Bug 1185240: Logging out while impersonating a user should also delete the sudo token

r=dkl a=sgreen

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 2d1291f3b90c32d9bde6906d978f6b21d7694ef3..877d1907e7c966767c365d7a7e6763d1f589282f 100644 (file)
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -100,6 +100,8 @@ sub logout {
     if ($type == LOGOUT_ALL) {
         $dbh->do("DELETE FROM logincookies WHERE userid = ?",
                  undef, $user->id);
+        $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'",
+                 undef, $user->id);
         return;
     }
 
@@ -144,6 +146,8 @@ sub logout {
                  $dbh->sql_in('cookie', \@login_cookies) .
                  " AND userid = ?",
                  undef, $user->id);
+        my $token = $cgi->cookie('sudo');
+        delete_token($token);
     } else {
         die("Invalid type $type supplied to logout()");
     }