mike-jumper commented on a change in pull request #455: GUACAMOLE-361: CAS
global logout
URL: https://github.com/apache/guacamole-client/pull/455#discussion_r355074962
##########
File path:
extensions/guacamole-auth-cas/src/main/resources/controllers/casController.js
##########
@@ -28,3 +28,16 @@ angular.module('guacCAS').controller('guacCASController',
['$scope',
window.location = $scope.field.authorizationURI;
}]);
+/**
+ * Controller for the "GUAC_CAS_LOGOUT" field which deletes the GUAC_AUTH
+ * token in localStorage and redirects the user immediately to the CAS
+ * logout URI
+ */
+angular.module('guacCAS').controller('guacCASLogoutController', ['$scope',
+ function guacCASLogoutController($scope) {
+
+ // Redirect to logout URI
+ window.localStorage.removeItem("GUAC_AUTH");
Review comment:
This also would not invalidate the token, so the user would not be logged
out as far as the Guacamole server is concerned. The client would just forget
that it's logged in. The underlying token would secretly remain valid, and any
resources associated with the Guacamole session would remain allocated until
the session times out.
`authenticationService.logout()` would perform the needed `DELETE` request
to actually log the user out, would remove the token stored on the client side,
and returns a `Promise` that can be used to redirect the user to the logout URI
only after logout has completed on the Guacamole side:
https://github.com/apache/guacamole-client/blob/5ce0c0f0358096d87e19c7decdb4d6dfd21aeff5/guacamole/src/main/webapp/app/auth/service/authenticationService.js#L278-L302
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
