From eddd1050c486508f915b7fef93047ed08abe744c Mon Sep 17 00:00:00 2001
From: NewbieOrange <NewbieOrange@users.noreply.github.com>
Date: Fri, 30 Jul 2021 01:08:18 +0800
Subject: [PATCH] Call /admin/bye on logout

---
 management/auth.py              | 2 +-
 management/daemon.py            | 2 +-
 management/templates/index.html | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/management/auth.py b/management/auth.py
index a705eacb..82e4af79 100644
--- a/management/auth.py
+++ b/management/auth.py
@@ -147,7 +147,7 @@ class KeyAuthService:
 
 	def remove_user_token(self, email, request, env):
 		# Remove the user's token from the in-memory session database.
-		# Returns the invalidated token if exists.
+		# Return the invalidated token if exists.
 		return KeyAuthService.__token_dict.pop(email)
 
 	def create_user_key(self, email, env):
diff --git a/management/daemon.py b/management/daemon.py
index 8beeed60..ed090409 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -184,7 +184,7 @@ def bye():
 		pass  # Unauthorized users can logout too, simply do nothing.
 	finally:
 		resp = Response()
-		resp.set_cookie("miab-cp-token", expires=0)  # Removes the token cookie
+		resp.set_cookie("miab-cp-token", expires=0)  # Remove the token cookie
 		return resp
 
 # MAIL
diff --git a/management/templates/index.html b/management/templates/index.html
index 12f6ad8e..f9e97234 100644
--- a/management/templates/index.html
+++ b/management/templates/index.html
@@ -372,6 +372,7 @@ function do_logout() {
     localStorage.removeItem("miab-cp-credentials");
   if (typeof sessionStorage != 'undefined')
     sessionStorage.removeItem("miab-cp-credentials");
+  api("/bye", "GET");  // Invalidate and remove control panel token.
   show_panel('login');
 }