Page MenuHomePhabricator

Don't require users be logged in to access the Logout controller, so users with no Spaces can log out
ClosedPublic

Authored by epriestley on Jun 13 2019, 11:59 PM.
Tags
None
Referenced Files
F14124257: D20578.diff
Sat, Nov 30, 2:17 AM
F14119768: D20578.id49096.diff
Fri, Nov 29, 6:18 AM
Unknown Object (File)
Thu, Nov 28, 1:38 AM
Unknown Object (File)
Mon, Nov 25, 4:45 PM
Unknown Object (File)
Sun, Nov 24, 1:31 AM
Unknown Object (File)
Tue, Nov 19, 1:46 AM
Unknown Object (File)
Thu, Nov 14, 3:40 PM
Unknown Object (File)
Tue, Nov 12, 3:48 AM
Subscribers
None

Details

Summary

Fixes T13310. Use cases in the form "users with no access to any spaces can not <do things>" are generally unsupported (that is, we consider this to mean that the install is misconfigured), but "log out" is a somewhat more reasonable sort of thing to do and easy to support.

Drop the requirement that users be logged in to access the Logout controller. This skips the check for access to any Spaces and allows users with no Spaces to log out.

For users who are already logged out, this just redirects home with no effect.

Test Plan
  • As a user with access to no Spaces, logged out. (Before: error; after: worked).
  • As a logged-out user, logged out (was redirected).
  • As a normal user, logged out (normal logout).

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

amckinley added inline comments.
src/applications/auth/controller/PhabricatorLogoutController.php
7–26

wat

This revision is now accepted and ready to land.Jun 17 2019, 8:22 PM
src/applications/auth/controller/PhabricatorLogoutController.php
7–26

Haha, in retrospect this is fairly confusing -- let me take another shot at it.

Explain the behavior more clearly -- there are three classes of users:

  1. Logged in, normal users.
  2. Logged in users with no access to Spaces.
  3. Logged out users.

If we require login, users in bucket (1) can log out but users in bucket (2) get a "No Access To Spaces" error.

If we don't require login, users in buckets (1) and (2) can log out, since the "No Access To Spaces" error only cares about login-required pages.

Users in bucket (3) also get to log out, which is silly/pointless (they are already logged out), but not harmful.

  • Rebase to pick up the unit test fix.