From 25c4d43788f1fdbc18de77b6aeae0184b0426a85 Mon Sep 17 00:00:00 2001
From: Sandro Lutz <lutzsa@student.ethz.ch>
Date: Wed, 29 Aug 2018 22:54:56 +0200
Subject: [PATCH] Implement proper logout

---
 src/auth.js   | 34 +++++++++++++++++++++++++++-------
 src/index.js  |  2 --
 src/layout.js |  9 +++++++--
 3 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/src/auth.js b/src/auth.js
index 86af03e..677ac96 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -11,9 +11,14 @@ const APISession = {
   token: '',
   // user admins are a very special case as the permissions on the resource can only
   // be seen by requesting users and check whether you see their membership
-  isUserAdmin: false
+  isUserAdmin: false,
 };
 
+const amivapi = axios.create({
+  baseURL: apiUrl,
+  headers: { 'Content-Type': 'application/json' },
+});
+
 // OAuth Handler
 const oauth = new ClientOAuth2({
   clientId: oAuthID,
@@ -21,18 +26,13 @@ const oauth = new ClientOAuth2({
   redirectUri: `${ownUrl}/oauthcallback`,
 });
 
-export function resetSession() {
+function resetSession() {
   APISession.authenticated = false;
   APISession.token = '';
   localStorage.remove('token');
   window.location.replace(oauth.token.getUri());
 }
 
-const amivapi = axios.create({
-  baseURL: apiUrl,
-  headers: { 'Content-Type': 'application/json' },
-});
-
 function checkToken(token) {
   // check if a token is still valid
   return new Promise((resolve, reject) => {
@@ -88,6 +88,26 @@ export function getSession() {
   });
 }
 
+export function deleteSession() {
+  return new Promise((resolve, reject) => {
+    getSession().then((api) => {
+      api.get(`sessions/${APISession.token}`).then((response) => {
+        if (response.status === 200) {
+          api.delete(
+            `sessions/${response.data._id}`,
+            { headers: { 'If-Match': response.data._etag } },
+          ).then((deleteResponse) => {
+            if (deleteResponse.status === 204) {
+              resetSession();
+              resolve(deleteResponse.data);
+            } else reject();
+          }).catch(reject);
+        } else reject();
+      }).catch(reject);
+    });
+  });
+}
+
 export class ResourceHandler {
   /* Handler to get and manipulate resource items
    *
diff --git a/src/index.js b/src/index.js
index 6d3d4fe..dc63d45 100644
--- a/src/index.js
+++ b/src/index.js
@@ -42,5 +42,3 @@ m.route(root, '/events', {
   '/newjoboffer': layoutWith(JobItem),
   '/joboffers/:id': layoutWith(JobItem),
 });
-
-m.route.prefix('');
diff --git a/src/layout.js b/src/layout.js
index f24392b..760ca10 100644
--- a/src/layout.js
+++ b/src/layout.js
@@ -9,11 +9,12 @@ import {
   ToolbarTitle,
   Dialog,
   SVG,
+  Button,
   IconButton,
 } from 'polythene-mithril';
 import { styler } from 'polythene-core-css';
 import { icons } from './views/elements';
-import { resetSession } from './auth';
+import { deleteSession } from './auth';
 import { colors } from './style';
 
 const layoutStyle = [
@@ -109,7 +110,11 @@ export class Layout {
             style: { color: '#ffffff' },
           })),
           m(ToolbarTitle, { text: 'AMIV Admintools' }),
-          m('a', { onclick: resetSession }, 'Logout'),
+          m(Button, {
+            className: 'red-row-button',
+            label: 'logout',
+            events: { onclick: deleteSession },
+          }),
         ]),
         m(
           'div.mdc-typography.wrapper-sidebar',
-- 
GitLab