mnalis/apps-android-commons
1
0
Fork 0
mirror of https://github.com/commons-app/apps-android-commons.git synced 2025-10-26 20:33:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Ensure to clear the cookies when logging out

Browse source 
It turns out that we failed to clear the cookies from the cookie JAR
when logging the user out. As a consequence, the cookie were retained
and it was possible to edit depictions as the previous user even without
logging in to the app (using the retained cookies).

Make sure we properly clear the cookies when we log the user out.

As an aside, the fact that the edit button shouldn't have been shown
is a different issue being tracked in #5726
This commit is contained in:
Kaartic Sivaraam 2024-05-12 23:09:07 +05:30
parent 7e84a447d4
commit 1f6f186b98
4 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/src/main/java/fr/free/nrw/commons/CommonsApplication.java
View file

@ -294,6 +294,7 @@ public class CommonsApplication extends MultiDexApplication {
} }
sessionManager.logout() sessionManager.logout()
.andThen(Completable.fromAction(() -> cookieJar.clear()))
.andThen(Completable.fromAction(() -> { .andThen(Completable.fromAction(() -> {
Timber.d("All accounts have been removed"); Timber.d("All accounts have been removed");
clearImageCache(); clearImageCache();

4
app/src/main/java/fr/free/nrw/commons/auth/SessionManager.java
View file

@ -122,9 +122,7 @@ public class SessionManager {
} }
/** /**
* 1. Clears existing accounts from account manager * Returns a Completable that clears existing accounts from account manager
* 2. Calls MediaWikiApi's logout function to clear cookies
* @return
*/ */
public Completable logout() { public Completable logout() {
AccountManager accountManager = AccountManager.get(context); AccountManager accountManager = AccountManager.get(context);

1
app/src/main/java/fr/free/nrw/commons/auth/csrf/CsrfTokenClient.kt
View file

@ -10,7 +10,6 @@ import fr.free.nrw.commons.auth.login.LoginResult
import retrofit2.Call import retrofit2.Call
import retrofit2.Response import retrofit2.Response
import timber.log.Timber import timber.log.Timber
import java.io.IOException
import java.util.concurrent.Callable import java.util.concurrent.Callable
import java.util.concurrent.Executors.newSingleThreadExecutor import java.util.concurrent.Executors.newSingleThreadExecutor

5
app/src/main/java/fr/free/nrw/commons/wikidata/cookies/CommonsCookieJar.kt
View file

@ -95,4 +95,9 @@ class CommonsCookieJar(private val cookieStorage: CommonsCookieStorage) : Cookie
private fun Cookie.domainSpec(url: HttpUrl): String = private fun Cookie.domainSpec(url: HttpUrl): String =
domain.ifEmpty { url.toUri().getAuthority() } domain.ifEmpty { url.toUri().getAuthority() }
fun clear() {
cookieStorage.clear()
}
} }