Bug 1185240: Logging out while impersonating a user should also delete the sudo token

r=dkl a=sgreen
author: Frédéric Buclin <LpSolit@gmail.com> 2015-08-13 23:52:37 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2015-08-13 23:52:37 +0200
commit: 4d8d27d21883d96bb66780f6418bbfd332dba9e7 (patch)
tree: 1b0cc34c3114687271df5c00c640ee11f6cd9281 /Bugzilla
parent: 40dbd9de66f927d1f443ab0d43badf7e90082199 (diff)
download: bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.gz
bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 2d1291f3b..877d1907e 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -100,6 +100,8 @@ sub logout {
     if ($type == LOGOUT_ALL) {
         $dbh->do("DELETE FROM logincookies WHERE userid = ?",
                  undef, $user->id);
+        $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'",
+                 undef, $user->id);
         return;
     }
 
@@ -144,6 +146,8 @@ sub logout {
                  $dbh->sql_in('cookie', \@login_cookies) .
                  " AND userid = ?",
                  undef, $user->id);
+        my $token = $cgi->cookie('sudo');
+        delete_token($token);
     } else {
         die("Invalid type $type supplied to logout()");
     }
author	Frédéric Buclin <LpSolit@gmail.com>	2015-08-13 23:52:37 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2015-08-13 23:52:37 +0200
commit	4d8d27d21883d96bb66780f6418bbfd332dba9e7 (patch)
tree	1b0cc34c3114687271df5c00c640ee11f6cd9281 /Bugzilla
parent	40dbd9de66f927d1f443ab0d43badf7e90082199 (diff)
download	bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.gz bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.xz