Call /admin/bye on logout

2025-04-19 02:42:15 +00:00 · 2021-07-30 01:08:18 +08:00 · 2021-07-30 01:08:18 +08:00 · eddd1050c4
commit eddd1050c4
parent 745f2de25f
3 changed files with 3 additions and 2 deletions
--- a/management/auth.py
+++ b/management/auth.py
@ -147,7 +147,7 @@ class KeyAuthService:

 	def remove_user_token(self, email, request, env):
 		# Remove the user's token from the in-memory session database.
-		# Returns the invalidated token if exists.
+		# Return the invalidated token if exists.
 		return KeyAuthService.__token_dict.pop(email)

 	def create_user_key(self, email, env):
--- a/management/daemon.py
+++ b/management/daemon.py
@ -184,7 +184,7 @@ def bye():
 		pass  # Unauthorized users can logout too, simply do nothing.
 	finally:
 		resp = Response()
-		resp.set_cookie("miab-cp-token", expires=0)  # Removes the token cookie
+		resp.set_cookie("miab-cp-token", expires=0)  # Remove the token cookie
 		return resp

 # MAIL
--- a/management/templates/index.html
+++ b/management/templates/index.html
@ -372,6 +372,7 @@ function do_logout() {
    localStorage.removeItem("miab-cp-credentials");
  if (typeof sessionStorage != 'undefined')
    sessionStorage.removeItem("miab-cp-credentials");
+  api("/bye", "GET");  // Invalidate and remove control panel token.
  show_panel('login');
 }