Prepare an XMLRPC logoff method. Rationale: XMLRPC is thought for

script, which typically should not store their authentication cookies on
disk. However: 1st: DW cannot tell if an external script is in this
respect well-behaved. 2nd: it does not hurt to provide means for a
voluntary log-out.

There are, BTW, two parts of authentication data: one is stored in the
cookie-storage of the client, and the other part is stored in the
session data of the DW instance on the server. This logoff call is
responsible for invalidating the credentials stored on the server,
regardless of any cookie data remaining (or being stolen) on the client
side.

1 files changed, 15 insertions, 0 deletions

diff --git a/inc/RemoteAPICore.php b/inc/RemoteAPICore.php
index 2eb8ea403..9607b5c89 100644
--- a/inc/RemoteAPICore.php
+++ b/inc/RemoteAPICore.php
@@ -24,6 +24,10 @@ class RemoteAPICore {
                 'return' => 'int',
                 'doc' => 'Tries to login with the given credentials and sets auth cookies.',
                 'public' => '1'
+            ), 'dokuwiki.logoff' => array(
+                'args' => array(),
+                'return' => 'int',
+                'doc' => 'Tries to logoff by expiring auth cookies and the associated PHP session.'
             ), 'dokuwiki.getPagelist' => array(
                 'args' => array('string', 'array'),
                 'return' => 'array',
@@ -767,6 +771,17 @@ class RemoteAPICore {
         return $ok;
     }
 
+    function logoff(){
+        global $conf;
+        global $auth;
+        if(!$conf['useacl']) return 0;
+        if(!$auth) return 0;
+        
+        auth_logoff();
+
+        return 1;
+    }
+
     private function resolvePageId($id) {
         $id = cleanID($id);
         if(empty($id)) {