external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

change(fastapi): remove the GET /logout route; replaced with POST

Browse source 
Had to add some additional CSS in to style a form button the same
as <a> links are styled.

Closes #188

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-11-29 16:51:16 -08:00
parent 44f2366675
commit 69eb17cb0d
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
4 changed files with 25 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
aurweb/routers/auth.py
View file

@ -77,14 +77,9 @@ async def login_post(request: Request,
return response return response
@router.get("/logout") @router.post("/logout")
@auth_required() @auth_required()
async def logout(request: Request, next: str = "/"): async def logout(request: Request, next: str = Form(default="/")):
""" A GET and POST route for logging out.
@param request FastAPI request
@param next Route to redirect to
"""
if request.user.is_authenticated(): if request.user.is_authenticated():
request.user.logout(request) request.user.logout(request)
@ -95,9 +90,3 @@ async def logout(request: Request, next: str = "/"):
response.delete_cookie("AURSID") response.delete_cookie("AURSID")
response.delete_cookie("AURTZ") response.delete_cookie("AURTZ")
return response return response
@router.post("/logout")
@auth_required()
async def logout_post(request: Request, next: str = "/"):
return await logout(request=request, next=next)

7
templates/partials/archdev-navbar.html
View file

@ -45,9 +45,12 @@
{# All logged in users see Logout #} {# All logged in users see Logout #}
<li> <li>
<a href="/logout?next={{ next }}"> <form action="/logout" method="post" class="link">
<input type="hidden" name="next" value="{{ next }}" />
<button type="submit">
{% trans %}Logout{% endtrans %} {% trans %}Logout{% endtrans %}
</a> </button>
</form>
</li> </li>
{% else %} {% else %}
{# All guest users see Register #} {# All guest users see Register #}

3
test/test_auth_routes.py
View file

@ -154,8 +154,9 @@ def test_unauthenticated_logout_unauthorized():
with client as request: with client as request:
# Alright, let's verify that attempting to /logout when not # Alright, let's verify that attempting to /logout when not
# authenticated returns 401 Unauthorized. # authenticated returns 401 Unauthorized.
response = request.get("/logout", allow_redirects=False) response = request.post("/logout", allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER) assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location").startswith("/login")
def test_login_missing_username(): def test_login_missing_username():

15
web/html/css/aurweb.css
View file

@ -229,3 +229,18 @@ input#search-action-submit {
.success { .success {
color: green; color: green;
} }
/* Styling used to clone <a> styles for a form.link button. */
form.link, form.link > button {
display: inline-block;
}
form.link > button {
padding: 0 0.5em;
color: #07b;
background: none;
border: none;
}
form.link > button:hover {
cursor: pointer;
text-decoration: underline;
}