Commit a237ef9c authored by Vincent Pelletier's avatar Vincent Pelletier

WebSite_logout: Further reduce diff with erp5_core's logout.

parent bd1b6f9e
Pipeline #13215 failed with stage
in 0 seconds
......@@ -3,16 +3,28 @@
"""
from AccessControl import getSecurityManager
portal = context.getPortalObject()
user = getSecurityManager().getUser()
username = user.getId()
if username is not None:
portal.portal_sessions.manage_delObjects(
portal.Base_getAutoLogoutSessionKey(
username=username,
)
)
REQUEST = portal.REQUEST
if not portal.ERP5Site_isCookieAuthenticationTrustable(REQUEST):
# Prevent an attacker from logging-out users by tricking them into opening this script's URL (DoS).
return
if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie()
REQUEST.RESPONSE.expireCookie('__ac', path='/')
if getattr(portal.portal_skins, "erp5_oauth_google_login", None):
REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/')
if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None):
REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/')
# PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
getattr(
getSecurityManager().getUser(),
user,
'resetCredentials',
lambda **kw: None,
)(
......
......@@ -3,17 +3,28 @@
"""
from AccessControl import getSecurityManager
portal = context.getPortalObject()
REQUEST = context.REQUEST
user = getSecurityManager().getUser()
username = user.getId()
if username is not None:
portal.portal_sessions.manage_delObjects(
portal.Base_getAutoLogoutSessionKey(
username=username,
)
)
REQUEST = portal.REQUEST
if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie()
REQUEST.RESPONSE.expireCookie('__ac', path='/')
if getattr(portal.portal_skins, "erp5_oauth_google_login", None):
REQUEST.RESPONSE.expireCookie('__ac_google_hash', path='/')
if getattr(portal.portal_skins, "erp5_oauth_facebook_login", None):
REQUEST.RESPONSE.expireCookie('__ac_facebook_hash', path='/')
# PAS logout, if user is from a PAS user folder (which is the acquisition parent of the user)
getattr(
getSecurityManager().getUser(),
user,
'resetCredentials',
lambda **kw: None,
)(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment