Optionally force user logout after account creation

watery · watery · commit 6f20dfc457c3 · 2018-03-27T11:35:33.000+02:00
diff --git a/server/src/main/java/password/pwm/config/PwmSetting.java b/server/src/main/java/password/pwm/config/PwmSetting.java
@@ -815,6 +815,8 @@ public enum PwmSetting
             "newUser.writeAttributes", PwmSettingSyntax.ACTION, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_DELETE_ON_FAIL(
             "newUser.deleteOnFail", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.NEWUSER_PROFILE ),
+    NEWUSER_LOGOUT_AFTER_CREATION(
+            "newUser.logoutAfterCreation", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_USERNAME_DEFINITION(
             "newUser.username.definition", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_EMAIL_VERIFICATION(
diff --git a/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java b/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java
@@ -44,6 +44,7 @@
 import password.pwm.http.PwmSession;
 import password.pwm.http.PwmURL;
 import password.pwm.http.bean.NewUserBean;
+import password.pwm.http.filter.AuthenticationFilter;
 import password.pwm.http.servlet.AbstractPwmServlet;
 import password.pwm.http.servlet.ControlledPwmServlet;
 import password.pwm.http.servlet.PwmServletDefinition;
@@ -693,6 +694,25 @@ private ProcessStatus handleComplete(
         // -- process complete -- \\
         pwmRequest.getPwmApplication().getSessionStateService().clearBean( pwmRequest, NewUserBean.class );
 
+        if ( pwmRequest.isAuthenticated() )
+        {
+            final PwmSession pwmSession = pwmRequest.getPwmSession();
+
+            if ( AuthenticationFilter.forceRequiredRedirects( pwmRequest ) == ProcessStatus.Halt )
+            {
+                return ProcessStatus.Halt;
+            }
+
+        // log the user out if the current profiles states so
+        final boolean forceLogoutOnChange = newUserProfile.readSettingAsBoolean( PwmSetting.NEWUSER_LOGOUT_AFTER_CREATION );
+        if ( forceLogoutOnChange )
+            {
+                LOGGER.trace( pwmSession, "logging out user; account created" );
+                pwmRequest.sendRedirect( PwmServletDefinition.Logout );
+                return ProcessStatus.Halt;
+            }
+        }
+
         final String configuredRedirectUrl = newUserProfile.readSettingAsString( PwmSetting.NEWUSER_REDIRECT_URL );
         if ( !StringUtil.isEmpty( configuredRedirectUrl ) && StringUtil.isEmpty( pwmRequest.getPwmSession().getSessionStateBean().getForwardURL() ) )
         {
diff --git a/server/src/main/resources/password/pwm/config/PwmSetting.xml b/server/src/main/resources/password/pwm/config/PwmSetting.xml
@@ -2722,6 +2722,11 @@
             <value>true</value>
         </default>
     </setting>
+    <setting hidden="false" key="newUser.logoutAfterCreation" level="2">
+        <default>
+            <value>false</value>
+        </default>
+    </setting>
     <setting hidden="false" key="newUser.username.definition" level="1">
         <default>
             <value><![CDATA[@RandomChar:16:ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@]]></value>
diff --git a/server/src/main/resources/password/pwm/i18n/PwmSetting.properties b/server/src/main/resources/password/pwm/i18n/PwmSetting.properties
@@ -481,6 +481,7 @@ Setting_Description_newUser.deleteOnFail=Enable this option to have @PwmAppName@
 Setting_Description_newUser.email.verification=Enable this option to have @PwmAppName@ send an email to the new user's email address before it creates the account.  The new user must verify receipt of the email before @PwmAppName@ creates the account. All of your email settings must also be filled out before this will work. Testing the email settings should take place to verify that this email will be sent.
 Setting_Description_newUser.enable=Enable this option to allow @PwmAppName@ to display the new user registration.
 Setting_Description_newUser.form=Specify the New User form creation attributes and fields. This is used to determine what information will need to be filled in before submitting the new user form to create the new user.
+Setting_Description_newUser.logoutAfterCreation=Enable this option to force the new user to log out (and send him to the logoutURL) after the account has been created.<br/><br/>Leave this option disabled (default) to make @PwmAppName@ automatically login the new user.
 Setting_Description_newUser.minimumWaitTime=Specify a delay time during a new user creation. @PwmAppName@ delays the creation of the user for at least this amount of time before forwarding the user to the next activity.  <br/><br/>Specify the value in seconds.
 Setting_Description_newUser.passwordPolicy.user=Specify the user @PwmAppName@ uses as a template for the new user password policy. If the value is <i>TESTUSER</i>, @PwmAppName@ uses the configured test user's password policy. The <i>TESTUSER</i> was entered at installation time.
 Setting_Description_newUser.profile.displayName=Specify the publicly viewable display name of this profile. This value will only be seen if the profile was enabled to be shown publicly.
@@ -977,6 +978,7 @@ Setting_Label_newUser.deleteOnFail=Delete On Creation Failure
 Setting_Label_newUser.email.verification=Enable New User Email Verification
 Setting_Label_newUser.enable=Enable New User Registration
 Setting_Label_newUser.form=New User Form
+Setting_Label_newUser.logoutAfterCreation=Logout After Creation
 Setting_Label_newUser.minimumWaitTime=New User Minimum Wait Time
 Setting_Label_newUser.passwordPolicy.user=Password Policy Template
 Setting_Label_newUser.profile.displayName=Profile Display Name
