From 2ad803da64c21d48e4293e8e7cefd085dd388bae Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Tue, 1 Jan 2019 12:28:48 +0000 Subject: [PATCH] make api logout work --- lib/App/Netdisco/Web/AuthN.pm | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/lib/App/Netdisco/Web/AuthN.pm b/lib/App/Netdisco/Web/AuthN.pm index 514d1dac..9a64c53c 100644 --- a/lib/App/Netdisco/Web/AuthN.pm +++ b/lib/App/Netdisco/Web/AuthN.pm @@ -16,6 +16,7 @@ hook 'before' => sub { if (! session('logged_in_user') and request->path ne uri_for('/login')->path + and request->path ne uri_for('/logout')->path and request->path ne uri_for('/swagger.json')->path and index(request->path, uri_for('/swagger-ui')->path) != 0) { @@ -162,7 +163,21 @@ Dancer::Plugin::Swagger->instance->doc->{paths}->{'/login'} ->{post}->{security}->[0]->{BasicAuth} = []; # we override the default login_handler, so logout has to be handled as well -any ['get', 'post'] => '/logout' => sub { +swagger_path { + description => 'Destroy user API Key and session cookie', + parameters => [], + responses => { default => { examples => { 'application/json' => {} } } }, +}, +get '/logout' => sub { + # clear out API token + my $user = schema('netdisco')->resultset('User') + ->find({ username => session('logged_in_user')}); + $user->update({token => undef, token_from => undef})->discard_changes() + if $user and $user->in_storage; + + # invalidate session cookie + session->destroy; + schema('netdisco')->resultset('UserLog')->create({ username => session('logged_in_user'), userip => request->remote_address, @@ -170,8 +185,12 @@ any ['get', 'post'] => '/logout' => sub { details => '', }); - session->destroy; - redirect uri_for('/inventory')->path; + if (request->header('Accept') =~ m/(?:json|javascript)/i) { + return to_json {}; + } + else { + redirect uri_for('/inventory')->path; + } }; true;