From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 13 Aug 2015 21:52:37 +0000 (+0200)
Subject: Bug 1185240: Logging out while impersonating a user should also delete the sudo token
X-Git-Tag: release-5.1.1~195
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d8d27d21883d96bb66780f6418bbfd332dba9e7;p=thirdparty%2Fbugzilla.git

Bug 1185240: Logging out while impersonating a user should also delete the sudo token
r=dkl a=sgreen
---

diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 2d1291f3b9..877d1907e7 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -100,6 +100,8 @@ sub logout {
     if ($type == LOGOUT_ALL) {
         $dbh->do("DELETE FROM logincookies WHERE userid = ?",
                  undef, $user->id);
+        $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'",
+                 undef, $user->id);
         return;
     }
 
@@ -144,6 +146,8 @@ sub logout {
                  $dbh->sql_in('cookie', \@login_cookies) .
                  " AND userid = ?",
                  undef, $user->id);
+        my $token = $cgi->cookie('sudo');
+        delete_token($token);
     } else {
         die("Invalid type $type supplied to logout()");
     }