From 684116d77c83029b1dc95ede21a59a6f4f8114c7 Mon Sep 17 00:00:00 2001 From: Claus-Justus Heine Date: Sun, 24 Nov 2013 01:40:51 +0100 Subject: Prepare an XMLRPC logoff method. Rationale: XMLRPC is thought for script, which typically should not store their authentication cookies on disk. However: 1st: DW cannot tell if an external script is in this respect well-behaved. 2nd: it does not hurt to provide means for a voluntary log-out. There are, BTW, two parts of authentication data: one is stored in the cookie-storage of the client, and the other part is stored in the session data of the DW instance on the server. This logoff call is responsible for invalidating the credentials stored on the server, regardless of any cookie data remaining (or being stolen) on the client side. --- inc/RemoteAPICore.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'inc') diff --git a/inc/RemoteAPICore.php b/inc/RemoteAPICore.php index 2eb8ea403..9607b5c89 100644 --- a/inc/RemoteAPICore.php +++ b/inc/RemoteAPICore.php @@ -24,6 +24,10 @@ class RemoteAPICore { 'return' => 'int', 'doc' => 'Tries to login with the given credentials and sets auth cookies.', 'public' => '1' + ), 'dokuwiki.logoff' => array( + 'args' => array(), + 'return' => 'int', + 'doc' => 'Tries to logoff by expiring auth cookies and the associated PHP session.' ), 'dokuwiki.getPagelist' => array( 'args' => array('string', 'array'), 'return' => 'array', @@ -767,6 +771,17 @@ class RemoteAPICore { return $ok; } + function logoff(){ + global $conf; + global $auth; + if(!$conf['useacl']) return 0; + if(!$auth) return 0; + + auth_logoff(); + + return 1; + } + private function resolvePageId($id) { $id = cleanID($id); if(empty($id)) { -- cgit v1.2.3