From 53061d150814cf5939d1d4dc165d8270ca764109 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 6 Dec 2021 13:20:18 +0300
Subject: [PATCH]  * add HOOK_POST_LOGOUT  * auth_remote: add config option
 AUTH_REMOTE_POST_LOGOUT_URL

---
 classes/handler/public.php   | 19 ++++++++++++++++++-
 classes/plugin.php           |  9 +++++++++
 classes/pluginhost.php       |  3 +++
 plugins/auth_remote/init.php | 19 ++++++++++++++++++-
 4 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/classes/handler/public.php b/classes/handler/public.php
index d0776f03c..3fef4c2b9 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -296,8 +296,25 @@ class Handler_Public extends Handler {
 
 	function logout(): void {
 		if (validate_csrf($_POST["csrf_token"])) {
+
+			$login = $_SESSION["name"];
+			$user_id = $_SESSION["uid"];
+
 			UserHelper::logout();
-			header("Location: index.php");
+
+			$redirect_url = "";
+
+			PluginHost::getInstance()->run_hooks_callback(PluginHost::HOOK_POST_LOGOUT,
+				function ($result) use (&$redirect_url) {
+					if (!empty($result[0]))
+						$redirect_url = UrlHelper::validate($result[0]);
+				},
+				$login, $user_id);
+
+			if (!$redirect_url)
+				$redirect_url = get_self_url_prefix() . "/index.php";
+
+			header("Location: " . $redirect_url);
 		} else {
 			header("Content-Type: text/json");
 			print Errors::to_json(Errors::E_UNAUTHORIZED);
diff --git a/classes/plugin.php b/classes/plugin.php
index 0a7d8fa95..be8376925 100644
--- a/classes/plugin.php
+++ b/classes/plugin.php
@@ -670,4 +670,13 @@ abstract class Plugin {
 
 		return false;
 	}
+
+	/** Invoked after user logout, may override built-in behavior (redirect back to login page)
+	 *  @param string $login
+	 *  @param int $user_id
+	 * @return array<mixed> - [0] - if set, url to redirect to
+	*/
+	function hook_post_logout($login, $user_id) {
+		return [""];
+	}
 }
diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index f89cc5c32..a3a389def 100755
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -195,6 +195,9 @@ class PluginHost {
 	/** @see Plugin::hook_pre_subscribe() */
 	const HOOK_PRE_SUBSCRIBE = "hook_pre_subscribe";
 
+	/** @see Plugin::hook_post_logout() */
+	const HOOK_POST_LOGOUT = "hook_post_logout";
+
 	const KIND_ALL = 1;
 	const KIND_SYSTEM = 2;
 	const KIND_USER = 3;
diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php
index 9c15d3368..3203d41fe 100644
--- a/plugins/auth_remote/init.php
+++ b/plugins/auth_remote/init.php
@@ -1,15 +1,26 @@
 <?php
 class Auth_Remote extends Auth_Base {
 
+	/** redirect user to this URL after logout; .env:
+	 * TTRSS_AUTH_REMOTE_POST_LOGOUT_URL=http://127.0.0.1/logout-redirect
+	 */
+	const AUTH_REMOTE_POST_LOGOUT_URL = "AUTH_REMOTE_POST_LOGOUT_URL";
+
 	function about() {
 		return array(null,
-			"Authenticates against remote password (e.g. supplied by Apache)",
+			"Authenticates against external passwords (HTTP Authentication, SSL certificates)",
 			"fox",
 			true);
 	}
 
 	function init($host) {
 		$host->add_hook($host::HOOK_AUTH_USER, $this);
+
+		Config::add(self::AUTH_REMOTE_POST_LOGOUT_URL, "", Config::T_STRING);
+
+		if (Config::get(self::AUTH_REMOTE_POST_LOGOUT_URL) != "") {
+			$host->add_hook($host::HOOK_POST_LOGOUT, $this);
+		}
 	}
 
 	function get_login_by_ssl_certificate() : string {
@@ -73,6 +84,12 @@ class Auth_Remote extends Auth_Base {
 		return false;
 	}
 
+	function hook_post_logout($login, $user_id) {
+		return [
+			Config::get(self::AUTH_REMOTE_POST_LOGOUT_URL)
+			];
+	}
+
 	function api_version() {
 		return 2;
 	}