fix: logout for all users to delete cookies

2024-11-04 02:32:13 +03:00 · 2024-11-04 02:32:13 +03:00 · 0dda336de1
commit 0dda336de1
parent 727f5c276e
2 changed files with 4 additions and 3 deletions
--- a/Endpoint/Controllers/V1/AuthController.cs
+++ b/Endpoint/Controllers/V1/AuthController.cs
@ -85,7 +85,6 @@ public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, Pass
    public async Task<ActionResult> Logout()
    {
        await auth.LogoutAsync(GetCookieParams(), HttpContext);
-
        return Ok();
    }

--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@ -193,6 +193,10 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
    public async Task LogoutAsync(CookieOptionsParameters cookieOptions, HttpContext context, CancellationToken cancellation = default)
    {
        var requestContext = new RequestContextInfo(context, cookieOptions);
+
+        cookieOptions.DropCookie(context, CookieNames.AccessToken);
+        cookieOptions.DropCookie(context, CookieNames.RefreshToken);
+
        var authTokenStruct = await cache.GetAsync<AuthToken>(GetAuthCacheKey(requestContext.Fingerprint), cancellation);

        if (authTokenStruct == null)
@ -200,7 +204,5 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I

        await RevokeAccessToken(authTokenStruct.AccessToken);
        await cache.RemoveAsync(requestContext.Fingerprint, cancellation);
-        cookieOptions.DropCookie(context, CookieNames.AccessToken);
-        cookieOptions.DropCookie(context, CookieNames.RefreshToken);
    }
 }