trac-hacks
Logout button does not work
After successfully logging in via Github Oauth using my company's SSO provider and being redirected back to the Trac instance, clicking the "Logout" button returns the error: Missing or invalid form token. Do you have cookies enabled?
Relevant portion of the logs:
2023-02-12 21:45:30,231 Trac[main] DEBUG: Dispatching <RequestWithSession "POST '/github/logout'">
2023-02-12 21:45:30,231 Trac[main] DEBUG: Chosen handler is <Component tracext.github.GitHubLoginModule>
2023-02-12 21:45:30,232 Trac[main] WARNING: [100.97.53.206] HTTPBadRequest: 400 Bad Request (Missing or invalid form token. Do you have cookies enabled?), <RequestWithSession "POST '/github/logout'">, referrer 'https://<my_instance>/trac/admin/general/logging'
Running Trac 1.4.3 and trac-github 2.3.
Got hit by this after an update. This 4 line fix/hack seems to do the trick for me:
diff --git a/tracext/github/__init__.py b/tracext/github/__init__.py
index 0dddb2b..cc7b7c4 100644
--- a/tracext/github/__init__.py
+++ b/tracext/github/__init__.py
@@ -129,7 +129,10 @@ def get_navigation_items(self, req):
yield ('metanav', 'logout',
tag.form(tag.div(tag.button(_('Logout'),
name='logout',
- type='submit')),
+ type='submit'),
+ tag.input(type='hidden',
+ name='__FORM_TOKEN',
+ value=req.form_token)),
action=logout_href, method='post', id='logout',
class_='trac-logout'))
else:
Not sure if this project is maintained anymore (seems to be the case for a lot of plugins in the trac ecosystem), but if it is I'd be happy to submit a PR.
I'd be happy to review and merge this. I've never done a release, though.
I'd be happy to review and merge this. I've never done a release, though.
Thanks for the quick reply!
I'll work on this in the next few days (I'm trying to get the test suite to pass for now, I'm still unsure if the failures are related to my change or not).