Commit f3719181 authored by Vincent Pelletier's avatar Vincent Pelletier

WebSite_logout: Catch up with erp5_xhtml_style's logout.

parent c27f19d0
""" """
Default logout handler, overwritten to give website specific portal status message. Default logout handler, overwritten to give website specific portal status message.
""" """
website = context.getWebSiteValue() from AccessControl import getSecurityManager
REQUEST = context.REQUEST portal = context.getPortalObject()
REQUEST = portal.REQUEST
if not portal.ERP5Site_isCookieAuthenticationTrustable(REQUEST):
# Prevent an attacker from logging-out users by tricking them into opening this script's URL (DoS).
return
if REQUEST.has_key('portal_skin'): if REQUEST.has_key('portal_skin'):
context.portal_skins.clearSkinCookie() portal.portal_skins.clearSkinCookie()
REQUEST.RESPONSE.expireCookie('__ac', path='/') REQUEST.RESPONSE.expireCookie('__ac', path='/')
msg = context.Base_translateString('You have been logged out. Thank you for using this website.') # PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
return website.Base_redirect(form_id, keep_items = {'portal_status_message' : msg}, **kw) getattr(
getSecurityManager().getUser(),
'resetCredentials',
lambda **kw: None,
)(
request=REQUEST,
response=REQUEST.RESPONSE,
)
context.getWebSiteValue().Base_redirect(
form_id,
keep_items={
'portal_status_message': context.Base_translateString('You have been logged out. Thank you for using this website.'),
},
**kw
)
""" """
Default logout handler, overwritten to give website specific portal status message. Default logout handler, overwritten to give website specific portal status message.
""" """
from AccessControl import getSecurityManager
portal = context.getPortalObject() portal = context.getPortalObject()
REQUEST = context.REQUEST REQUEST = context.REQUEST
if REQUEST.has_key('portal_skin'): if REQUEST.has_key('portal_skin'):
...@@ -10,6 +11,15 @@ if getattr(portal.portal_skins, "erp5_oauth_google_login", None): ...@@ -10,6 +11,15 @@ if getattr(portal.portal_skins, "erp5_oauth_google_login", None):
REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/') REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/')
if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None): if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None):
REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/') REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/')
# PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
getattr(
getSecurityManager().getUser(),
'resetCredentials',
lambda **kw: None,
)(
request=REQUEST,
response=REQUEST.RESPONSE,
)
REQUEST.RESPONSE.setHeader('Location', came_from or context.getPermanentURL(context)) REQUEST.RESPONSE.setHeader('Location', came_from or context.getPermanentURL(context))
REQUEST.RESPONSE.setStatus(303) REQUEST.RESPONSE.setStatus(303)
# REQUEST.RESPONSE.redirect(came_from or context.getPermanentURL(context)); # REQUEST.RESPONSE.redirect(came_from or context.getPermanentURL(context));
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment