mirrors/nextcloud-server
3
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-10-26 19:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
a04feff9a7
nextcloud-server/core
History
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL 
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
..
ajax Stricter phan config fixes 2017-08-01 08:20:13 +02:00
Command Fix typo in template for migration generation 2017-08-09 11:01:08 +02:00
Controller Properly allow \OCP\Authentication\IApacheBackend to specify logout URL 2017-08-18 12:22:44 +02:00
css Add buttom border for header 2017-08-14 09:40:55 +02:00
doc
fonts
img Revert "Proof of concept #5593 - inline SVG icon for icon-contacts" 2017-08-03 17:27:24 +02:00
js Trigger search after re-focus 2017-08-15 13:36:51 +02:00
l10n [tx-robot] updated from transifex 2017-08-18 00:08:15 +00:00
Middleware Remove explicit type hints for Controller 2017-08-01 17:32:03 +02:00
Migrations Fix headers 2017-08-14 09:53:48 +02:00
search
skeleton
templates Properly allow \OCP\Authentication\IApacheBackend to specify logout URL 2017-08-18 12:22:44 +02:00
vendor Fix missing js merge on master 2017-06-09 14:33:14 +02:00
Application.php
register_command.php add occ app:install command 2017-07-26 14:35:42 +02:00
routes.php Run phan over code base 2017-07-19 10:28:11 +02:00
shipped.json Add missing version requirement to OAuth2 app 2017-05-22 09:56:49 +02:00
strings.php