Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout button does not work #136

Open
mdbr000-np opened this issue Feb 12, 2023 · 3 comments
Open

Logout button does not work #136

mdbr000-np opened this issue Feb 12, 2023 · 3 comments

Comments

@mdbr000-np
Copy link

After successfully logging in via Github Oauth using my company's SSO provider and being redirected back to the Trac instance, clicking the "Logout" button returns the error: Missing or invalid form token. Do you have cookies enabled?

Relevant portion of the logs:

2023-02-12 21:45:30,231 Trac[main] DEBUG: Dispatching <RequestWithSession "POST '/github/logout'">
2023-02-12 21:45:30,231 Trac[main] DEBUG: Chosen handler is <Component tracext.github.GitHubLoginModule>
2023-02-12 21:45:30,232 Trac[main] WARNING: [100.97.53.206] HTTPBadRequest: 400 Bad Request (Missing or invalid form token. Do you have cookies enabled?), <RequestWithSession "POST '/github/logout'">, referrer 'https://<my_instance>/trac/admin/general/logging'

Running Trac 1.4.3 and trac-github 2.3.
@bmispelon bmispelon mentioned this issue Jan 25, 2024
Closed
@bmispelon
Copy link
Contributor

Got hit by this after an update. This 4 line fix/hack seems to do the trick for me:

diff --git a/tracext/github/__init__.py b/tracext/github/__init__.py
index 0dddb2b..cc7b7c4 100644
--- a/tracext/github/__init__.py
+++ b/tracext/github/__init__.py
@@ -129,7 +129,10 @@ def get_navigation_items(self, req):
                 yield ('metanav', 'logout',
                        tag.form(tag.div(tag.button(_('Logout'),
                                                    name='logout',
-                                                   type='submit')),
+                                                   type='submit'),
+                                        tag.input(type='hidden',
+                                                  name='__FORM_TOKEN',
+                                                  value=req.form_token)),
                                 action=logout_href, method='post', id='logout',
                                 class_='trac-logout'))
         else:

Not sure if this project is maintained anymore (seems to be the case for a lot of plugins in the trac ecosystem), but if it is I'd be happy to submit a PR.

@neverpanic
Copy link
Member

I'd be happy to review and merge this. I've never done a release, though.

@bmispelon
Copy link
Contributor

I'd be happy to review and merge this. I've never done a release, though.

Thanks for the quick reply!

I'll work on this in the next few days (I'm trying to get the test suite to pass for now, I'm still unsure if the failures are related to my change or not).

This was referenced Jan 27, 2024
Merged
Open
bmispelon added a commit to bmispelon/trac-github that referenced this issue Feb 3, 2024
@bmispelon
Fix trac-hacks#136 -- Pass __FORM_TOKEN to logout navigation form
66b37bf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bmispelon @neverpanic @mdbr000-np