LogoutIFrame: Use POST data instead of cookies.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2658 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/IdP/LogoutIFrame.php

@@ -60,12 +60,7 @@ class SimpleSAML_IdP_LogoutIFrame extends SimpleSAML_IdP_LogoutHandler {
 		assert('is_string($assocId)');
 
 		$spId = sha1($assocId);
-		$cookieId = 'logout-iframe-' . $spId;
-
-		$globalConfig = SimpleSAML_Configuration::getInstance();
-		$cookiePath = '/' . $globalConfig->getBaseURL();
-
-		setcookie($cookieId, ($error ? 'failed' : 'completed'), time() + 5*60, $cookiePath);
+		$this->idp->terminateAssociation($assocId);
 
 		echo('<!DOCTYPE html>
 <html>

modules/core/templates/logout-iframe.php

@@ -158,7 +158,7 @@ if ($nFailed > 0) {
 echo('<div id="logout-failed-message" style="margin-top: 1em; border: 1px solid #ccc; padding: 1em; background: #eaeaea;' . $displayStyle . '">');
 echo('<img src="/' . $this->data['baseurlpath'] . 'resources/icons/experience/gtk-dialog-warning.48x48.png" alt="" style="float: left; margin-right: 5px;" />');
 echo('<p>' . $this->t('{logout:failedsps}') . '</p>');
-echo('<form method="get" action="logout-iframe-done.php" target="_top">');
+echo('<form method="post" action="logout-iframe-done.php" id="failed-form" target="_top">');
 echo('<input type="hidden" name="id" value="' . $id . '" />');
 echo('<input type="submit" name="continue" value="' . $this->t('{logout:return}'). '" />');
 echo('</form>');
@@ -172,7 +172,7 @@ if ($nProgress == 0 && $nFailed == 0) {
 }
 echo('<p>' . $this->t('{logout:success}') . '</p>');
 ?>
-<form method="get" action="logout-iframe-done.php" id="done-form" target="_top">
+<form method="post" action="logout-iframe-done.php" id="done-form" target="_top">
 	<input type="hidden" name="id" value="<?php echo $id; ?>" />
 	<input type="submit" name="continue" value="<?php echo $this->t('{logout:return}'); ?>" />
 </form>

modules/core/www/idp/logout-iframe-done.php

@@ -20,21 +20,16 @@ if (!isset($_REQUEST['cancel'])) {
 	$state['core:Failed'] = TRUE; /* Mark as partial logout. */
 }
 
-$globalConfig = SimpleSAML_Configuration::getInstance();
-$cookiePath = '/' . $globalConfig->getBaseURL();
-
 /* Find the status of all SPs. */
 foreach ($SPs as $assocId => &$sp) {
 
-	$spId = sha1($assocId);
+	$spId = 'logout-iframe-' . sha1($assocId);
 
-	$cookieId = 'logout-iframe-' . $spId;
-	if (isset($_COOKIE[$cookieId])) {
-		$cookie = $_COOKIE[$cookieId];
-		if ($cookie == 'completed' || $cookie == 'failed') {
-			$sp['core:Logout-IFrame:State'] = $cookie;
+	if (isset($_REQUEST[$spId])) {
+		$spStatus = $_REQUEST[$spId];
+		if ($spStatus === 'completed' || $spStatus === 'failed') {
+			$sp['core:Logout-IFrame:State'] = $spStatus;
 		}
-		setcookie($cookieId, '', time() - 3600, $cookiePath);
 	}
 
 	if (!isset($associations[$assocId])) {

modules/core/www/idp/logout-iframe.js

@@ -32,6 +32,17 @@ function updateSPStatus(spId, status, reason) {
 	$('#statusimage-' + spId).attr('src', window.stateImage[status]).attr('alt', window.stateText[status]).attr('title', reason);
 	window.spStatus[spId] = status;
 
+	var formId = 'logout-iframe-' + spId;
+	var existing = $('input[name="' + formId + '"]');
+	if (existing.length == 0) {
+		/* Don't have an existing form element - add one. */
+		var elementHTML = '<input type="hidden" name="' + formId + '" value="' + status + '" />';
+		$('#failed-form , #done-form').append(elementHTML);
+	} else {
+		/* Update existing element. */
+		existing.attr('value', status);
+	}
+
 	updateStatus();
 }
 function logoutCompleted(spId) {
@@ -49,24 +60,9 @@ function timeoutSPs() {
 	}
 }
 
-function asyncUpdate() {
-	jQuery.getJSON(window.asyncURL, window.spStatus, function(data, textStatus) {
-		for (sp in data) {
-			if (data[sp] == 'completed') {
-				logoutCompleted(sp);
-			} else if (data[sp] == 'failed') {
-				logoutFailed(sp, 'async update');
-			}
-		}
-		window.setTimeout(asyncUpdate, 1000);
-	});
-}
-
-
 $('document').ready(function(){
 	if (window.type == 'js') {
 		window.timeoutID = window.setTimeout(timeoutSPs, window.timeoutIn * 1000);
-		window.setTimeout(asyncUpdate, 1000);
 		updateStatus();
 	} else if (window.type == 'init') {
 		$('#logout-type-selector').attr('value', 'js');

modules/core/www/idp/logout-iframe.php

@@ -7,7 +7,7 @@ $id = (string)$_REQUEST['id'];
 
 if (isset($_REQUEST['type'])) {
 	$type = (string)$_REQUEST['type'];
-	if (!in_array($type, array('init', 'js', 'nojs', 'embed', 'async'), TRUE)) {
+	if (!in_array($type, array('init', 'js', 'nojs', 'embed'), TRUE)) {
 		throw new SimpleSAML_Error_BadRequest('Invalid value for type.');
 	}
 } else {
@@ -41,15 +41,6 @@ if ($type !== 'init') {
 			$sp['core:Logout-IFrame:State'] = 'inprogress';
 		}
 
-		/* Check for update by cookie. */
-		$cookieId = 'logout-iframe-' . $spId;
-		if (isset($_COOKIE[$cookieId])) {
-			$cookie = $_COOKIE[$cookieId];
-			if ($cookie == 'completed' || $cookie == 'failed') {
-				$sp['core:Logout-IFrame:State'] = $cookie;
-			}
-		}
-
 		/* Check for update through request. */
 		if (isset($_REQUEST[$spId])) {
 			$s = $_REQUEST[$spId];
@@ -99,18 +90,6 @@ if ($type === 'nojs') {
 	$t->data['timeout'] = $timeout;
 	$t->show();
 	exit(0);
-
-} elseif ($type == 'async') {
-	header('Content-Type: application/json');
-	$res = array();
-	foreach ($state['core:Logout-IFrame:Associations'] as $assocId => $sp) {
-		if ($sp['core:Logout-IFrame:State'] !== 'completed') {
-			continue;
-		}
-		$res[sha1($assocId)] = 'completed';
-	}
-	echo(json_encode($res));
-	exit(0);
 }
 
 $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:logout-iframe.php');