HomePhabricator

[bugfix] add CSRF token in sitelogout() api call

Description

[bugfix] add CSRF token in sitelogout() api call

  • Add missing CSRF token since {T25227: Use token when logging out}

is closed upstream, and tests that correspond to.

  • site._relogin() was calling site.login() with self._loginstatus, but

this last one is an integer and login() excepts a bool. When login fails
(_relogin() usage), _loginstatus equals to -1 that is interpreted as
True, resulting in the usage of systop account even when it's not wanted.

  • Using site.getuserinfo(force=True) at the end of logout() results of an

automatic re-login, since it is detected that the user has logged out
during that API call. So removing _userinfo attribute cleans the previous
login state.

Bug: T222508
Change-Id: Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6

Details

Provenance
FramawikiAuthored on May 4 2019, 11:25 AM
XqtCommitted on May 4 2019, 2:00 PM
Parents
rPWBCf244218bc872: [cleanup] check for existing strings directly
Branches
Unknown
Tags
Unknown
ChangeId
Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6