Make logout a post request, fix cookie path

This commit is contained in:
Valentin Tolmer 2021-05-23 17:06:43 +02:00
parent cd84aff310
commit 054f970f91

View File

@ -108,7 +108,7 @@ where
.unwrap_or_else(error_to_http_response) .unwrap_or_else(error_to_http_response)
} }
async fn get_logout<Backend>( async fn post_logout<Backend>(
data: web::Data<AppState<Backend>>, data: web::Data<AppState<Backend>>,
request: HttpRequest, request: HttpRequest,
) -> HttpResponse ) -> HttpResponse
@ -153,7 +153,7 @@ where
.cookie( .cookie(
Cookie::build("refresh_token", "") Cookie::build("refresh_token", "")
.max_age(0.days()) .max_age(0.days())
.path("/api/authorize/refresh") .path("/auth")
.http_only(true) .http_only(true)
.same_site(SameSite::Strict) .same_site(SameSite::Strict)
.finish(), .finish(),
@ -197,7 +197,7 @@ where
.cookie( .cookie(
Cookie::build("refresh_token", refresh_token + "+" + &request.name) Cookie::build("refresh_token", refresh_token + "+" + &request.name)
.max_age(max_age.num_days().days()) .max_age(max_age.num_days().days())
.path("/api/authorize/refresh") .path("/auth")
.http_only(true) .http_only(true)
.same_site(SameSite::Strict) .same_site(SameSite::Strict)
.finish(), .finish(),
@ -305,5 +305,5 @@ where
{ {
cfg.service(web::resource("").route(web::post().to(post_authorize::<Backend>))) cfg.service(web::resource("").route(web::post().to(post_authorize::<Backend>)))
.service(web::resource("/refresh").route(web::get().to(get_refresh::<Backend>))) .service(web::resource("/refresh").route(web::get().to(get_refresh::<Backend>)))
.service(web::resource("/logout").route(web::get().to(get_logout::<Backend>))); .service(web::resource("/logout").route(web::post().to(post_logout::<Backend>)));
} }