[Zope3-checkins] SVN: Zope3/branches/3.3/ Fix issue 239. Logout feature for Basic HTTP auth.

Florent Xicluna laxyf at yahoo.fr
Tue Sep 5 09:27:07 EDT 2006 

Log message for revision 69975:
  Fix issue 239. Logout feature for Basic HTTP auth.

Changed:
  U   Zope3/branches/3.3/doc/CHANGES.txt
  U   Zope3/branches/3.3/src/zope/app/security/browser/logout.pt
  U   Zope3/branches/3.3/src/zope/app/security/browser/redirect.pt

-=-
Modified: Zope3/branches/3.3/doc/CHANGES.txt
===================================================================
--- Zope3/branches/3.3/doc/CHANGES.txt	2006-09-05 13:11:05 UTC (rev 69974)
+++ Zope3/branches/3.3/doc/CHANGES.txt	2006-09-05 13:27:07 UTC (rev 69975)
@@ -10,6 +10,16 @@
 
     Bugfixes
 
+      - Fixed issue 239: Now the default authentication schema (Basic HTTP)
+        has better support for logout. The 'Logout' link is still optional.
+        You have to register a marker component in ZCML.
+        To display the link, add this:
+
+          <adapter factory="zope.app.security.LogoutSupported" />
+
+        to your ``site.zcml`` or ``overrides.zcml``.
+        See ``zope/app/security/browser/loginlogout.txt`` for details.
+
       - Fixed issue 696: No display widget was registered for ISet fields with
         a IChoice(IBaseVocabulary) value type.
 

Modified: Zope3/branches/3.3/src/zope/app/security/browser/logout.pt
===================================================================
--- Zope3/branches/3.3/src/zope/app/security/browser/logout.pt	2006-09-05 13:11:05 UTC (rev 69974)
+++ Zope3/branches/3.3/src/zope/app/security/browser/logout.pt	2006-09-05 13:27:07 UTC (rev 69975)
@@ -1,5 +1,25 @@
 <html metal:use-macro="context/@@standard_macros/page"
     i18n:domain="zope">
+  <head>
+    <metal:block fill-slot="headers">
+      <script type="text/javascript"><!--
+        // clear HTTP Authentication
+        try {
+          if (window.XMLHttpRequest) {
+            var xmlhttp = new XMLHttpRequest();
+            // Send invalid credentials, then abort
+            xmlhttp.open("GET", "/@@", true, "logout", "logout");
+            xmlhttp.send("");
+            xmlhttp.abort();
+          } else if (document.execCommand) {
+            // IE specific command
+            document.execCommand("ClearAuthenticationCache");
+          }
+        } catch(e) { }
+        //-->
+      </script>
+    </metal:block>
+  </head>
   <body>
   <div metal:fill-slot="body">
   

Modified: Zope3/branches/3.3/src/zope/app/security/browser/redirect.pt
===================================================================
--- Zope3/branches/3.3/src/zope/app/security/browser/redirect.pt	2006-09-05 13:11:05 UTC (rev 69974)
+++ Zope3/branches/3.3/src/zope/app/security/browser/redirect.pt	2006-09-05 13:27:07 UTC (rev 69975)
@@ -4,6 +4,22 @@
     <metal:block fill-slot="headers">
       <meta http-equiv="refresh" content="0;url=./"
         tal:attributes="content string:0;;url=${view/request/nextURL}" />
+      <script type="text/javascript"><!--
+        // clear HTTP Authentication
+        try {
+          if (window.XMLHttpRequest) {
+            var xmlhttp = new XMLHttpRequest();
+            // Send invalid credentials, then abort
+            xmlhttp.open("GET", "/@@", true, "logout", "logout");
+            xmlhttp.send("");
+            xmlhttp.abort();
+          } else if (document.execCommand) {
+            // IE specific command
+            document.execCommand("ClearAuthenticationCache");
+          }
+        } catch(e) { }
+        //-->
+      </script>
     </metal:block>
   </head>
   <body>

More information about the Zope3-Checkins mailing list