Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Log out mechanism for clearing ds_actor cookie #840

Closed
simonw opened this issue Jun 12, 2020 · 4 comments
Closed

Log out mechanism for clearing ds_actor cookie #840

simonw opened this issue Jun 12, 2020 · 4 comments

Comments

@simonw
Copy link
Owner

simonw commented Jun 12, 2020

Need a cookie clearing mechanism and a way to show that you are logged in.

datasette-auth-github had a solution for this that can be pulled into core.

@simonw simonw added this to the Datasette 0.45 milestone Jun 12, 2020
@simonw
Copy link
Owner Author

simonw commented Jun 12, 2020

I don't like how this often involves a logout link that can be maliciously activated.

I'm going to use a CSRF protected form button styled to look like a link instead.

@simonw
Copy link
Owner Author

simonw commented Jun 12, 2020

Another problem: what to display in the "you are logged in as", since we don't dictate an actor design.

I'm going to use a includes template for this that can easily be over-ridden by administrators or by plugins.

The default will look for the first available of the following keys:

  • display
  • name
  • username
  • login
  • id

@simonw
Copy link
Owner Author

simonw commented Jun 29, 2020

Step one: a "logout" page at /-/logout - which shows you a single CSRF-protected "logout" button if you do a GET against it and logs you out if you do a POST against it.

simonw added a commit that referenced this issue Jun 29, 2020
@simonw
Copy link
Owner Author

simonw commented Jun 29, 2020

Now just need the "Logged in as: XXX <logout>" navigation item.

@simonw simonw closed this as completed Jun 29, 2020
simonw added a commit that referenced this issue Jul 1, 2020
simonw added a commit that referenced this issue Jul 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant