Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi.

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

5 files changed, 18 insertions, 21 deletions

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 420bad16b..c533252d3 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -161,6 +161,7 @@ sub clear_browser_cookies {
     my $cgi = Bugzilla->cgi;
     $cgi->remove_cookie('Bugzilla_login');
     $cgi->remove_cookie('Bugzilla_logincookie');
+    $cgi->remove_cookie('sudo');
 }
 
 1;
diff --git a/index.cgi b/index.cgi
index 89880d163..660909452 100755
--- a/index.cgi
+++ b/index.cgi
@@ -38,12 +38,24 @@ use Bugzilla::Update;
 
 # Check whether or not the user is logged in
 my $user = Bugzilla->login(LOGIN_OPTIONAL);
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
+my $vars = {};
+
+# And log out the user if requested. We do this first so that nothing
+# else accidentally relies on the current login.
+if ($cgi->param('logout')) {
+    Bugzilla->logout();
+    $user = Bugzilla->user;
+    $vars->{'message'} = "logged_out";
+    # Make sure that templates or other code doesn't get confused about this.
+    $cgi->delete('logout');
+}
 
 ###############################################################################
 # Main Body Execution
 ###############################################################################
 
-my $cgi = Bugzilla->cgi;
 # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'.
 # This is required because the user may want to log in from here.
 if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne ''
@@ -52,9 +64,6 @@ if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne ''
     $cgi->require_https(Bugzilla->params->{'sslbase'});
 }
 
-my $template = Bugzilla->template;
-my $vars = {};
-
 # Return the appropriate HTTP response headers.
 print $cgi->header();
 
diff --git a/relogin.cgi b/relogin.cgi
index 9d30d7c11..a5cea5f91 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -37,7 +37,7 @@ use Date::Format;
 my $template = Bugzilla->template;
 my $cgi = Bugzilla->cgi;
 
-my $action = $cgi->param('action') || 'logout';
+my $action = $cgi->param('action');
 
 my $vars = {};
 my $target;
@@ -184,20 +184,6 @@ elsif ($action eq 'end-sudo') {
     $vars->{'message'} = 'sudo_ended';
     $target = 'global/message.html.tmpl';
 }
-# Log out the currently logged-in user (this used to be the only thing this did)
-elsif ($action eq 'logout') {
-    # We don't want to remove a random logincookie from the db, so
-    # call Bugzilla->login(). If we're logged in after this, then
-    # the logincookie must be correct
-    Bugzilla->login(LOGIN_OPTIONAL);
-
-    $cgi->remove_cookie('sudo');
-
-    Bugzilla->logout();
-
-    $vars->{'message'} = "logged_out";
-    $target = 'global/message.html.tmpl';
-}
 # No valid action found
 else {
     Bugzilla->login(LOGIN_OPTIONAL);
diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl
index 6f2c46f46..5c4e9d9a5 100644
--- a/template/en/default/global/common-links.html.tmpl
+++ b/template/en/default/global/common-links.html.tmpl
@@ -68,7 +68,7 @@
     <li>
       <span class="separator">| </span>
       [% IF user.authorizer.can_logout %]
-        <a href="relogin.cgi">Log&nbsp;out</a>
+        <a href="index.cgi?logout=1">Log&nbsp;out</a>
       [% ELSE %]
         Logged&nbsp;in&nbsp;as
       [% END %]
diff --git a/template/en/default/sidebar.xul.tmpl b/template/en/default/sidebar.xul.tmpl
index 8035c8298..3df943e5c 100644
--- a/template/en/default/sidebar.xul.tmpl
+++ b/template/en/default/sidebar.xul.tmpl
@@ -97,7 +97,8 @@ function normal_keypress_handler( aEvent ) {
       <text class="text-link" onclick="load_relative_url('sanitycheck.cgi')" value="sanity check"/>
   [%- END %]
   [%- IF user.authorizer.can_logout %]
-      <text class="text-link" onclick="load_relative_url('relogin.cgi')" value="log out [% user.login FILTER html %]"/>
+      <text class="text-link" onclick="load_relative_url('index.cgi?logout=1')"
+            value="log out [% user.login FILTER html %]"/>
   [%- END %]
       <separator class="thin"/>
   [%- IF user.showmybugslink %]