From cfc22fd3235fd19566152ed9eb4280f58f9926c6 Mon Sep 17 00:00:00 2001
From: "kiko%async.com.br" <>
Date: Thu, 27 Nov 2003 09:00:59 +0000
Subject: Bug 226324: Move relogin.cgi code to Bugzilla::Auth::CGI. Provide a
 logout() method that is proxied through Bugzilla.pm's logout(), and fix
 callers to use it.  r=justdave, bbaetz, a=justdave

---
 Bugzilla/Auth/CGI.pm | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth/CGI.pm b/Bugzilla/Auth/CGI.pm
index e223c9fee..afbf98b27 100644
--- a/Bugzilla/Auth/CGI.pm
+++ b/Bugzilla/Auth/CGI.pm
@@ -177,6 +177,28 @@ sub login {
 
 }
 
+sub logout {
+    my ($class, $user) = @_;
+
+    if ($user) {
+        # Even though we know the userid must match, we still check it in the
+        # SQL as a sanity check, since there is no locking here, and if
+        # the user logged out from two machines simulataniously, while someone
+        # else logged in and got the same cookie, we could be logging the
+        # other user out here. Yes, this is very very very unlikely, but why
+        # take chances? - bbaetz
+        my $dbh = Bugzilla->dbh;
+        $dbh->do("DELETE FROM logincookies WHERE cookie = ? AND userid = ?",
+                 undef, $::COOKIE{"Bugzilla_logincookie"}, $user->id);
+    }
+
+    my $cgi = Bugzilla->cgi;
+    $cgi->send_cookie(-name => "Bugzilla_login",
+                      -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
+    $cgi->send_cookie(-name => "Bugzilla_logincookie",
+                      -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
+}
+
 1;
 
 __END__
@@ -188,7 +210,7 @@ Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
 =head1 SUMMARY
 
 This is a L<login module|Bugzilla::Auth/"LOGIN"> for Bugzilla. Users connecting
-from a CGI script use this module to authenticate.
+from a CGI script use this module to authenticate. Logouts are also handled here.
 
 =head1 BEHAVIOUR
 
@@ -198,6 +220,9 @@ using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
 If no data is present for that, then cookies are tried, using
 L<Bugzilla::Auth::Cookie>.
 
+When a logout is performed, we take care of removing the relevant
+logincookie database entry and effectively deleting the client cookie.
+
 =head1 SEE ALSO
 
 L<Bugzilla::Auth>
-- 
cgit v1.2.3-24-g4f1b