Only show 'log out' if ds_cookie present, closes #884

datasette/app.py

@@ -739,6 +739,7 @@ class Datasette:
             **{
                 "actor": request.actor if request else None,
                 "display_actor": display_actor,
+                "show_logout": "ds_actor" in request.cookies,
                 "app_css_hash": self.app_css_hash(),
                 "zip": zip,
                 "body_scripts": body_scripts,

datasette/templates/base.html

@@ -17,11 +17,11 @@
 <nav class="hd">{% block nav %}
     {% if actor %}
     <div class="logout">
-        <strong>{{ display_actor(actor) }}</strong> &middot;
+        <strong>{{ display_actor(actor) }}</strong>{% if show_logout %} &middot;
         <form action="/-/logout" method="post">
             <input type="hidden" name="csrftoken" value="{{ csrftoken() }}">
             <button class="button-as-link">Log out</button>
-        </form>
+        </form>{% endif %}
     </div>
     {% endif %}
 {% endblock %}</nav>

tests/test_auth.py

@@ -92,3 +92,11 @@ def test_logout_button_in_navigation(app_client, path):
     ):
         assert fragment in response.text
         assert fragment not in anon_response.text
+
+
+@pytest.mark.parametrize("path", ["/", "/fixtures", "/fixtures/facetable"])
+def test_no_logout_button_in_navigation_if_no_ds_actor_cookie(app_client, path):
+    response = app_client.get(path + "?_bot=1")
+    assert "<strong>bot</strong>" in response.text
+    assert "<strong>bot</strong> &middot;" not in response.text
+    assert '<form action="/-/logout" method="post">' not in response.text