make api logout work

2019-01-01 12:28:48 +00:00
parent f362b0aee3
commit 2ad803da64
1 changed files with 22 additions and 3 deletions
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -16,6 +16,7 @@ hook 'before' => sub {
    if (! session('logged_in_user')
        and request->path ne uri_for('/login')->path
        and request->path ne uri_for('/logout')->path
        and request->path ne uri_for('/swagger.json')->path
        and index(request->path, uri_for('/swagger-ui')->path) != 0) {
@@ -162,7 +163,21 @@ Dancer::Plugin::Swagger->instance->doc->{paths}->{'/login'}
  ->{post}->{security}->[0]->{BasicAuth} = [];
 # we override the default login_handler, so logout has to be handled as well
-any ['get', 'post'] => '/logout' => sub {
+swagger_path {
  description => 'Destroy user API Key and session cookie',
  parameters => [],
  responses => { default => { examples => { 'application/json' => {} } } },
 },
 get '/logout' => sub {
    # clear out API token
    my $user = schema('netdisco')->resultset('User')
      ->find({ username => session('logged_in_user')});
    $user->update({token => undef, token_from => undef})->discard_changes()
      if $user and $user->in_storage;
    # invalidate session cookie
    session->destroy;
    schema('netdisco')->resultset('UserLog')->create({
      username => session('logged_in_user'),
      userip => request->remote_address,
@@ -170,8 +185,12 @@ any ['get', 'post'] => '/logout' => sub {
      details => '',
    });
-    session->destroy;
+    if (request->header('Accept') =~ m/(?:json|javascript)/i) {
-    redirect uri_for('/inventory')->path;
+      return to_json {};
    }
    else {
      redirect uri_for('/inventory')->path;
    }
 };
 true;