From 36cfdfc3d10ec2b6308c425f643f6b80d16324f7 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Thu, 18 Nov 2021 13:34:49 +0100
Subject: [PATCH] Handle logout

---
 .../caosdb/server/grpc/AuthInterceptor.java   | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java b/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java
index 5078d55d..644a6719 100644
--- a/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java
+++ b/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java
@@ -50,6 +50,12 @@ public class AuthInterceptor implements ServerInterceptor {
       Pattern.compile("^\\s*" + AuthenticationUtils.SESSION_TOKEN_COOKIE + "\\s*=\\s*");
   public static final Predicate<String> SESSION_TOKEN_COOKIE_PREFIX_PREDICATE =
       SESSION_TOKEN_COOKIE_PREFIX_PATTERN.asPredicate();
+
+  public final Metadata expiredSessionMetadata() {
+    Metadata metadata = new Metadata();
+    metadata.put(CookieSetter.SET_COOKIE, CookieSetter.EXPIRED_SESSION_COOKIE);
+    return metadata;
+  }
   /**
    * A no-op listener. This class is used for failed authentications. We couldn't return a null
    * instead because the documentation of the {@link ServerInterceptor} explicitely forbids it.
@@ -107,7 +113,7 @@ public class AuthInterceptor implements ServerInterceptor {
     } else {
       status = Status.UNAUTHENTICATED.withDescription("Unsupported authentication scheme.");
     }
-    call.close(status, new Metadata());
+    call.close(status, expiredSessionMetadata());
     return new NoOpListener<ReqT>();
   }
 
@@ -130,7 +136,7 @@ public class AuthInterceptor implements ServerInterceptor {
       final Status status =
           Status.UNAUTHENTICATED.withDescription(
               "Authentication failed. SessionToken was invalid.");
-      call.close(status, new Metadata());
+      call.close(status, expiredSessionMetadata());
       return new NoOpListener<ReqT>();
     }
   }
@@ -160,7 +166,7 @@ public class AuthInterceptor implements ServerInterceptor {
       final Status status =
           Status.UNAUTHENTICATED.withDescription(
               "Authentication failed. Username or password wrong.");
-      call.close(status, new Metadata());
+      call.close(status, expiredSessionMetadata());
       return new NoOpListener<ReqT>();
     }
   }
@@ -203,7 +209,10 @@ public class AuthInterceptor implements ServerInterceptor {
 
 final class CookieSetter<ReqT, RespT>
     extends ForwardingServerCall.SimpleForwardingServerCall<ReqT, RespT> {
-  private static final Key<String> SET_COOKIE =
+  public static final String EXPIRED_SESSION_COOKIE =
+      AuthenticationUtils.SESSION_TOKEN_COOKIE
+          + "=expired; Path=/; HttpOnly; SameSite=Strict; Max-Age=0";
+  public static final Key<String> SET_COOKIE =
       Key.of("Set-Cookie", Metadata.ASCII_STRING_MARSHALLER);
 
   protected CookieSetter(ServerCall<ReqT, RespT> delegate) {
@@ -244,6 +253,8 @@ final class CookieSetter<ReqT, RespT>
                   + getSessionTimeoutSeconds());
         }
       }
+    } else {
+      headers.put(SET_COOKIE, EXPIRED_SESSION_COOKIE);
     }
   }
 }
-- 
GitLab