Commit ab159534 authored by janis.streib's avatar janis.streib 🦉
Browse files

ADD: logout in middleware

parent 5189d238
......@@ -352,7 +352,7 @@ class DBMgr(Mgr, DBObject):
def has_permission(self, permission):
return permission in self.__acd_cache['cntl']['xup']
def get_token(self, db, connection, stay_logged_in=False):
def create_session_token(self, db, connection, stay_logged_in=False):
descr = 'Session-Token ({})'.format(datetime.datetime.now())
res = db.execute(connection, """
SELECT out_token_text as token, out_token_pk as pk FROM cntl.create_sess_auth({login_name}, {descr}, {stay_logged_in})
......@@ -959,10 +959,34 @@ class APIToken(MetaDBObject):
self.token = token
self.login_name = login_name
self.description = description
self.pk=pk
self.pk = pk
if id is None and token is not None:
self.id = int(token.split('.')[0])
def delete(self, db, conn):
query = """
select wapi_3_0.ta_handler(
in_login_name => {{login_name}},
in_stmt_list => array[row(
'cntl',
'wapi_auth',
'delete',
array['{dict}']::json[],
'{{}}'
)::wapi_3_0.imp_ta_stmt_rec_type],
in_report_stmt_pos => false,
in_is_dry_mode => false
);
""".format(dict=json.dumps({'name': 'pk', 'old_value': self.pk}).replace('{', '{{').replace('}', '}}')).replace(
'{}', '{{}}')
print(query)
db.execute(conn,
query, {'login_name': self.login_name})
self.token = None
self.pk = None
self.description = None
self.login_name = None
# Pseudo-objects for strings
......
......@@ -45,7 +45,7 @@ def api_login():
s['login'] = user
s['plan'] = Transaction()
s.save()
return jsonify({'login': user, 'token': user.get_token(db, get_db_conn(), False)})
return jsonify({'login': user, 'token': user.create_session_token(db, get_db_conn(), False)})
else:
user = ldap_con.get_simple_kit_user(username=username)
s['login'] = user
......@@ -55,3 +55,14 @@ def api_login():
else:
return jsonify({'login': None})
return jsonify({'login': s['login']})
@login_db.route('/api/logout', methods=['POST'])
def api_logout():
s = request.environ['beaker.session']
if 'login' in s:
if request.json.get('token_pk', None) is not None:
APIToken(login_name=s['login'].login_name, pk=int(request.json['token_pk'])).delete(db, get_db_conn())
s.delete()
s.save()
return jsonify({'logout': 'success'})
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment