diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 281e44b82..a89c22373 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -38,8 +38,13 @@ class AccountController < ApplicationController # Log out current user and redirect to welcome page def logout - logout_user - redirect_to home_url + if User.current.anonymous? + redirect_to home_url + elsif request.post? + logout_user + redirect_to home_url + end + # display the logout form end # Lets user choose a new password diff --git a/app/views/account/logout.html.erb b/app/views/account/logout.html.erb new file mode 100644 index 000000000..309597603 --- /dev/null +++ b/app/views/account/logout.html.erb @@ -0,0 +1,3 @@ +<%= form_tag(signout_path) do %> +

<%= submit_tag l(:label_logout) %>

+<% end %> diff --git a/lib/redmine.rb b/lib/redmine.rb index 5b09b77b8..ad248c14f 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -208,7 +208,7 @@ Redmine::MenuManager.map :account_menu do |menu| menu.push :login, :signin_path, :if => Proc.new { !User.current.logged? } menu.push :register, :register_path, :if => Proc.new { !User.current.logged? && Setting.self_registration? } menu.push :my_account, { :controller => 'my', :action => 'account' }, :if => Proc.new { User.current.logged? } - menu.push :logout, :signout_path, :if => Proc.new { User.current.logged? } + menu.push :logout, :signout_path, :html => {:method => 'post'}, :if => Proc.new { User.current.logged? } end Redmine::MenuManager.map :application_menu do |menu| diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 5a11dbaa2..0f9ae8eed 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -80,9 +80,18 @@ class AccountControllerTest < ActionController::TestCase assert_response 302 end - def test_logout + def test_get_logout_should_not_logout @request.session[:user_id] = 2 get :logout + assert_response :success + assert_template 'logout' + + assert_equal 2, @request.session[:user_id] + end + + def test_logout + @request.session[:user_id] = 2 + post :logout assert_redirected_to '/' assert_nil @request.session[:user_id] end @@ -91,7 +100,7 @@ class AccountControllerTest < ActionController::TestCase @controller.expects(:reset_session).once @request.session[:user_id] = 2 - get :logout + post :logout assert_response 302 end diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb index d760046d0..94a99c223 100644 --- a/test/functional/welcome_controller_test.rb +++ b/test/functional/welcome_controller_test.rb @@ -85,6 +85,13 @@ class WelcomeControllerTest < ActionController::TestCase :content => %r{warnLeavingUnsaved} end + def test_logout_link_should_post + @request.session[:user_id] = 2 + + get :index + assert_select 'a[href=/logout][data-method=post]', :text => 'Sign out' + end + def test_call_hook_mixed_in assert @controller.respond_to?(:call_hook) end diff --git a/test/integration/routing/account_test.rb b/test/integration/routing/account_test.rb index d06d991ee..5b59a6220 100644 --- a/test/integration/routing/account_test.rb +++ b/test/integration/routing/account_test.rb @@ -25,10 +25,12 @@ class RoutingAccountTest < ActionController::IntegrationTest { :controller => 'account', :action => 'login' } ) end - assert_routing( - { :method => 'get', :path => "/logout" }, - { :controller => 'account', :action => 'logout' } - ) + ["get", "post"].each do |method| + assert_routing( + { :method => method, :path => "/logout" }, + { :controller => 'account', :action => 'logout' } + ) + end ["get", "post"].each do |method| assert_routing( { :method => method, :path => "/account/register" },