summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2015-08-13 23:52:37 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2015-08-13 23:52:37 +0200
commit4d8d27d21883d96bb66780f6418bbfd332dba9e7 (patch)
tree1b0cc34c3114687271df5c00c640ee11f6cd9281 /Bugzilla/Auth
parent40dbd9de66f927d1f443ab0d43badf7e90082199 (diff)
downloadbugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.gz
bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.xz
Bug 1185240: Logging out while impersonating a user should also delete the sudo token
r=dkl a=sgreen
Diffstat (limited to 'Bugzilla/Auth')
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm4
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 2d1291f3b..877d1907e 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -100,6 +100,8 @@ sub logout {
if ($type == LOGOUT_ALL) {
$dbh->do("DELETE FROM logincookies WHERE userid = ?",
undef, $user->id);
+ $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'",
+ undef, $user->id);
return;
}
@@ -144,6 +146,8 @@ sub logout {
$dbh->sql_in('cookie', \@login_cookies) .
" AND userid = ?",
undef, $user->id);
+ my $token = $cgi->cookie('sudo');
+ delete_token($token);
} else {
die("Invalid type $type supplied to logout()");
}