jessebrault/meals-made-easy-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added logout to clear refresh-token.

Browse Source
This commit is contained in:
JesseBrault0709 2024-06-24 17:02:30 +02:00
parent d68dcc45fe
commit 2eb2610832
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
View File

@ -1,14 +1,10 @@
package app.mealsmadeeasy.api.auth;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseCookie;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/auth")
@ -21,7 +17,7 @@ public final class AuthController {
}
@PostMapping("/login")
public ResponseEntity<LoginView> login(@RequestBody LoginBody loginBody, HttpServletResponse response) {
public ResponseEntity<LoginView> login(@RequestBody LoginBody loginBody) {
try {
final LoginDetails loginDetails = this.authService.login(loginBody.getUsername(), loginBody.getPassword());
final String serializedToken = loginDetails.getRefreshToken().getToken();
@ -41,4 +37,16 @@ public final class AuthController {
}
}
@PostMapping("/logout")
public ResponseEntity<?> logout(@CookieValue("refresh-token") String refreshToken) {
final ResponseCookie deleteRefreshCookie = ResponseCookie.from("refresh-token")
.httpOnly(true)
.secure(true)
.maxAge(0)
.build();
return ResponseEntity.ok()
.header(HttpHeaders.SET_COOKIE, deleteRefreshCookie.toString())
.build();
}
}

2
src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java
View File

@ -34,7 +34,7 @@ public class SecurityConfiguration {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return web -> web.ignoring().requestMatchers("/greeting", "/auth/login");
return web -> web.ignoring().requestMatchers("/greeting", "/auth/login", "/auth/logout");
}
@Bean