mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-15 19:32:40 +01:00
472f316bbd
Summary: Ref T7153. I am not sure if this is 100% correct because sometimes you have to POST vs GET and I don't know if the redirect response will / can do the right thing? I think options to fix this would be to 1) restrict this functionality to JUST the Phabricator OAuth provider type or 2) something really fancy with an HTTP(S) future. The other rub right now is when you logout you get half auto-logged in again... Thoughts on that? Test Plan: setup my local instance to JUST have phabricator oauth available to login. was presented with the dialog automagically...! Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7153 Differential Revision: https://secure.phabricator.com/D11701
69 lines
1.8 KiB
PHP
69 lines
1.8 KiB
PHP
<?php
|
|
|
|
final class PhabricatorLogoutController
|
|
extends PhabricatorAuthController {
|
|
|
|
public function shouldRequireLogin() {
|
|
return true;
|
|
}
|
|
|
|
public function shouldRequireEmailVerification() {
|
|
// Allow unverified users to logout.
|
|
return false;
|
|
}
|
|
|
|
public function shouldRequireEnabledUser() {
|
|
// Allow disabled users to logout.
|
|
return false;
|
|
}
|
|
|
|
public function shouldAllowPartialSessions() {
|
|
return true;
|
|
}
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$request = $this->getRequest();
|
|
$user = $request->getUser();
|
|
|
|
if ($request->isFormPost()) {
|
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$user,
|
|
$user->getPHID(),
|
|
PhabricatorUserLog::ACTION_LOGOUT);
|
|
$log->save();
|
|
|
|
// Destroy the user's session in the database so logout works even if
|
|
// their cookies have some issues. We'll detect cookie issues when they
|
|
// try to login again and tell them to clear any junk.
|
|
$phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
|
|
if (strlen($phsid)) {
|
|
$session = id(new PhabricatorAuthSessionQuery())
|
|
->setViewer($user)
|
|
->withSessionKeys(array($phsid))
|
|
->executeOne();
|
|
if ($session) {
|
|
$session->delete();
|
|
}
|
|
}
|
|
$request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
|
|
|
|
return id(new AphrontRedirectResponse())
|
|
->setURI('/auth/loggedout/');
|
|
}
|
|
|
|
if ($user->getPHID()) {
|
|
$dialog = id(new AphrontDialogView())
|
|
->setUser($user)
|
|
->setTitle(pht('Log out of Phabricator?'))
|
|
->appendChild(pht('Are you sure you want to log out?'))
|
|
->addSubmitButton(pht('Logout'))
|
|
->addCancelButton('/');
|
|
|
|
return id(new AphrontDialogResponse())->setDialog($dialog);
|
|
}
|
|
|
|
return id(new AphrontRedirectResponse())->setURI('/');
|
|
}
|
|
|
|
}
|