add GET /api/logout

This commit is contained in:
Son NK 2020-07-04 12:10:04 +02:00
parent 0d3a3e0c48
commit d0776b770f
3 changed files with 51 additions and 2 deletions

View File

@ -791,7 +791,7 @@ Output: if api key is correct, return a json with user name and whether user is
If api key is incorrect, return 401.
#### POST /api/api_key
#### POST /api/api_key
Create a new API Key
@ -810,6 +810,19 @@ Output
}
```
#### GET /api/logout
Log user out
Input:
- `Authentication` header that contains the api key
- Or the correct cookie is set, i.e. user is already logged in on the web
Output:
- 401 if user is not authenticated
- 200 if success
### Alias endpoints
#### GET /api/v4/alias/options

View File

@ -1,6 +1,8 @@
from flask import jsonify, g, request
from flask import jsonify, g, request, make_response
from flask_login import logout_user
from app.api.base import api_bp, require_api_auth
from app.config import SESSION_COOKIE_NAME
from app.extensions import db
from app.models import ApiKey
@ -43,3 +45,19 @@ def create_api_key():
db.session.commit()
return jsonify(api_key=api_key.code), 201
@api_bp.route("/logout", methods=["GET"])
@require_api_auth
def logout():
"""
Log user out on the web, i.e. remove the cookie
Output:
- 200
"""
logout_user()
response = make_response(jsonify(msg="User is logged out"), 200)
response.delete_cookie(SESSION_COOKIE_NAME)
return response

View File

@ -54,3 +54,21 @@ def test_create_api_key(flask_client):
assert r.status_code == 201
assert r.json["api_key"]
def test_logout(flask_client):
# create user, user is activated
User.create(email="a@b.c", password="password", name="Test User", activated=True)
db.session.commit()
# login user
flask_client.post(
url_for("auth.login"),
data={"email": "a@b.c", "password": "password"},
follow_redirects=True,
)
# logout
r = flask_client.get(url_for("auth.logout"), follow_redirects=True,)
assert r.status_code == 200