X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=plugins%2Fhttp_authentication%2Fhttp_authentication.php;h=fa074f09accdb243120b1245f0f3cde959ab4262;hb=a2dd2e41259a5e90016efcd7d083020b95e25527;hp=6da6488a003ac364de4ad30ed9726d5ce07c2d30;hpb=fe4a852cd4335d3d2089b13e10d409fa2fa816d8;p=roundcube.git diff --git a/plugins/http_authentication/http_authentication.php b/plugins/http_authentication/http_authentication.php index 6da6488..fa074f0 100644 --- a/plugins/http_authentication/http_authentication.php +++ b/plugins/http_authentication/http_authentication.php @@ -5,17 +5,24 @@ * * Make use of an existing HTTP authentication and perform login with the existing user credentials * - * @version 1.2 + * Configuration: + * // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth + * $rcmail_config['logout_url'] = 'http://server.tld/logout.html'; + * + * See logout.html (in this directory) for an example how HTTP auth can be cleared. + * + * @version 1.4 * @author Thomas Bruederli */ class http_authentication extends rcube_plugin { - public $task = 'login'; + public $task = 'login|logout'; function init() { $this->add_hook('startup', array($this, 'startup')); $this->add_hook('authenticate', array($this, 'authenticate')); + $this->add_hook('logout_after', array($this, 'logout')); } function startup($args) @@ -30,16 +37,30 @@ class http_authentication extends rcube_plugin function authenticate($args) { + // Allow entering other user data in login form, + // e.g. after log out (#1487953) + if (!empty($args['user'])) { + return $args; + } + if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { $args['user'] = $_SERVER['PHP_AUTH_USER']; $args['pass'] = $_SERVER['PHP_AUTH_PW']; } - + $args['cookiecheck'] = false; $args['valid'] = true; - + return $args; } + function logout($args) + { + // redirect to configured URL in order to clear HTTP auth credentials + if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER'] && ($url = rcmail::get_instance()->config->get('logout_url'))) { + header("Location: $url", true, 307); + } + } + }