As I stated here, I would allow pre-generated users to log out from a SilverStripe 4 website front-end page, by using the default from. Logging out because log in works.
The problem is that if a logged generic user tries to log out by clicking on a link like Security/logout
(as well as Security/logout?BackURL=home/
), it being redirected to a blank page (just with header/footer visible, as the default Page.ss
is implemented). Apparently the controller doesn't work or similar, because URL points me simply to Security/logout
with no following redirects. Furthermore, the session is not being cleared and if I go back to the user dashboard page, it results still logged in.
So, I tried to implement a custom authenticator, as I usually do in SS 3, but I noticed some little differences. Then, I followed both the official doc and the suggested example for help.
This is the situation:
MemberAuthenticator custom class (in MySite/code)
<?php
// Definizione Namespace
namespace Greylab\Corporate\Authenticator\UtenteAuthenticator;
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
/**
* Classe Autenticazione Utente
*/
class UtenteAuthenticator extends MemberAuthenticator
{
/**
* Login Paziente - Getter
* @param string $link URL di autenteicazione utente
* @return object Form di autenticazione utente
*/
public function getLoginHandler($link)
{
return UtenteLoginHandler::create($link, $this);
}
/**
* Logout Paziente - Getter
* @param string $link URL di deautenteicazione utente
* @return object Form di deautenteicazione utente
*/
public function getLogoutHandler($link)
{
return UtenteLogoutHandler::create($link, $this);
}
}
MemberAuthenticator\LoginHandler custom class (in MySite/code)
<?php
// Definizione Namespace
use SilverStripe\Security\MemberAuthenticator\LoginHandler;
use SilverStripe\Core\Injector\Injector;
/**
* Clesse Login Utente
*/
class UtenteLoginHandler extends LoginHandler
{
/**
* Metodo gestione Login Utente
* Setter
* @param array $dati Dati form login
* @param object $form Form login
* @return void
*/
public function doLogin($dati, $form)
{
$utente = $this->checkLogin($dati);
// Controllo Utente
if ($utente) {
$request = Injector::inst()->get(HTTPRequest::class);
$session = $request->getSession();
$cliente = $session->set('UtenteLoginHandler.MemberID', $utente->ID);
$profiloPaziente = Member::get()->byID($session->get('UtenteLoginHandler.MemberID'));
$datiPaziente = $session->set('UtenteLoginHandler.Data', $dati);
// Controllo Utente
if ($profiloCliente) {
$this->performLogin($profiloCliente, $datiCliente);
return $this->redirectAfterSuccessfulLogin();
} else {
// Se utente invalido torna al form
return $this->redirectBack();
}
} else {
// Se utente invalido torna al form
return $this->redirectBack();
}
}
}
MemberAuthenticator\LogoutHandler custom class (in MySite/code)
// Definizione Namespace
use SilverStripe\Security\MemberAuthenticator\LogoutHandler;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Security\Security;
use SilverStripe\Security\IdentityStore;
use SilverStripe\Security\Member;
use SilverStripe\Control\HTTPResponse;
/**
* Clesse Login Utente
*/
class UtenteLogoutHandler extends LogoutHandler
{
/**
* Metodo gestione Logout Utente
* Setter
* @param array $dati Dati form login
* @param object $form Form login
* @return HTTPResponse
*/
public function doLogOut($utente)
{
// Controllo Utente
if ($utente) {
$request = Injector::inst()->get(HTTPRequest::class);
$session = $request->getSession();
$paziente = $session->get('UtenteLoginHandler.MemberID');
$datiPaziente = $session->get('UtenteLoginHandler.Data');
// Controllo Sessione Utente
if ($paziente && $datiPaziente) {
$session->clear('UtenteLoginHandler.MemberID');
$session->clear('UtenteLoginHandler.Data');
Security::setCurrentUser(null);
return $this->redirectAfterLogout();
// Tried with this approach too without success...
/* if ($utente instanceof Member) {
Injector::inst()->get(IdentityStore::class)->logOut($this->getRequest());
return $this->redirectAfterLogout();
} */
} else {
// Se sessione utente invalida torna al form
return $this->redirectBack();
}
}
}
MemberAuthenticator Injection (in _MySite/config/mysite.yml)
SilverStripe\Core\Injector\Injector:
SilverStripe\Security\Security:
properties:
Authenticators:
UtenteAuthenticator: %$Greylab\Corporate\Authenticator\UtenteAuthenticator
With this implementation, nothing changed.
Anyone can suggest me the right way?
Thanks everyone in advance.