diff options
Diffstat (limited to 'web')
| -rw-r--r-- | web/web.go | 8 | ||||
| -rw-r--r-- | web/web_test.go | 26 |
2 files changed, 34 insertions, 0 deletions
@@ -205,9 +205,17 @@ func Serve() { http.HandleFunc("/login/", loginHandler) http.HandleFunc("/logout/", logoutHandler) http.HandleFunc("/api/login", apiLoginHandler) + http.HandleFunc("/api/logout", apiLogoutHandler) http.HandleFunc("/api/auth", apiAuthStatusHandler) http.HandleFunc("/", AuthWrap(indexHandler)) log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.Config.Port), nil)) } + +func apiLogoutHandler(w http.ResponseWriter, r *http.Request) { + c := http.Cookie{Name: AuthCookie, Value: "", Path: "/", MaxAge: -1, HttpOnly: false} + http.SetCookie(w, &c) + w.Header().Set("Content-Type", "application/json") + fmt.Fprintf(w, `{"status":"ok"}`) +} diff --git a/web/web_test.go b/web/web_test.go index a73a6c9..156bbef 100644 --- a/web/web_test.go +++ b/web/web_test.go @@ -356,6 +356,32 @@ func TestApiAuthStatusHandlerAuthenticated(t *testing.T) { if body != `{"status":"ok", "authenticated":true}` { t.Errorf("Expected authenticated true, got %q", body) } + + // Test Logout + req, _ = http.NewRequest("POST", "/api/logout", nil) + rr = httptest.NewRecorder() + handler := http.HandlerFunc(apiLogoutHandler) + handler.ServeHTTP(rr, req) + + if status := rr.Code; status != http.StatusOK { + t.Errorf("logout handler returned wrong status code: got %v want %v", + status, http.StatusOK) + } + + // Verify cookie is cleared + cookies := rr.Result().Cookies() + found := false + for _, c := range cookies { + if c.Name == AuthCookie { + found = true + if c.MaxAge != -1 { + t.Errorf("auth cookie not expired: got MaxAge %v want -1", c.MaxAge) + } + } + } + if !found { + t.Errorf("auth cookie not found in response") + } } func TestApiAuthStatusHandlerUnauthenticated(t *testing.T) { |