diff --git a/cosinnus/default_settings.py b/cosinnus/default_settings.py index ecee09f06..4368b148f 100644 --- a/cosinnus/default_settings.py +++ b/cosinnus/default_settings.py @@ -466,7 +466,8 @@ def before_send(event, hint): COSINNUS_CHAT_BASE_URL = f"https://chat.{project_settings['COSINNUS_PORTAL_URL']}" COSINNUS_CHAT_USER = env("WECHANGE_COSINNUS_CHAT_USER", default=f"{project_settings['COSINNUS_PORTAL_NAME']}-bot") COSINNUS_CHAT_PASSWORD = env("WECHANGE_COSINNUS_CHAT_PASSWORD", default='') - + COSINNUS_CHAT_SESSION_COOKIE_DOMAIN = project_settings['COSINNUS_PORTAL_URL'] + # Nextcloud COSINNUS_CLOUD_ENABLED = False COSINNUS_CLOUD_NEXTCLOUD_URL = f"https://cloud.{project_settings['COSINNUS_PORTAL_URL']}" diff --git a/cosinnus/views/common.py b/cosinnus/views/common.py index 7146bafc2..0bd27309f 100644 --- a/cosinnus/views/common.py +++ b/cosinnus/views/common.py @@ -21,6 +21,7 @@ import requests from cosinnus.conf import settings +from cosinnus_message.rocket_chat import RocketChatConnection from cosinnus.models.group import CosinnusPortal from cosinnus.models.tagged import LikeObject from cosinnus.utils.context_processors import cosinnus as cosinnus_context @@ -179,6 +180,12 @@ def cosinnus_logout(request, **kwargs): (this seems to only clear the value of the cookie and not completely delete it!). Will redirect to a "you have been logged out" page, that may perform additional JS queries or redirects to log out from other services. """ + if settings.COSINNUS_ROCKET_ENABLED: + user_rc_uid = request.COOKIES.get('rc_session_uid') + user_rc_token = request.COOKIES.get('rc_session_token') + if user_rc_uid and user_rc_token: + rocket = RocketChatConnection() + rocket.logout_user_session(user_rc_uid, user_rc_token) response = LogoutView.as_view(**kwargs)(request) # logout(request, **kwargs) if not request.user.is_authenticated: response.delete_cookie('wp_user_logged_in') diff --git a/cosinnus_message/conf.py b/cosinnus_message/conf.py index 7070f8235..e2593bf94 100644 --- a/cosinnus_message/conf.py +++ b/cosinnus_message/conf.py @@ -127,7 +127,16 @@ class Meta(object): # User Surveys 'NPS_survey_enabled': False, - + + # Custom login script copying the Rocketchat session cookies to the top level domain. This makes the cookies + # available in the logout view and is used to log out the user from the Rocketchat session. + 'Custom_Script_Logged_In': ''' + const rcUid = document.cookie.split("; ").find((row) => row.startsWith("rc_uid="))?.split("=")[1]; + const rcToken = document.cookie.split("; ").find((row) => row.startsWith("rc_token="))?.split("=")[1]; + document.cookie = 'rc_session_uid=' + rcUid + ';domain=%(COSINNUS_CHAT_SESSION_COOKIE_DOMAIN)s;path=/'; + document.cookie = 'rc_session_token=' + rcToken + ';domain=%(COSINNUS_CHAT_SESSION_COOKIE_DOMAIN)s;path=/'; + ''', + # TODO: this setting needs to be added, but under API url: # https://chat./api/v1/method.call/authorization:removeRoleFromPermission # 'authorization:removeRoleFromPermission': ["add-user-to-joined-room","moderator"], diff --git a/cosinnus_message/rocket_chat.py b/cosinnus_message/rocket_chat.py index c6cd00efd..2324e6bd9 100644 --- a/cosinnus_message/rocket_chat.py +++ b/cosinnus_message/rocket_chat.py @@ -1297,7 +1297,15 @@ def set_user_email_preference(self, user, preference): logger.error('RocketChat: set_user_email_preference did not receive a success response: ' + response.get('errorType', ''), extra={'response': response}) return False return True - + + def logout_user_session(self, user_id, user_token): + """ Logges out a user from an active session using the users user_id and auth_token """ + user_session_connection = RocketChat( + user_id=user_id, auth_token=user_token, server_url=settings.COSINNUS_CHAT_BASE_URL, + timeout=settings.COSINNUS_CHAT_USER_CONNECTION_TIMEOUT + ) + user_session_connection.logout() + def _get_user_connection(self, user): """ Returns a user-specific rocketchat connection for the given user, or None if this fails for any reason """