Introduce ExternalSessionService.

module/VuFind/src/VuFind/Auth/Shibboleth.php

@@ -38,6 +38,7 @@
 use Laminas\Http\PhpEnvironment\Request;
 use VuFind\Auth\Shibboleth\ConfigurationLoaderInterface;
 use VuFind\Db\Entity\UserEntityInterface;
+use VuFind\Db\Service\ExternalSessionServiceInterface;
 use VuFind\Db\Service\UserCardServiceInterface;
 use VuFind\Db\Table\DbTableAwareInterface;
 use VuFind\Db\Table\DbTableAwareTrait;
@@ -407,8 +408,8 @@ protected function storeShibbolethSession($request)
             return;
         }
         $localSessionId = $this->sessionManager->getId();
-        $externalSession = $this->getDbTableManager()->get('ExternalSession');
-        $externalSession->addSessionMapping($localSessionId, $shibSessionId);
+        $this->getDbService(ExternalSessionServiceInterface::class)
+            ->addSessionMapping($localSessionId, $shibSessionId);
         $this->debug(
             "Cached Shibboleth session id '$shibSessionId' for local session"
             . " '$localSessionId'"

module/VuFind/src/VuFind/Auth/SimulatedSSO.php

@@ -30,7 +30,9 @@
 namespace VuFind\Auth;
 
 use Laminas\Http\PhpEnvironment\Request;
+use Laminas\Session\ManagerInterface;
 use VuFind\Db\Entity\UserEntityInterface;
+use VuFind\Db\Service\ExternalSessionServiceInterface;
 use VuFind\Exception\Auth as AuthException;
 
 use function is_array;
@@ -77,9 +79,14 @@ class SimulatedSSO extends AbstractBase
      * @param callable         $url              Session initiator URL callback
      * @param array            $config           Configuration settings
      * @param ILSAuthenticator $ilsAuthenticator ILS authenticator
+     * @param ManagerInterface $sessionManager   Session manager
      */
-    public function __construct($url, array $config, protected ILSAuthenticator $ilsAuthenticator)
-    {
+    public function __construct(
+        $url,
+        array $config,
+        protected ILSAuthenticator $ilsAuthenticator,
+        protected ManagerInterface $sessionManager
+    ) {
         $this->getSessionInitiatorCallback = $url;
         $this->simulatedSSOConfig = $config;
     }
@@ -128,6 +135,8 @@ public function authenticate($request)
             );
         }
 
+        $this->storeExternalSession();
+
         // Save and return the user object:
         $userService->persistEntity($user);
         return $user;
@@ -147,4 +156,18 @@ public function getSessionInitiator($target)
         $target .= (str_contains($target, '?') ? '&' : '?') . 'auth_method=SimulatedSSO';
         return ($this->getSessionInitiatorCallback)($target);
     }
+
+    /**
+     * Add session id mapping to external_session table for single logout support
+     *
+     * Using 'EXTERNAL_SESSION_ID' as the id -- for testing only.
+     *
+     * @return void
+     */
+    protected function storeExternalSession(): void
+    {
+        $localSessionId = $this->sessionManager->getId();
+        $this->getDbService(ExternalSessionServiceInterface::class)
+            ->addSessionMapping($localSessionId, 'EXTERNAL_SESSION_ID');
+    }
 }

module/VuFind/src/VuFind/Auth/SimulatedSSOFactory.php

@@ -79,6 +79,11 @@ public function __invoke(
             );
         };
         $config = $container->get(\VuFind\Config\PluginManager::class)->get('SimulatedSSO')->toArray();
-        return new $requestedName($getUrl, $config, $container->get(\VuFind\Auth\ILSAuthenticator::class));
+        return new $requestedName(
+            $getUrl,
+            $config,
+            $container->get(\VuFind\Auth\ILSAuthenticator::class),
+            $container->get(\Laminas\Session\SessionManager::class)
+        );
     }
 }

module/VuFind/src/VuFind/Controller/ShibbolethLogoutNotificationController.php

@@ -31,6 +31,7 @@
 
 use Laminas\ServiceManager\ServiceLocatorInterface;
 use Laminas\Stdlib\ResponseInterface as Response;
+use VuFind\Db\Service\ExternalSessionServiceInterface;
 
 use function extension_loaded;
 
