TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-10-31 09:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use same meta data for creating and deleting cookie

Browse Source 
The cookie might not be removed by browsers, if these infos don't
match.
This commit is contained in:
Eike Kettner
2019-11-17 00:44:42 +01:00
parent fd311b9688
commit f747c6146d
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
View File

@@ -34,4 +34,16 @@ object CookieData {
def fromHeader[F[_]](req: Request[F]): Either[String, String] = {
req.headers.get(CaseInsensitiveString(headerName)).map(_.value).toRight("Couldn't find an authenticator")
}
def deleteCookie(cfg: Config): ResponseCookie =
ResponseCookie(
cookieName,
"",
domain = cfg.baseUrl.host,
path = Some(cfg.baseUrl.path / "api" / "v1" / "sec").map(_.asString),
httpOnly = true,
secure = cfg.baseUrl.scheme.exists(_.endsWith("s")),
maxAge = Some(-1)
)
}

2
modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala
View File

@@ -37,7 +37,7 @@ object LoginRoutes {
flatMap(res => makeResponse(dsl, cfg, res, ""))
case POST -> Root / "logout" =>
Ok().map(_.addCookie(ResponseCookie(CookieData.cookieName, "", maxAge = Some(-1))))
Ok().map(_.addCookie(CookieData.deleteCookie(cfg)))
}
}