Commit a237ef9c authored by Vincent Pelletier's avatar Vincent Pelletier

WebSite_logout: Further reduce diff with erp5_core's logout.

parent bd1b6f9e
...@@ -3,16 +3,28 @@ ...@@ -3,16 +3,28 @@
""" """
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
portal = context.getPortalObject() portal = context.getPortalObject()
user = getSecurityManager().getUser()
username = user.getId()
if username is not None:
portal.portal_sessions.manage_delObjects(
portal.Base_getAutoLogoutSessionKey(
username=username,
)
)
REQUEST = portal.REQUEST REQUEST = portal.REQUEST
if not portal.ERP5Site_isCookieAuthenticationTrustable(REQUEST):
# Prevent an attacker from logging-out users by tricking them into opening this script's URL (DoS).
return
if REQUEST.has_key('portal_skin'): if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie() portal.portal_skins.clearSkinCookie()
REQUEST.RESPONSE.expireCookie('__ac', path='/') REQUEST.RESPONSE.expireCookie('__ac', path='/')
if getattr(portal.portal_skins, "erp5_oauth_google_login", None):
REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/')
if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None):
REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/')
# PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user) # PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
getattr( getattr(
getSecurityManager().getUser(), user,
'resetCredentials', 'resetCredentials',
lambda **kw: None, lambda **kw: None,
)( )(
......
...@@ -3,17 +3,28 @@ ...@@ -3,17 +3,28 @@
""" """
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
portal = context.getPortalObject() portal = context.getPortalObject()
REQUEST = context.REQUEST user = getSecurityManager().getUser()
username = user.getId()
if username is not None:
portal.portal_sessions.manage_delObjects(
portal.Base_getAutoLogoutSessionKey(
username=username,
)
)
REQUEST = portal.REQUEST
if REQUEST.has_key('portal_skin'): if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie() portal.portal_skins.clearSkinCookie()
REQUEST.RESPONSE.expireCookie('__ac', path='/') REQUEST.RESPONSE.expireCookie('__ac', path='/')
if getattr(portal.portal_skins, "erp5_oauth_google_login", None): if getattr(portal.portal_skins, "erp5_oauth_google_login", None):
REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/') REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/')
if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None): if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None):
REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/') REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/')
# PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user) # PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
getattr( getattr(
getSecurityManager().getUser(), user,
'resetCredentials', 'resetCredentials',
lambda **kw: None, lambda **kw: None,
)( )(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment