From 4d8d27d21883d96bb66780f6418bbfd332dba9e7 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 13 Aug 2015 23:52:37 +0200
Subject: Bug 1185240: Logging out while impersonating a user should also
 delete the sudo token r=dkl a=sgreen

---
 Bugzilla/Auth/Persist/Cookie.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 2d1291f3b..877d1907e 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -100,6 +100,8 @@ sub logout {
     if ($type == LOGOUT_ALL) {
         $dbh->do("DELETE FROM logincookies WHERE userid = ?",
                  undef, $user->id);
+        $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'",
+                 undef, $user->id);
         return;
     }
 
@@ -144,6 +146,8 @@ sub logout {
                  $dbh->sql_in('cookie', \@login_cookies) .
                  " AND userid = ?",
                  undef, $user->id);
+        my $token = $cgi->cookie('sudo');
+        delete_token($token);
     } else {
         die("Invalid type $type supplied to logout()");
     }
-- 
cgit v1.2.3-24-g4f1b