🐛 FIX: Logout Issues

Fix logout button URL and issue where session could persist after logout
RB-7 and RB-6

app/Http/Controllers/BlocksController.php

@@ -10,7 +10,7 @@
 class BlocksController extends Controller
 {
     //
-    public function blockList()
+    public function blockList(Request $request)
     {
         /**
          * Load from Data API
@@ -24,14 +24,14 @@ public function blockList()
         );
 
         $user = $dataAPI->getUser(
-            session('username'),
+            $request->get('username'),
             $token
         );
 
         $data = array(
             'userData' => $user,
-            'username' => session('username'),
-            'logout'   => session('logout_url'),
+            'username' => $request->get('username'),
+            'logout'   => $request->get('logoutUrl'),
         );
 
         if (null !== $user && null !== $user['blocks'])
@@ -44,7 +44,7 @@ public function blockList()
         }
         else
         {
-            Log::info( 'User '. (null !== session('username') ? session('username') : '[NOT SET]') .' logged in, had no student record');
+            Log::info( 'User '. (null !== $request->get('username') ? $request->get('username') : '[NOT SET]') .' logged in, had no student record');
             return view('error/notStudent', $data);
         }
 

app/Http/Middleware/SimpleSAMLphp.php

@@ -29,15 +29,16 @@ public function handle($request, Closure $next)
              * Store Username and Auth Object in Session
              */
             $attributes = $auth->getAttributes();
-            session(['username' => $attributes[config('simplesamlphp.username')][0]]);
-            session(['logout_url' => $auth->getLogoutURL('https://www.bellevuecollege.edu')]);
+            $request->attributes->add(['username' => $attributes[config('simplesamlphp.username')][0]]);
+            $request->attributes->add(['logoutUrl' => $auth->getLogoutURL('https://www.bellevuecollege.edu')]);
+
         }
         else // Disable auth on test and local environments
         {
-            session(['username' => 't.test']); // Modify this username if needed
-            session(['logout_url' => 'https://www.bellevuecollege.edu']);
+            $request->attributes->add(['username' => 't.test']); // Modify this username if needed
+            $request->attributes->add(['logoutUrl' => 'https://www.bellevuecollege.edu']);
         }
 
         return $next($request);
     }
-}
+}

resources/views/error/notStudent.blade.php

@@ -2,8 +2,8 @@
 
 @section('content')
 <div class="alert alert-warning">
-    <h1>This is not a student account</h1>
-    <p>Registration block information is only available for Bellevue College students. You have logged in with a non-student account. <a href="" class="btn btn-default">Log out</a></p>
+    <h1>Error: Unable to retrieve student account</h1>
+    <p>Registration block information is only available for Bellevue College students. You may have logged in with a non-student account, or an error has occurred. <a href="{{ $logout }}" class="btn btn-default">Log out</a></p>
 </div>
 @endsection