[Zope-CVS] CVS: Products/PluggableAuthService - PluggableAuthService.py:1.26

[Jens Vagelpohl]

Update of /cvs-repository/Products/PluggableAuthService
In directory cvs.zope.org:/tmp/cvs-serv20664

Modified Files:
	PluggableAuthService.py 
Log Message:
- Add a publicly callable "logout" method on the PluggableAuthService
  instance that will call resetCredentials on all activated
  ICredentialsRest plugins, thus effecting a logout.


=== Products/PluggableAuthService/PluggableAuthService.py 1.25 => 1.26 ===
--- Products/PluggableAuthService/PluggableAuthService.py:1.25	Sat Nov 20 13:44:13 2004
+++ Products/PluggableAuthService/PluggableAuthService.py	Sat Nov 20 15:02:20 2004
@@ -1209,6 +1209,29 @@
         for updater_id, updater in cred_updaters:
             updater.updateCredentials(request, response, login, new_password)
 
+    security.declarePublic('logout')
+    def logout(self, REQUEST):
+        """Publicly accessible method to log out a user
+        """
+        self.resetCredentials(REQUEST, REQUEST['RESPONSE'])
+
+        # Little bit of a hack: Issuing a redirect to the same place
+        # where the user was so that in the second request the now-destroyed
+        # credentials can be acted upon to e.g. go back to the login page
+        REQUEST['RESPONSE'].redirect(REQUEST['HTTP_REFERER'])
+
+    security.declarePrivate('_resetCredentials')
+    def resetCredentials(self, request, response):
+        """Reset credentials by informing all active resetCredentials plugins
+        """
+        user = getSecurityManager().getUser()
+        if aq_base(user) is not nobody:
+            plugins = self._getOb('plugins')
+            cred_resetters = plugins.listPlugins(ICredentialsResetPlugin)
+
+            for resetter_id, resetter in cred_resetters:
+                resetter.resetCredentials(request, response)
+
 
 InitializeClass( PluggableAuthService )