Explorar o código

fix: #718 - Clear OAuth2 authentication cookie on logout

jamesread hai 7 meses
pai
achega
7425db53f6
Modificáronse 1 ficheiros con 13 adicións e 3 borrados
  1. 13 3
      service/internal/api/api.go

+ 13 - 3
service/internal/api/api.go

@@ -363,15 +363,25 @@ func (api *oliveTinAPI) Logout(ctx ctx.Context, req *connect.Request[apiv1.Logou
 
 	response := connect.NewResponse(&apiv1.LogoutResponse{})
 
-	// Clear the authentication cookie by setting it to expire
-	cookie := &http.Cookie{
+	// Clear the local authentication cookie by setting it to expire
+	localCookie := &http.Cookie{
 		Name:     "olivetin-sid-local",
 		Value:    "",
 		MaxAge:   -1, // This tells the browser to delete the cookie
 		HttpOnly: true,
 		Path:     "/",
 	}
-	response.Header().Set("Set-Cookie", cookie.String())
+	response.Header().Set("Set-Cookie", localCookie.String())
+
+	// Clear the OAuth2 authentication cookie by setting it to expire
+	oauth2Cookie := &http.Cookie{
+		Name:     "olivetin-sid-oauth",
+		Value:    "",
+		MaxAge:   -1, // This tells the browser to delete the cookie
+		HttpOnly: true,
+		Path:     "/",
+	}
+	response.Header().Add("Set-Cookie", oauth2Cookie.String())
 
 	return response, nil
 }