_am_i_logged_in
@logout_urls = ApiBackend::logout_urls
cookies.delete(:logged_in)
end
end
......@@ -34,8 +34,8 @@ class SamlLoginController < LoginController
end
public
def current_login_service_name
@sp_info[:name]
def current_login_service
@sp_info
end
def new
......
<% if @logout_urls %>
You are logged out from all services.
<div style="display:none">
<% @logout_urls.each do |u| %>
<img src="<%= u.html_safe %>"></img>
<% @logged_in.each do |sp| %>
<img src="<%= "#{@logout_urls[sp["url"]]}".html_safe %>"></img>
<% end %>
</div>
<% else %>
......
......@@ -5,9 +5,10 @@
<br />
<p>
<%= t(:current_sessions) %>
<%= @test %>
<ul>
<% @logged_in.each do |l| %>
<li><%= l %></li>
<li><%= l["name"] %></li>
<% end %>
</ul>
</p>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment