From 2eb261083221acc34478b6750e2bc239981faec7 Mon Sep 17 00:00:00 2001
From: JesseBrault0709 <62299747+JesseBrault0709@users.noreply.github.com>
Date: Mon, 24 Jun 2024 17:02:30 +0200
Subject: [PATCH] Added logout to clear refresh-token.

---
 .../api/auth/AuthController.java              | 20 +++++++++++++------
 .../api/security/SecurityConfiguration.java   |  2 +-
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
index 2d9be88..cbb8d65 100644
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
@@ -1,14 +1,10 @@
 package app.mealsmadeeasy.api.auth;
 
-import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("/auth")
@@ -21,7 +17,7 @@ public final class AuthController {
     }
 
     @PostMapping("/login")
-    public ResponseEntity<LoginView> login(@RequestBody LoginBody loginBody, HttpServletResponse response) {
+    public ResponseEntity<LoginView> login(@RequestBody LoginBody loginBody) {
         try {
             final LoginDetails loginDetails = this.authService.login(loginBody.getUsername(), loginBody.getPassword());
             final String serializedToken = loginDetails.getRefreshToken().getToken();
@@ -41,4 +37,16 @@ public final class AuthController {
         }
     }
 
+    @PostMapping("/logout")
+    public ResponseEntity<?> logout(@CookieValue("refresh-token") String refreshToken) {
+        final ResponseCookie deleteRefreshCookie = ResponseCookie.from("refresh-token")
+                .httpOnly(true)
+                .secure(true)
+                .maxAge(0)
+                .build();
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, deleteRefreshCookie.toString())
+                .build();
+    }
+
 }
diff --git a/src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java b/src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java
index 6478fc9..f886cce 100644
--- a/src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java
+++ b/src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java
@@ -34,7 +34,7 @@ public class SecurityConfiguration {
 
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
-        return web -> web.ignoring().requestMatchers("/greeting", "/auth/login");
+        return web -> web.ignoring().requestMatchers("/greeting", "/auth/login", "/auth/logout");
     }
 
     @Bean