From 170f17696db6959b4d2c03b8bb0ed446eab10328 Mon Sep 17 00:00:00 2001 Message-Id: <170f17696db6959b4d2c03b8bb0ed446eab10328.1715597344.git.mdw@distorted.org.uk> From: Mark Wooding Date: Sat, 30 Mar 2013 14:55:12 +0000 Subject: [PATCH] httpauth.py, cmd-cgi.py, list.fhtml: Implement explicit logout action. Organization: Straylight/Edgeware From: Mark Wooding --- cmd-cgi.py | 7 +++++++ httpauth.py | 4 ++++ list.fhtml | 8 ++++++++ 3 files changed, 19 insertions(+) diff --git a/cmd-cgi.py b/cmd-cgi.py index 6dc59ee..63253b7 100644 --- a/cmd-cgi.py +++ b/cmd-cgi.py @@ -85,6 +85,13 @@ def cmd_reset_cgi(services = []): def cmd_clear_cgi(services = []): operate('clear passwords', 'clear', services) +@CGI.subcommand( + 'logout', ['cgi'], + 'Log out of the web interface.') +def cmd_logout_cgi(): + CGI.redirect(CGI.action('login', why = 'LOGOUT'), + set_cookie = HA.bake_cookie('logged-out')) + @CGI.subcommand( 'fail', ['cgi-noauth'], 'Raise an exception, to test the error reporting machinery.', diff --git a/httpauth.py b/httpauth.py index 4a41e4f..13ba0d1 100644 --- a/httpauth.py +++ b/httpauth.py @@ -175,6 +175,7 @@ LOGIN_REASONS = { 'EXPIRED': 'session timed out', 'BADTAG': 'incorrect tag', 'NOUSER': 'unknown user name', + 'LOGOUT': 'explicitly logged out', None: None } @@ -201,6 +202,9 @@ def check_auth(token, nonce = None): global NONCE + ## If the token has been explicitly clobbered, then we're logged out. + if token == 'logged-out': raise AuthenticationFailed, 'LOGOUT' + ## Parse the token. bits = token.split('.', 3) if len(bits) != 4: raise AuthenticationFailed, 'BADTOKEN' diff --git a/list.fhtml b/list.fhtml index 735f63c..0fb5faf 100644 --- a/list.fhtml +++ b/list.fhtml @@ -128,4 +128,12 @@ +

Log out of Chopwood

+ +
+ + + +
+ ~1[~]~ -- [mdw]