Handle logout

36cfdfc3 · Timm Fitschen · d4cdc595 · 36cfdfc3
Verified Commit 36cfdfc3 authored 3 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java
+++ b/src/main/java/org/caosdb/server/grpc/AuthInterceptor.java
@@ -50,6 +50,12 @@ public class AuthInterceptor implements ServerInterceptor {
      Pattern.compile("^\\s*" + AuthenticationUtils.SESSION_TOKEN_COOKIE + "\\s*=\\s*");
  public static final Predicate<String> SESSION_TOKEN_COOKIE_PREFIX_PREDICATE =
      SESSION_TOKEN_COOKIE_PREFIX_PATTERN.asPredicate();
+  public final Metadata expiredSessionMetadata() {
+    Metadata metadata = new Metadata();
+    metadata.put(CookieSetter.SET_COOKIE, CookieSetter.EXPIRED_SESSION_COOKIE);
+    return metadata;
+  }
  /**
   * A no-op listener. This class is used for failed authentications. We couldn't return a null
   * instead because the documentation of the {@link ServerInterceptor} explicitely forbids it.
@@ -107,7 +113,7 @@ public class AuthInterceptor implements ServerInterceptor {
    } else {
      status = Status.UNAUTHENTICATED.withDescription("Unsupported authentication scheme.");
    }
-    call.close(status, new Metadata());
+    call.close(status, expiredSessionMetadata());
    return new NoOpListener<ReqT>();
  }
@@ -130,7 +136,7 @@ public class AuthInterceptor implements ServerInterceptor {
      final Status status =
          Status.UNAUTHENTICATED.withDescription(
              "Authentication failed. SessionToken was invalid.");
-      call.close(status, new Metadata());
+      call.close(status, expiredSessionMetadata());
      return new NoOpListener<ReqT>();
    }
  }
@@ -160,7 +166,7 @@ public class AuthInterceptor implements ServerInterceptor {
      final Status status =
          Status.UNAUTHENTICATED.withDescription(
              "Authentication failed. Username or password wrong.");
-      call.close(status, new Metadata());
+      call.close(status, expiredSessionMetadata());
      return new NoOpListener<ReqT>();
    }
  }
@@ -203,7 +209,10 @@ public class AuthInterceptor implements ServerInterceptor {
 final class CookieSetter<ReqT, RespT>
    extends ForwardingServerCall.SimpleForwardingServerCall<ReqT, RespT> {
-  private static final Key<String> SET_COOKIE =
+  public static final String EXPIRED_SESSION_COOKIE =
+      AuthenticationUtils.SESSION_TOKEN_COOKIE
+          + "=expired; Path=/; HttpOnly; SameSite=Strict; Max-Age=0";
+  public static final Key<String> SET_COOKIE =
      Key.of("Set-Cookie", Metadata.ASCII_STRING_MARSHALLER);
  protected CookieSetter(ServerCall<ReqT, RespT> delegate) {
@@ -244,6 +253,8 @@ final class CookieSetter<ReqT, RespT>
                  + getSessionTimeoutSeconds());
        }
      }
+    } else {
+      headers.put(SET_COOKIE, EXPIRED_SESSION_COOKIE);
    }
  }
 }