almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 12:41:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add logout as POST action

Browse source 
for now, there is nothing when /exit is called manually
This commit is contained in:
Glandos 2022-07-12 12:46:36 +02:00
parent 91280a5d88
commit 498ceec9f5
3 changed files with 26 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ihatemoney/forms.py
View file

@ -443,6 +443,10 @@ class InviteForm(FlaskForm):
) )
class ConfirmLogoutForm(FlaskForm):
submit = SubmitField(_("Logout"))
class EmptyForm(FlaskForm): class EmptyForm(FlaskForm):
"""Used for CSRF validation""" """Used for CSRF validation"""

7
ihatemoney/templates/layout.html
View file

@ -119,9 +119,10 @@
<li><a class="dropdown-item" href="{{ url_for("main.dashboard") }}">{{ _("Dashboard") }}</a></li> <li><a class="dropdown-item" href="{{ url_for("main.dashboard") }}">{{ _("Dashboard") }}</a></li>
{% endif %} {% endif %}
<li> <li>
<a class="dropdown-item" href="{{ url_for("main.exit") }}"> <form action="{{ url_for("main.exit") }}" method="post">
{{ _("Logout") }} {{ g.confirm_logout_form.hidden_tag() }}
</a> {{ g.confirm_logout_form.submit(class="dropdown-item") }}
</form>
</li> </li>
</ul> </ul>
</li> </li>

22
ihatemoney/web.py
View file

@ -40,6 +40,7 @@ from ihatemoney.emails import send_creation_email
from ihatemoney.forms import ( from ihatemoney.forms import (
AdminAuthenticationForm, AdminAuthenticationForm,
AuthenticationForm, AuthenticationForm,
ConfirmLogoutForm,
DestructiveActionProjectForm, DestructiveActionProjectForm,
EditProjectForm, EditProjectForm,
EmptyForm, EmptyForm,
@ -149,6 +150,7 @@ def pull_project(endpoint, values):
if session.get(project.id) or is_admin or is_invitation: if session.get(project.id) or is_admin or is_invitation:
# add project into kwargs and call the original function # add project into kwargs and call the original function
g.project = project g.project = project
g.confirm_logout_form = ConfirmLogoutForm()
else: else:
# redirect to authentication page # redirect to authentication page
raise Redirect303(url_for(".authenticate", project_id=project_id)) raise Redirect303(url_for(".authenticate", project_id=project_id))
@ -534,11 +536,23 @@ def export_project(file, format):
) )
@main.route("/exit") @main.route("/exit", methods=["GET", "POST"])
def exit(): def exit():
# delete the session # We must test it manually, because otherwise, it creates a project "exit"
session.clear() if request.method == "GET":
return redirect(url_for(".home")) abort(405)
form = ConfirmLogoutForm()
if form.validate():
# delete the session
session.clear()
return redirect(url_for(".home"))
else:
flash(
format_form_errors(form, _("Unable to logout")),
category="danger",
)
return redirect(request.headers.get("Referer") or url_for(".home"))
@main.route("/demo") @main.route("/demo")