httpauth.py, cmd-cgi.py, list.fhtml: Implement explicit logout action.

diff --git a/cmd-cgi.py b/cmd-cgi.py
index 6dc59ee..63253b7 100644 (file)
--- a/cmd-cgi.py
+++ b/cmd-cgi.py
@@ -86,6 +86,13 @@ def cmd_clear_cgi(services = []):
   operate('clear passwords', 'clear', services)
 
 @CGI.subcommand(
+  'logout', ['cgi'],
+  'Log out of the web interface.')
+def cmd_logout_cgi():
+  CGI.redirect(CGI.action('login', why = 'LOGOUT'),
+               set_cookie = HA.bake_cookie('logged-out'))
+
+@CGI.subcommand(
   'fail', ['cgi-noauth'],
   'Raise an exception, to test the error reporting machinery.',
   opts = [SC.Opt('partial', '-p', '--partial',

diff --git a/httpauth.py b/httpauth.py
index 4a41e4f..13ba0d1 100644 (file)
--- a/httpauth.py
+++ b/httpauth.py
@@ -175,6 +175,7 @@ LOGIN_REASONS = {
   'EXPIRED': 'session timed out',
   'BADTAG': 'incorrect tag',
   'NOUSER': 'unknown user name',
+  'LOGOUT': 'explicitly logged out',
   None: None
 }
 
@@ -201,6 +202,9 @@ def check_auth(token, nonce = None):
 
   global NONCE
 
+  ## If the token has been explicitly clobbered, then we're logged out.
+  if token == 'logged-out': raise AuthenticationFailed, 'LOGOUT'
+
   ## Parse the token.
   bits = token.split('.', 3)
   if len(bits) != 4: raise AuthenticationFailed, 'BADTOKEN'

diff --git a/list.fhtml b/list.fhtml
index 735f63c..0fb5faf 100644 (file)
--- a/list.fhtml
+++ b/list.fhtml
@@ -128,4 +128,12 @@
 <input type=hidden name=%nonce value="~={nonce}H">
 </form>
 
+<h2>Log out of Chopwood</h2>
+
+<form method=GET action="~={script}H/logout">
+<button type=submit>Log out</button>
+<input type=hidden name=%user value="~={user}H">
+<input type=hidden name=%nonce value="~={nonce}H">
+</form>
+
 ~1[<!------- That's all, folks ------------------------------------------>~]~