async def logout(session_id): if not session_id: return {"detail": "Empty session id"} updated_sessions = [] session_key = '' # check session is created for the user with open('session.txt', 'r') as session_file: sessions = session_file.readlines() for idx in range(len(sessions)): # convert str to json obj session_obj = json.loads(sessions[idx]) if (session_id in session_obj['session']): session_key = session_obj['username'] sessions.pop(idx) updated_sessions = sessions with open('session.txt', 'w+') as session_file: for session in updated_sessions: session_file.write(session) session_file.write('\n') content = {"detail": "Logout success"} response = JSONResponse(content=content, status_code=200) response.delete_cookie(session_key) return response
async def auth_sso_callback( provider: str, request: Request, redirect_to: Optional[str] = Cookie(None), ssoaction: str = Cookie("login"), token: Optional[str] = Depends(dependencies.get_user_token), ): """Process sso provider's login callback and login user""" sso = _provider_factory(provider) openidsso = await sso.verify_and_process(request) if openidsso is None: raise exceptions.AuthenticationException() openid = schemas.OpenID.from_sso(openidsso) if ssoaction == "add-provider": if not token: raise exceptions.AuthenticationException() logged_user = await dependencies.get_user(token) await actions.user.user_add_openid(openid, logged_user.id) response = JSONResponse( { "detail": f"User {logged_user.id} - {logged_user.email} was added " f"openid {openid.provider}/{openid.provider_id}" } ) response.delete_cookie("ssoaction") return response user = await actions.user.get_or_create_user(openid) return await actions.user.login_user(user, permanent=True, redirect_to=redirect_to, openid=openid)
async def on_post( self ) -> JSONResponse: """ POST /logout """ # 303 tells the browser to switch from POST to GET headers = {"location": self.location} # NOTE: use JSONResponse instead of RedirectResponse to # avoid confusing OpenAPI response = JSONResponse(status_code=303, headers=headers) response.delete_cookie(self.cookie_name) return response
async def logout_user(request): response = JSONResponse({"message": "success"}, status_code=200) response.delete_cookie(key="token", path="/") try: session = Session() session.query(Tokens).filter_by(idUser=request.user.id).delete() session.commit() except exc.SQLAlchemyError: return JSONResponse({ "message": "Failed to logout", "code": "1" }, status_code=404) return response
async def logout( response: JSONResponse, internal_user: str = Depends(access_token_cookie_scheme) ) -> JSONResponse: """ Logout endpoint for deleting the HTTPOnly cookie on the user's browser. Args: internal_auth_token: Internal authentication token Returns: response: A JSON response with the status of the user's session """ async with exception_handling(): response = JSONResponse( content=jsonable_encoder({ "userLoggedIn": False, }), ) response.delete_cookie(key="access_token") return response
async def post_auth(request: Request, watchdog_auth: str = Cookie(''), redirect: str = '/'): # two scene for set new password, update new password if has password, else return the html # 1. not set watchdog_auth; 2. already authenticated password = loads(await request.body())['password'] auth_not_set = not Config.watchdog_auth already_authed = watchdog_auth and watchdog_auth == Config.watchdog_auth need_new_pwd = auth_not_set or already_authed if password: if need_new_pwd: old_password = Config.password Config.password = password await refresh_token() resp = JSONResponse({'ok': True, 'redirect': redirect}) resp.set_cookie('watchdog_auth', Config.watchdog_auth, max_age=Config.cookie_max_age, httponly=True) logger.warning( f'password changed {old_password}->{Config.password}.') return resp elif (await md5_checker(password, Config.watchdog_auth, freq=True)): resp = JSONResponse({'ok': True, 'redirect': redirect}) resp.set_cookie('watchdog_auth', Config.watchdog_auth, max_age=Config.cookie_max_age, httponly=True) logger.info('correct password, login success.') return resp # invalid password, clear cookie resp = JSONResponse({'ok': False}) # resp.set_cookie('watchdog_auth', '') resp.delete_cookie('watchdog_auth') logger.info(f'invalid password: {password}') return resp
async def logout(request: Request) -> JSONResponse: """Logout user by removing his user cookies and his login token from database. :return: {"success": bool}. :rtype: JSONResponse """ token = request.cookies.get("user_token") user_id = request.cookies.get("user_id") if not token or not user_id: return JSONResponse({ "success": False, "message": "no user is logged in" }) auth = Authenticator(MONGO) logout_info = auth.logout_user(token, user_id) if logout_info["success"]: response = JSONResponse(logout_info) response.delete_cookie("user_token") response.delete_cookie("user_id") response.delete_cookie("username") return response return JSONResponse(response)
async def route_logout_and_remove_cookie(): response = JSONResponse({'logout': True}) response.delete_cookie("Authorization") return response
async def route_logout_and_remove_cookie(): content = {"message": "Logged Out Successfully!"} response = JSONResponse(content=content) response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN) return response
async def logout(): response = JSONResponse(content={"details": "ok"}) response.delete_cookie(settings.access_token_cookie_name) response.delete_cookie(settings.csrf_token_cookie_name) return response
async def delete_cookie(): """ Delete api key from cookies """ response = JSONResponse(f'Cookie {API_KEY_NAME} has been deleted') response.delete_cookie(key=API_KEY_NAME) return response
async def logout(): response = JSONResponse({"logout": True}) response.delete_cookie(COOKIE_AUTHORIZATION_NAME, domain=COOKIE_DOMAIN) return response
async def route_logout_and_remove_cookie(): response = JSONResponse({"are you authenticated?": "not any more"}) response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN) return response