@@ -115,15 +116,12 @@ public function postAction()
      */
     public function logoutNotification($sessionId)
     {
-        $table = $this->getTable('ExternalSession');
-        $row = $table->getByExternalSessionId(trim($sessionId));
-        if (empty($row)) {
-            return;
+        $row = $this->getDbService(ExternalSessionServiceInterface::class)->getByExternalSessionId(trim($sessionId));
+        if ($row) {
+            $sessionManager = $this->serviceLocator->get(\Laminas\Session\SessionManager::class);
+            $handler = $sessionManager->getSaveHandler();
+            $handler->destroy($row->getSessionId());
         }
-        $sessionManager = $this->serviceLocator
-            ->get(\Laminas\Session\SessionManager::class);
-        $handler = $sessionManager->getSaveHandler();
-        $handler->destroy($row['session_id']);
     }
 
     /**

module/VuFind/src/VuFind/Db/Service/AuthHashService.php

@@ -101,8 +101,7 @@ public function getLatestBySessionId(string $sessionId): ?AuthHashEntityInterfac
     }
 
     /**
-     * Delete expired records. Allows setting of 'from' and 'to' ID's so that rows
-     * can be deleted in small batches.
+     * Delete expired records. Allows setting a limit so that rows can be deleted in small batches.
      *
      * @param DateTime $dateLimit Date threshold of an "expired" record.
      * @param ?int     $limit     Maximum number of rows to delete or null for no limit.

module/VuFind/src/VuFind/Db/Service/ExternalSessionService.php

@@ -0,0 +1,120 @@
+<?php
+
+/**
+ * Database service for external_session table.
+ *
+ * PHP version 8
+ *
+ * Copyright (C) Villanova University 2024.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * @category VuFind
+ * @package  Database
+ * @author   Demian Katz <[email protected]>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     https://vufind.org/wiki/development:plugins:database_gateways Wiki
+ */
+
+namespace VuFind\Db\Service;
+
+use DateTime;
+use VuFind\Db\Entity\ExternalSessionEntityInterface;
+use VuFind\Db\Table\DbTableAwareInterface;
+use VuFind\Db\Table\DbTableAwareTrait;
+
+/**
+ * Database service for external_session table.
+ *
+ * @category VuFind
+ * @package  Database
+ * @author   Demian Katz <[email protected]>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     https://vufind.org/wiki/development:plugins:database_gateways Wiki
+ */
+class ExternalSessionService extends AbstractDbService implements
+    ExternalSessionServiceInterface,
+    Feature\DeleteExpiredInterface,
+    DbTableAwareInterface
+{
+    use DbTableAwareTrait;
+
+    /**
+     * Create a new external session entity.
+     *
+     * @return ExternalSessionEntityInterface
+     */
+    public function createEntity(): ExternalSessionEntityInterface
+    {
+        return $this->getDbTable('ExternalSession')->createRow();
+    }
+
+    /**
+     * Add a mapping between local and external session id's; return the newly-created entity.
+     *
+     * @param string $localSessionId    Local (VuFind) session id
+     * @param string $externalSessionId External session id
+     *
+     * @return ExternalSessionEntityInterface
+     */
+    public function addSessionMapping(
+        string $localSessionId,
+        string $externalSessionId
+    ): ExternalSessionEntityInterface {
+        $this->destroySession($localSessionId);
+        $row = $this->createEntity()
+            ->setSessionId($localSessionId)
+            ->setExternalSessionId($externalSessionId)
+            ->setCreated(new DateTime());
+        $this->persistEntity($row);
+        return $row;
+    }
+
+    /**
+     * Retrieve an object from the database based on an external session ID
+     *
+     * @param string $sid External session ID to retrieve
+     *
+     * @return ?ExternalSessionEntityInterface
+     */
+    public function getByExternalSessionId(string $sid): ?ExternalSessionEntityInterface
+    {
+        return $this->getDbTable('ExternalSession')->select(['external_session_id' => $sid])->current();
+    }
+
+    /**
+     * Destroy data for the given session ID.
+     *
+     * @param string $sid Session ID to erase
+     *
+     * @return void
+     */
+    public function destroySession(string $sid): void
+    {
+        $this->getDbTable('ExternalSession')->delete(['session_id' => $sid]);
+    }
+
+    /**
+     * Delete expired records. Allows setting a limit so that rows can be deleted in small batches.
+     *
+     * @param DateTime $dateLimit Date threshold of an "expired" record.
+     * @param ?int     $limit     Maximum number of rows to delete or null for no limit.
+     *
+     * @return int Number of rows deleted
+     */
+    public function deleteExpired(DateTime $dateLimit, ?int $limit = null): int
+    {
+        return $this->getDbTable('ExternalSession')->deleteExpired($dateLimit->format('Y-m-d H:i:s'), $limit);
+    }
+}

