Merge pull request #327 from watery/logout-new-user-2

jrivard · web-flow · commit 73d7b1bab9c7 · 2019-04-01T12:02:10.000-04:00
Logout new user (configuration option) - needs review
diff --git a/server/src/main/java/password/pwm/config/PwmSetting.java b/server/src/main/java/password/pwm/config/PwmSetting.java
@@ -840,6 +840,8 @@ public enum PwmSetting
             "newUser.writeAttributes", PwmSettingSyntax.ACTION, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_DELETE_ON_FAIL(
             "newUser.deleteOnFail", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.NEWUSER_PROFILE ),
+    NEWUSER_LOGOUT_AFTER_CREATION(
+            "newUser.logoutAfterCreation", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_USERNAME_DEFINITION(
             "newUser.username.definition", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.NEWUSER_PROFILE ),
     NEWUSER_EMAIL_VERIFICATION(
diff --git a/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java b/server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java
@@ -44,6 +44,7 @@
 import password.pwm.http.PwmSession;
 import password.pwm.http.PwmURL;
 import password.pwm.http.bean.NewUserBean;
+import password.pwm.http.filter.AuthenticationFilter;
 import password.pwm.http.servlet.AbstractPwmServlet;
 import password.pwm.http.servlet.ControlledPwmServlet;
 import password.pwm.http.servlet.PwmServletDefinition;
@@ -707,6 +708,25 @@ private ProcessStatus handleComplete(
         // -- process complete -- \\
         pwmRequest.getPwmApplication().getSessionStateService().clearBean( pwmRequest, NewUserBean.class );
 
+        if ( pwmRequest.isAuthenticated() )
+        {
+            final PwmSession pwmSession = pwmRequest.getPwmSession();
+
+            if ( AuthenticationFilter.forceRequiredRedirects( pwmRequest ) == ProcessStatus.Halt )
+            {
+                return ProcessStatus.Halt;
+            }
+
+        // log the user out if the current profiles states so
+        final boolean forceLogoutOnChange = newUserProfile.readSettingAsBoolean( PwmSetting.NEWUSER_LOGOUT_AFTER_CREATION );
+        if ( forceLogoutOnChange )
+            {
+                LOGGER.trace( pwmSession, "logging out user; account created" );
+                pwmRequest.sendRedirect( PwmServletDefinition.Logout );
+                return ProcessStatus.Halt;
+            }
+        }
+
         final String configuredRedirectUrl = newUserProfile.readSettingAsString( PwmSetting.NEWUSER_REDIRECT_URL );
         if ( !StringUtil.isEmpty( configuredRedirectUrl ) && StringUtil.isEmpty( pwmRequest.getPwmSession().getSessionStateBean().getForwardURL() ) )
         {
diff --git a/server/src/main/resources/password/pwm/config/PwmSetting.xml b/server/src/main/resources/password/pwm/config/PwmSetting.xml
@@ -2751,6 +2751,11 @@
             <value>true</value>
         </default>
     </setting>
+    <setting hidden="false" key="newUser.logoutAfterCreation" level="2">
+        <default>
+            <value>false</value>
+        </default>
+    </setting>
     <setting hidden="false" key="newUser.username.definition" level="1">
         <default>
             <value><![CDATA[@RandomChar:16:ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@]]></value>
diff --git a/server/src/main/resources/password/pwm/i18n/PwmSetting.properties b/server/src/main/resources/password/pwm/i18n/PwmSetting.properties
@@ -493,6 +493,7 @@ Setting_Description_newUser.deleteOnFail=Enable this option to have @PwmAppName@
 Setting_Description_newUser.email.verification=Enable this option to have @PwmAppName@ send an email to the new user's email address before it creates the account.  The new user must verify receipt of the email before @PwmAppName@ creates the account. All of your email settings must also be filled out before this will work. Testing the email settings should take place to verify that this email will be sent.
 Setting_Description_newUser.enable=Enable this option to allow @PwmAppName@ to display the new user registration.
 Setting_Description_newUser.form=Specify the New User form creation attributes and fields. This is used to determine what information will need to be filled in before submitting the new user form to create the new user.
+Setting_Description_newUser.logoutAfterCreation=Enable this option to force the new user to log out (and send him to the logoutURL) after the account has been created.<br/><br/>Leave this option disabled (default) to make @PwmAppName@ automatically login the new user.
 Setting_Description_newUser.minimumWaitTime=Specify a delay time during a new user creation. @PwmAppName@ delays the creation of the user for at least this amount of time before forwarding the user to the next activity.  <br/><br/>Specify the value in seconds.
 Setting_Description_newUser.passwordPolicy.user=Specify a valid LDAP user DN that @PwmAppName@ can use as a template for the new user password policy. If the value is the literal value "<b>TESTUSER</b>", @PwmAppName@ uses the configured test user's password policy as the policy for the new user prior to its actual creation in the LDAP directory.
 Setting_Description_newUser.profile.displayName=Specify the publicly viewable display name of this profile. This value will only be seen if the profile was enabled to be shown publicly.
@@ -1013,6 +1014,7 @@ Setting_Label_newUser.deleteOnFail=Delete On Creation Failure
 Setting_Label_newUser.email.verification=Enable New User Email Verification
 Setting_Label_newUser.enable=Enable New User Registration
 Setting_Label_newUser.form=New User Form
+Setting_Label_newUser.logoutAfterCreation=Logout After Creation
 Setting_Label_newUser.minimumWaitTime=New User Minimum Wait Time
 Setting_Label_newUser.passwordPolicy.user=Password Policy Template
 Setting_Label_newUser.profile.displayName=Profile Display Name
