Skip to content

Commit 4da5465

Browse files
committed
Add option to do full logout
Adds a new option to perform a full logout of Azure AD when logging out of WordPress. Fixes #163 and fixes #184.
1 parent 137ff4a commit 4da5465

File tree

3 files changed

+47
-1
lines changed

3 files changed

+47
-1
lines changed

Settings.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,13 @@ class AADSSO_Settings {
104104
*/
105105
public $default_wp_role = null;
106106

107+
/**
108+
* Indicates whether a logout of WordPress should also trigger a logout of Azure AD.
109+
*
110+
* @var boolean Whether or not logging out of WordPress triggers logging out of Azure AD.
111+
*/
112+
public $enable_full_logout = false;
113+
107114
/**
108115
* @var string The OpenID Connect configuration discovery endpoint.
109116
*/

SettingsPage.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,14 @@ public function register_settings() {
248248
'aadsso_settings_page', // page
249249
'aadsso_settings_general' // section
250250
);
251+
252+
add_settings_field(
253+
'enable_full_logout', // id
254+
__( 'Enable full logout', 'aad-sso-wordpress' ), // title
255+
array( $this, 'enable_full_logout_callback' ), // callback
256+
'aadsso_settings_page', // page
257+
'aadsso_settings_general' // section
258+
);
251259

252260
add_settings_field(
253261
'field_to_match_to_upn', // id
@@ -374,6 +382,7 @@ public function sanitize_settings( $input ) {
374382
'enable_auto_forward_to_aad',
375383
'enable_aad_group_to_wp_role',
376384
'match_on_upn_alias',
385+
'enable_full_logout',
377386
);
378387
foreach ( $boolean_settings as $boolean_setting )
379388
{
@@ -646,6 +655,17 @@ public function openid_configuration_endpoint_callback() {
646655
);
647656
}
648657

658+
/**
659+
* Renders the `enable_full_logout` checkbox control.
660+
*/
661+
public function enable_full_logout_callback() {
662+
$this->render_checkbox_field(
663+
'enable_full_logout',
664+
__( 'Do a full logout of Azure AD when logging out of WordPress.',
665+
'aad-sso-wordpress' )
666+
);
667+
}
668+
649669
/**
650670
* Renders a simple text field and populates it with the setting value.
651671
*

aad-sso-wordpress.php

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ public function __construct( $settings ) {
8383
add_action( 'login_form', array( $this, 'print_login_link' ) ) ;
8484

8585
// Clear session variables when logging out
86-
add_action( 'wp_logout', array( $this, 'clear_session' ) );
86+
add_action( 'wp_logout', array( $this, 'logout' ) );
8787

8888
// If configured, bypass the login form and redirect straight to AAD
8989
add_action( 'login_init', array( $this, 'save_redirect_and_maybe_bypass_login' ), 20 );
@@ -348,6 +348,10 @@ function authenticate( $user, $username, $password ) {
348348
);
349349
}
350350

351+
if ( is_a( $user, 'WP_User' ) ) {
352+
$_SESSION['aadsso_signed_in_with_azuread'] = true;
353+
}
354+
351355
return $user;
352356
}
353357

@@ -563,6 +567,21 @@ function clear_session() {
563567
session_destroy();
564568
}
565569

570+
/**
571+
* Clears the current the session, and triggers a full Azure AD logout if needed.
572+
*/
573+
function logout() {
574+
575+
$signed_in_with_azuread = isset( $_SESSION['aadsso_signed_in_with_azuread'] )
576+
&& true === $_SESSION['aadsso_signed_in_with_azuread'];
577+
$this->clear_session();
578+
579+
if ( $signed_in_with_azuread && $this->settings->enable_full_logout ) {
580+
wp_redirect( $this->get_logout_url() );
581+
die();
582+
}
583+
}
584+
566585
/*** Settings ***/
567586

568587
/**

0 commit comments

Comments
 (0)