Merge remote-tracking branch 'origin/support/2.7' into support/3.0

# Conflicts: # application/loginbasic.class.inc.php # application/loginexternal.class.inc.php # application/loginform.class.inc.php # application/loginurl.class.inc.php # application/loginwebpage.class.inc.php # composer.lock # datamodels/2.x/authent-cas/src/CASLoginExtension.php # lib/composer/autoload_real.php # lib/composer/installed.php # synchro/synchro_exec.php # synchro/synchro_import.php # tests/php-unit-tests/unitary-tests/application/utilsTest.php
2026-02-13 07:24:13 +01:00 · 2023-06-07 17:21:09 +02:00
parent b8f61362f5 2405810864
commit e76ada641f
31 changed files with 466 additions and 86 deletions
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2021 Combodo SARL
+// Copyright (C) 2010-2023 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -35,7 +35,7 @@ class LoginWebPage extends NiceWebPage
 {
 	const EXIT_PROMPT = 0;
 	const EXIT_HTTP_401 = 1;
-	const EXIT_RETURN = 2;
+	const EXIT_RETURN = 2; // Non interactive mode (ajax, rest, ...)
 	
 	const EXIT_CODE_OK = 0;
 	const EXIT_CODE_MISSINGLOGIN = 1;
@@ -105,6 +105,7 @@ class LoginWebPage extends NiceWebPage
 	/**
 	 * @param $oUser
 	 * @param array $aProfiles
+	 * @param $sOrigin
 	 *
 	 * @return array
 	 * @throws \CoreException
@@ -385,14 +386,20 @@ class LoginWebPage extends NiceWebPage
 		$this->output();
 	}

-	public static function ResetSession()
+	public static function ResetSession($bFullCleanup = false)
 	{
-		// Unset all of the session variables.
-		Session::Unset('auth_user');
-		Session::Unset('login_state');
-		Session::Unset('can_logoff');
-		Session::Unset('archive_mode');
-		Session::Unset('impersonate_user');
+        if ($bFullCleanup) {
+            // Unset all of the session variables.
+            foreach (array_keys($_SESSION) as $sKey) {
+	            Session::Unset($sKey);
+            }
+        } else {
+	        Session::Unset('auth_user');
+	        Session::Unset('login_state');
+	        Session::Unset('can_logoff');
+	        Session::Unset('archive_mode');
+	        Session::Unset('impersonate_user');
+        }
 		UserRights::_ResetSessionCache();
 		// If it's desired to kill the session, also delete the session cookie.
 		// Note: This will destroy the session, and not just the session data!
@@ -957,7 +964,7 @@ class LoginWebPage extends NiceWebPage
 		}
 		else
 		{
-			if ($iOnExit == self::EXIT_RETURN)
+			if ($iOnExit === self::EXIT_RETURN)
 			{
 				return self::EXIT_CODE_PORTALUSERNOTAUTHORIZED;
 			}
@@ -1012,7 +1019,7 @@ class LoginWebPage extends NiceWebPage
 		{
 			if ($bMustBeAdmin && !UserRights::IsAdministrator())
 			{
-				if ($iOnExit == self::EXIT_RETURN)
+				if ($iOnExit === self::EXIT_RETURN)
 				{
 					return self::EXIT_CODE_MUSTBEADMIN;
 				}
@@ -1028,7 +1035,7 @@ class LoginWebPage extends NiceWebPage
 			}
 			$iRet = call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $sRequestedPortalId, $iOnExit);
 		}
-		if ($iOnExit == self::EXIT_RETURN)
+		if ($iOnExit === self::EXIT_RETURN)
 		{
 			return $iRet;
 		}