added logout method

bomzheg · Mar 8, 2024 · 0e35985 · 0e35985
1 parent 1a28b8b
commit 0e35985
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/shvatka/api/routes/auth.py b/shvatka/api/routes/auth.py
@@ -45,6 +45,21 @@ async def login(
     return {"ok": True}
 
 
+@inject
+async def logout(
+    response: Response,
+    config: Annotated[AuthConfig, Depends()],
+):
+    response.delete_cookie(
+        "Authorization",
+        samesite=config.samesite,
+        domain=config.domain,
+        httponly=config.httponly,
+        secure=config.secure,
+    )
+    return {"ok": True}
+
+
 @inject
 async def tg_login_result(
     response: Response,
@@ -72,5 +87,6 @@ def setup() -> APIRouter:
     router = APIRouter(prefix="/auth")
     router.add_api_route("/token", login, methods=["POST"])
     router.add_api_route("/login", tg_login_page, response_class=HTMLResponse, methods=["GET"])
+    router.add_api_route("/logout", logout, methods=["POST"])
     router.add_api_route("/login/data", tg_login_result, methods=["GET"])
     return router
diff --git a/tests/integration/api_full/test_user.py b/tests/integration/api_full/test_user.py
@@ -61,6 +61,19 @@ async def test_user_get(client: AsyncClient, user: dto.User, token: Token):
     assert user == actual
 
 
+@pytest.mark.asyncio
+async def test_logout(client: AsyncClient, token: Token):
+    resp = await client.post(
+        "/auth/logout",
+        cookies={"Authorization": f"{token.token_type} {token.access_token}"},
+        follow_redirects=True,
+    )
+
+    assert resp.is_success
+    assert not resp.cookies
+    assert 'Authorization=""' in resp.headers["set-cookie"]
+
+
 @pytest.mark.asyncio
 @pytest.mark.skip(reason="doesnt work. TODO")
 async def test_change_password(client: AsyncClient, user: dto.User, token: Token):