SilverStripe 4 - Blank page on logging out

2019-06-03 15:30发布

As I stated here, I would allow pre-generated users to log out from a SilverStripe 4 website front-end page, by using the default from. Logging out because log in works.

The problem is that if a logged generic user tries to log out by clicking on a link like Security/logout (as well as Security/logout?BackURL=home/), it being redirected to a blank page (just with header/footer visible, as the default Page.ss is implemented). Apparently the controller doesn't work or similar, because URL points me simply to Security/logout with no following redirects. Furthermore, the session is not being cleared and if I go back to the user dashboard page, it results still logged in.

So, I tried to implement a custom authenticator, as I usually do in SS 3, but I noticed some little differences. Then, I followed both the official doc and the suggested example for help.

This is the situation:

MemberAuthenticator custom class (in MySite/code)

<?php
// Definizione Namespace
namespace Greylab\Corporate\Authenticator\UtenteAuthenticator;
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;

/**
* Classe Autenticazione Utente
*/
class UtenteAuthenticator extends MemberAuthenticator
{
/**
 * Login Paziente - Getter
 * @param string $link URL di autenteicazione utente
 * @return object Form di autenticazione utente
 */
public function getLoginHandler($link)
{
    return UtenteLoginHandler::create($link, $this);
}

/**
 * Logout Paziente - Getter
 * @param string $link URL di deautenteicazione utente
 * @return object Form di deautenteicazione utente
 */
public function getLogoutHandler($link)
{
    return UtenteLogoutHandler::create($link, $this);
}
}

MemberAuthenticator\LoginHandler custom class (in MySite/code)

<?php
// Definizione Namespace
use SilverStripe\Security\MemberAuthenticator\LoginHandler;

use SilverStripe\Core\Injector\Injector;

/**
 * Clesse Login Utente
 */
class UtenteLoginHandler extends LoginHandler
{
    /**
     * Metodo gestione Login Utente
     * Setter
     * @param array $dati Dati form login
     * @param object $form Form login
     * @return void
     */
    public function doLogin($dati, $form)
    {
        $utente = $this->checkLogin($dati);

        // Controllo Utente
        if ($utente) {
            $request = Injector::inst()->get(HTTPRequest::class);
        $session = $request->getSession();
        $cliente = $session->set('UtenteLoginHandler.MemberID', $utente->ID);
        $profiloPaziente = Member::get()->byID($session->get('UtenteLoginHandler.MemberID'));
        $datiPaziente = $session->set('UtenteLoginHandler.Data', $dati);

            // Controllo Utente
        if ($profiloCliente) {
            $this->performLogin($profiloCliente, $datiCliente);

            return $this->redirectAfterSuccessfulLogin();
        } else {
            // Se utente invalido torna al form
            return $this->redirectBack();
        }
        } else {
            // Se utente invalido torna al form
            return $this->redirectBack();
        }
    }
}

MemberAuthenticator\LogoutHandler custom class (in MySite/code)

// Definizione Namespace
use SilverStripe\Security\MemberAuthenticator\LogoutHandler;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Security\Security;
use SilverStripe\Security\IdentityStore;
use SilverStripe\Security\Member;
use SilverStripe\Control\HTTPResponse;

/**
 * Clesse Login Utente
 */
class UtenteLogoutHandler extends LogoutHandler
{
    /**
     * Metodo gestione Logout Utente
     * Setter
     * @param array $dati Dati form login
     * @param object $form Form login
     * @return HTTPResponse
     */
    public function doLogOut($utente)
    {
        // Controllo Utente
        if ($utente) {
            $request = Injector::inst()->get(HTTPRequest::class);
        $session = $request->getSession();
        $paziente = $session->get('UtenteLoginHandler.MemberID');
        $datiPaziente = $session->get('UtenteLoginHandler.Data');

        // Controllo Sessione Utente
        if ($paziente && $datiPaziente) {
            $session->clear('UtenteLoginHandler.MemberID');
            $session->clear('UtenteLoginHandler.Data');

            Security::setCurrentUser(null);

            return $this->redirectAfterLogout();
            // Tried with this approach too without success...
            /* if ($utente instanceof Member) {
            Injector::inst()->get(IdentityStore::class)->logOut($this->getRequest());
                return $this->redirectAfterLogout();
            } */
        } else {
            // Se sessione utente invalida torna al form
            return $this->redirectBack();
        }
    }
}

MemberAuthenticator Injection (in _MySite/config/mysite.yml)

SilverStripe\Core\Injector\Injector:
  SilverStripe\Security\Security:
    properties:
      Authenticators:
        UtenteAuthenticator: %$Greylab\Corporate\Authenticator\UtenteAuthenticator

With this implementation, nothing changed.

Anyone can suggest me the right way?

Thanks everyone in advance.

1条回答
小情绪 Triste *
2楼-- · 2019-06-03 15:57

After a deep research, solution came from a brave official Slack Community member: special thanks to @kinglozzer for it.

Simply, SS 4 provides a brand new $LogoutURL default parameter to obtain the right logout url. It includes the logged-in member SecurityID as parameter. The old SS 3 Security/logout isn't enough anymore to run the process. So, by using:

{$LogoutURL}&BackURL=<url>

User will be logged out and redirected correctly.

Thanks anyone for help.

查看更多
登录 后发表回答