Esempio n. 1
0
        /// <summary>
        /// Logs out the current user.
        /// </summary>
        /// <param name="ultimateLogout">Whether this should be an ultimate logout. If set to True, the user will be logged out from all clients.</param>
        public static void Logout(bool ultimateLogout = false)
        {
            var user = User.Current;
            var info = new CancellableLoginInfo {
                UserName = user.Username
            };

            LoginExtender.OnLoggingOut(info);

            if (info.Cancel)
            {
                return;
            }

            FormsAuthentication.SignOut();

            AccessTokenVault.DeleteTokensByUser(user.Id);

            SnLog.WriteAudit(AuditEvent.Logout,
                             new Dictionary <string, object>
            {
                { "UserName", user.Username },
                { "ClientAddress", RepositoryTools.GetClientIpAddress() }
            });

            LoginExtender.OnLoggedOut(new LoginInfo {
                UserName = user.Username
            });

            if (HttpContext.Current != null)
            {
                if (HttpContext.Current.Session != null)
                {
                    HttpContext.Current.Session.Abandon();
                }

                // remove session cookie
                var sessionCookie = new HttpCookie(GetSessionIdCookieName(), string.Empty)
                {
                    Expires = DateTime.UtcNow.AddDays(-1)
                };

                HttpContext.Current.Response.Cookies.Add(sessionCookie);

                // in case of ultimate logout saves the time on user
                if (ultimateLogout || Configuration.Security.DefaultUltimateLogout)
                {
                    using (new SystemAccount())
                    {
                        if (user is User userNode)
                        {
                            userNode.LastLoggedOut = DateTime.UtcNow;
                            userNode.Save(SavingMode.KeepVersion);
                        }
                    }
                }
            }
        }
Esempio n. 2
0
        public void AccessToken_Delete_ByUser()
        {
            var userId1      = 42;
            var userId2      = 43;
            var timeout      = TimeSpan.FromMinutes(10);
            var shortTimeout = TimeSpan.FromSeconds(1);
            var savedTokens  = new[]
            {
                AccessTokenVault.CreateToken(userId1, timeout),
                AccessTokenVault.CreateToken(userId1, shortTimeout),
                AccessTokenVault.CreateToken(userId2, timeout),
                AccessTokenVault.CreateToken(userId2, shortTimeout),
            };

            // ACTION
            Thread.Sleep(1100);
            AccessTokenVault.DeleteTokensByUser(userId1);

            // ASSERT
            Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[0].Id));
            Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[1].Id));
            Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[2].Id));
            Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[3].Id));
        }