menu: Add system generated logoutToken on logout action in Minerva

Upon building the menu components for logged in users, the logoutToken
was not properly appended to the logout URL. The URL is supposed to be

`?title=Special:UserLogout&returnto=...&logoutToken=...`

and not what was rendered previously, see below

`?title=Special:UserLogout&<token>`

The absense of the 'logoutToken' param prompted an intermediate step asking
users to confirm the logout action. We don't need this in Minerva if users want
to logout from their accounts and asking users to confirm this action is annoying.

We want the user to be able to logout when the "Logout" button is clicked
and the system would have generated a logout token and appended to the logout
URL in the format specified above. This patch has been tested locally and
everything works just fine.

Bug: T225220
Change-Id: I20f30db707915179a0604a1dc9061d8db225a230
This commit is contained in:
Derick Alangi 2019-06-08 11:10:54 +01:00
parent 808fae37e2
commit a9ead1938b

View file

@ -155,11 +155,12 @@ class AuthMenuEntry implements IMenuEntry {
* @return array * @return array
* @throws \MWException * @throws \MWException
*/ */
private function buildComponentsForLoggedIn( array $returnToQuery, private function buildComponentsForLoggedIn( array $returnToQuery, array $authLinksQuery ): array {
array $authLinksQuery ): array {
if ( !empty( $returnToQuery ) ) { if ( !empty( $returnToQuery ) ) {
$authLinksQuery['returntoquery'] = wfArrayToCgi( $returnToQuery ); $authLinksQuery['returntoquery'] = wfArrayToCgi( $returnToQuery );
} }
$authLinksQuery['logoutToken'] = $this->user->getEditToken( 'logoutToken', $this->request );
$logoutURL = SpecialPage::getTitleFor( 'Userlogout' )->getLocalURL( $authLinksQuery ); $logoutURL = SpecialPage::getTitleFor( 'Userlogout' )->getLocalURL( $authLinksQuery );
$username = $this->user->getName(); $username = $this->user->getName();
$profileUrl = $this->customProfileURL ?? $profileUrl = $this->customProfileURL ??