diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/sessions/controller.go | 6 | ||||
| -rw-r--r-- | app/controllers/sessions/controller_test.go | 15 |
2 files changed, 21 insertions, 0 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index 08002a2..7e706e7 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -25,6 +25,7 @@ func New(cfg *oidc.OpenID, http *http.Client) *Controller { func (c *Controller) MountTo(mux *http.ServeMux) { mux.HandleFunc("GET /session/new", c.New) mux.HandleFunc("GET /session/callback", c.Create) + mux.HandleFunc("POST /session/destroy", c.Destroy) } func (c *Controller) New(w http.ResponseWriter, r *http.Request) { @@ -138,3 +139,8 @@ func (c *Controller) Create(w http.ResponseWriter, r *http.Request) { http.SetCookie(w, cookie.New("session", encoded, tokens.Expiry)) http.Redirect(w, r, "/dashboard", http.StatusFound) } + +func (c *Controller) Destroy(w http.ResponseWriter, r *http.Request) { + cookie.Expire(w, r, "session") + http.Redirect(w, r, "/", http.StatusFound) +} diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go index 46c32fd..e325afc 100644 --- a/app/controllers/sessions/controller_test.go +++ b/app/controllers/sessions/controller_test.go @@ -6,6 +6,7 @@ import ( "net/http" "net/url" "testing" + "time" "github.com/oauth2-proxy/mockoidc" "github.com/stretchr/testify/assert" @@ -13,6 +14,7 @@ import ( "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" ) func TestSessions(t *testing.T) { @@ -131,4 +133,17 @@ func TestSessions(t *testing.T) { }) }) }) + + t.Run("POST /session/destroy", func(t *testing.T) { + t.Run("clears the session cookie", func(t *testing.T) { + cookie := cookie.New("session", "value", time.Now().Add(5*time.Minute)) + r, w := test.RequestResponse("POST", "/session/destroy", test.WithCookie(cookie)) + + mux.ServeHTTP(w, r) + + require.Equal(t, http.StatusFound, w.Code) + assert.Equal(t, "/", w.Header().Get("Location")) + assert.Equal(t, "session=; Path=/; Domain=localhost; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; HttpOnly; Secure", w.Header().Get("Set-Cookie")) + }) + }) } |