module/VuFind/src/VuFind/Db/Service/ExternalSessionServiceInterface.php

@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * Database service for external_session table.
+ *
+ * PHP version 8
+ *
+ * Copyright (C) Villanova University 2024.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * @category VuFind
+ * @package  Database
+ * @author   Demian Katz <[email protected]>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     https://vufind.org/wiki/development:plugins:database_gateways Wiki
+ */
+
+namespace VuFind\Db\Service;
+
+use VuFind\Db\Entity\ExternalSessionEntityInterface;
+
+/**
+ * Database service for external_session table.
+ *
+ * @category VuFind
+ * @package  Database
+ * @author   Demian Katz <[email protected]>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     https://vufind.org/wiki/development:plugins:database_gateways Wiki
+ */
+interface ExternalSessionServiceInterface extends DbServiceInterface
+{
+    /**
+     * Create a new external session entity.
+     *
+     * @return ExternalSessionEntityInterface
+     */
+    public function createEntity(): ExternalSessionEntityInterface;
+
+    /**
+     * Add a mapping between local and external session id's; return the newly-created entity.
+     *
+     * @param string $localSessionId    Local (VuFind) session id
+     * @param string $externalSessionId External session id
+     *
+     * @return ExternalSessionEntityInterface
+     */
+    public function addSessionMapping(
+        string $localSessionId,
+        string $externalSessionId
+    ): ExternalSessionEntityInterface;
+
+    /**
+     * Retrieve an object from the database based on an external session ID
+     *
+     * @param string $sid External session ID to retrieve
+     *
+     * @return ?ExternalSessionEntityInterface
+     */
+    public function getByExternalSessionId(string $sid): ?ExternalSessionEntityInterface;
+
+    /**
+     * Destroy data for the given session ID.
+     *
+     * @param string $sid Session ID to erase
+     *
+     * @return void
+     */
+    public function destroySession(string $sid): void;
+}

module/VuFind/src/VuFind/Db/Service/Feature/DeleteExpiredInterface.php

@@ -45,8 +45,7 @@
 interface DeleteExpiredInterface
 {
     /**
-     * Delete expired records. Allows setting of 'from' and 'to' ID's so that rows
-     * can be deleted in small batches.
+     * Delete expired records. Allows setting a limit so that rows can be deleted in small batches.
      *
      * @param DateTime $dateLimit Date threshold of an "expired" record.
      * @param ?int     $limit     Maximum number of rows to delete or null for no limit.

module/VuFind/src/VuFind/Db/Service/PluginManager.php

@@ -52,6 +52,7 @@ class PluginManager extends \VuFind\ServiceManager\AbstractPluginManager
         AuthHashServiceInterface::class => AuthHashService::class,
         ChangeTrackerServiceInterface::class => ChangeTrackerService::class,
         CommentsServiceInterface::class => CommentsService::class,
+        ExternalSessionServiceInterface::class => ExternalSessionService::class,
         FeedbackServiceInterface::class => FeedbackService::class,
         LoginTokenServiceInterface::class => LoginTokenService::class,
         OaiResumptionServiceInterface::class => OaiResumptionService::class,
@@ -79,6 +80,7 @@ class PluginManager extends \VuFind\ServiceManager\AbstractPluginManager
         AuthHashService::class => AbstractDbServiceFactory::class,
         ChangeTrackerService::class => AbstractDbServiceFactory::class,
         CommentsService::class => AbstractDbServiceFactory::class,
+        ExternalSessionService::class => AbstractDbServiceFactory::class,
         FeedbackService::class => AbstractDbServiceFactory::class,
         LoginTokenService::class => AbstractDbServiceFactory::class,
         OaiResumptionService::class => AbstractDbServiceFactory::class,