Fix Single-Logout

2014-05-09 10:52:54 +02:00 · 2014-05-09 10:52:54 +02:00 · 71b1a8207f
parent 1378383745
commit 71b1a8207f
1 changed files with 13 additions and 0 deletions
--- a/lib/redmine_cas/application_controller_patch.rb
+++ b/lib/redmine_cas/application_controller_patch.rb
@ -5,6 +5,7 @@ module RedmineCAS
    def self.included(base)
      base.send(:include, InstanceMethods)
      base.class_eval do
+        alias_method_chain :verify_authenticity_token, :cas
        alias_method_chain :require_login, :cas
      end
    end
@ -55,6 +56,18 @@ module RedmineCAS
        end
      end

+      def verify_authenticity_token_with_cas
+        if cas_logout_request?
+          logger.info 'CAS logout request detected: Skipping validation of authenticity token'
+        else
+          verify_authenticity_token_without_cas
+        end
+      end
+
+      def cas_logout_request?
+        request.post? && params.has_key?('logoutRequest')
+      end
+
      def cas_account_pending
        render_403 :message => l(:notice_account_pending)
      end