Commit ada23165 authored by ale's avatar ale
Browse files

Add a logout handler

parent a3e271d8
{{define "title"}}Sign Out{{end}}
{{define "head"}}
<link rel="stylesheet" href="/static/css/signin.css" integrity="sha384-zxlIX2SfN6SpDKbrkQNcrn07kaD/iSlYdEKRCab8ZAcTEvpWshVV4xqTpoQaeyPq">
{{end}}
{{define "content"}}
<div class="form-signin">
<h1 class="form-signin-heading">Sign Out</h1>
<p>
You have been signed out of this account.
</p>
</div>
{{end}}
......@@ -92,6 +92,7 @@ func NewService(base *web.Service, publicURL string, rlConfig web.RatelimitConfi
m.Handle("/auth/login_u2f/redirect", s.withLoginSession(s.handleU2FPostAuthRedirect, sessionStateAuthenticated)).Methods("POST")
m.Handle("/auth/u2f/sign_request", s.withLoginSession(s.signU2FRequest, sessionState2FA)).Methods("GET")
m.Handle("/auth/u2f/sign_response", s.withLoginSession(s.signU2FResponse, sessionState2FA)).Methods("POST")
m.HandleFunc("/auth/logout", s.handleLogout)
s.Router.PathPrefix("/auth/").Handler(s.CSRF(s.InstrumentHandler("login", m)))
......@@ -251,6 +252,15 @@ func (s *Service) handleOTP(w http.ResponseWriter, r *http.Request, ls *loginSes
})
}
func (s *Service) handleLogout(w http.ResponseWriter, r *http.Request) {
// Delete all sessions (login session should not be there
// post-authentication, but let's be safe).
s.deleteLoginSession(r)
s.DeleteAuthSession(r)
s.RenderTemplate(w, r, "logout.html", nil)
}
// Fetch remote IP address from the request.
func (s *Service) getIP(r *http.Request) (ip string) {
if addr, err := web.GetRemoteAddr(r); err == nil {
......@@ -362,7 +372,6 @@ func (s *Service) successfulLoginAndRedirect(w http.ResponseWriter, r *http.Requ
return
}
// sessions.Save(r, w)
http.Redirect(w, r, redirURL, http.StatusFound)
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment