Issue #1389: Add logout capability. Create "auth" feature in CheckMod…

…ules.

Kernel/System/Auth.pm

@@ -393,6 +393,22 @@ sub PostAuth {
     return $Self->{AuthBackend}->PostAuth( %Param );
 }
 
+=head2 Logout()
+
+Call the Logout method of the AuthBackend
+
+    my $LogoutInfo = $AuthObject->Logout();
+
+=cut
+
+sub Logout {
+    my ( $Self, %Param ) = @_;
+
+    return if !$Self->{AuthBackend}->can('Logout');
+
+    return $Self->{AuthBackend}->Logout( %Param );
+}
+
 =head2 GetLastErrorMessage()
 
 Retrieve $Self->{LastErrorMessage} content.

Kernel/System/Auth/OpenIDConnect.pm

@@ -402,6 +402,23 @@ sub PostAuth {
     };
 }
 
+sub Logout {
+    my ( $Self, %Param ) = @_;
+
+    my $OpenIDConfig        = $Kernel::OM->Get('Kernel::Config')->Get('AuthModule::OpenIDConnect::Config');
+    my $OpenIDConnectObject = $Kernel::OM->Get('Kernel::System::OpenIDConnect');
+
+    my $LogoutURL = $OpenIDConnectObject->GetLogoutURL(
+        ProviderSettings  => $OpenIDConfig->{ProviderSettings},
+    );
+
+    return if !$LogoutURL;
+
+    return {
+        LogoutURL => $LogoutURL,
+    };
+}
+
 sub _ExtractMap {
     my ( $Self, %Param ) = @_;
     my %Return = ();

Kernel/System/OpenIDConnect.pm

@@ -471,6 +471,55 @@ sub DecodeIDToken {
     return;
 }
 
+=head2 GetLogoutURL()
+
+Return the logout url of the OpenID provider
+
+    my $RedirectURL = OpenIDConnectObject->GetLogoutURL(
+        ProviderSettings => $OpenIDConfig->{ProviderSettings},
+    );
+
+=cut
+
+sub GetLogoutURL {
+    my ( $Self, %Param ) = @_;
+
+    for my $Needed ( qw/ProviderSettings/ ) {
+        if ( !$Param{ $Needed } ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Needed!",
+            );
+
+	        return;
+        }
+    }
+
+    my $ProviderKey = 'ProviderData' . ( $Param{ProviderSettings}{Name} // '' );
+    my $OpenIDProviderData = $Self->{OpenIDProviderData}{ $ProviderKey } // $Kernel::OM->Get('Kernel::System::Cache')->Get(
+        Type => 'OpenIDConnect',
+        Key  => $ProviderKey,
+    );
+
+    # if nothing is cached, get the data
+    if ( !$OpenIDProviderData ) {
+        $OpenIDProviderData = $Self->_ProviderDataGet(
+            ProviderSettings => $Param{ProviderSettings},
+        );
+    }
+
+    if ( !$OpenIDProviderData->{OpenIDConfiguration} ) {
+        $Kernel::OM->Get('Kernel::System::Log')->Log(
+            Priority => 'error',
+            Message  => "Could not retrieve OpenIDConfiguration!",
+        );
+
+        return;
+    }
+
+    return $OpenIDProviderData->{OpenIDConfiguration}{end_session_endpoint};
+}
+
 sub _ProviderDataGet {
     my ( $Self, %Param ) = @_;
 

Kernel/System/Web/InterfaceAgent.pm

@@ -682,6 +682,14 @@ sub Content {    ## no critic qw(Subroutines::RequireFinalReturn)
             );    # throws a Kernel::System::Web::Exception
         }
 
+        # try auth module specific logout
+        my $LogoutInfo = $Kernel::OM->Get('Kernel::System::Auth')->Logout();
+        if ( $LogoutInfo && $LogoutInfo->{LogoutURL} ) {
+            $LayoutObject->Redirect(
+                ExtURL => $LogoutInfo->{LogoutURL},
+            );    # throws a Kernel::System::Web::Exception
+        }
+
         # show logout screen
         return $LayoutObject->Login(
             Title       => 'Logout',

bin/otobo.CheckModules.pl

@@ -908,10 +908,10 @@ =head1 DESCRIPTION
         },
     },
 
-    # Feature div
+    # Feature auth
     {
         Module          => 'Crypt::JWT',
-        Features        => ['div:openidconnect'],
+        Features        => ['auth:openidconnect'],
         Comment         => 'Required for authentication via OpenIDConnect.',
         InstTypes       => {
             aptget => undef,
@@ -920,6 +920,8 @@ =head1 DESCRIPTION
             ports  => undef,
         },
     },
+
+    # Feature div
     {
         Module          => 'Encode::HanExtra',
         VersionRequired => '0.23',