Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorLogoutController.php
<?php | <?php | ||||
final class PhabricatorLogoutController | final class PhabricatorLogoutController | ||||
extends PhabricatorAuthController { | extends PhabricatorAuthController { | ||||
public function shouldRequireLogin() { | public function shouldRequireLogin() { | ||||
return true; | // See T13310. We allow access to the "Logout" controller even if you are | ||||
// not logged in: otherwise, users who do not have access to any Spaces can | |||||
// not log out. | |||||
// When you try to access a controller which requires you be logged in, | |||||
// and you do not have access to any Spaces, an access check fires first | |||||
// and prevents access with a "No Access to Spaces" error. If this | |||||
// controller requires users be logged in, users who are trying to log out | |||||
// and also have no access to Spaces get the error instead of a logout | |||||
// workflow and are trapped. | |||||
// By permitting access to this controller even if you are not logged in, | |||||
// we bypass the Spaces check and allow users who have no access to Spaces | |||||
// to log out. | |||||
// This incidentally allows users who are already logged out to access the | |||||
// controller, but this is harmless: we just no-op these requests. | |||||
return false; | |||||
} | } | ||||
amckinleyUnsubmitted Not Done Inline Actionsamckinley: wat | |||||
Done Inline ActionsHaha, in retrospect this is fairly confusing -- let me take another shot at it. epriestley: Haha, in retrospect this is fairly confusing -- let me take another shot at it. | |||||
public function shouldRequireEmailVerification() { | public function shouldRequireEmailVerification() { | ||||
// Allow unverified users to logout. | // Allow unverified users to logout. | ||||
return false; | return false; | ||||
} | } | ||||
public function shouldRequireEnabledUser() { | public function shouldRequireEnabledUser() { | ||||
// Allow disabled users to logout. | // Allow disabled users to logout. | ||||
▲ Show 20 Lines • Show All 48 Lines • Show Last 20 Lines |