From d9e7c5616b2447c14dde47d0f0b95844e1d54d79 Mon Sep 17 00:00:00 2001 From: flashwave Date: Fri, 9 Dec 2016 20:36:26 +0100 Subject: [PATCH] moved auth into subroute and make logout DELETE --- app/Controllers/AuthController.php | 13 ++++++------ app/Router.php | 2 +- resources/views/yuuno/master.twig | 32 +++++++++++------------------- routes.php | 24 ++++++++++++---------- 4 files changed, 32 insertions(+), 39 deletions(-) diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index afb2dc5..3c573e1 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -6,6 +6,7 @@ namespace Sakura\Controllers; +use Phroute\Phroute\Exception\HttpMethodNotAllowedException; use Sakura\ActionCode; use Sakura\Config; use Sakura\CurrentSession; @@ -38,18 +39,16 @@ class AuthController extends Controller /** * End the current session. - * @return string + * @throws HttpMethodNotAllowedException */ - public function logout(): string + public function logout(): void { if (!session_check()) { - return $this->json(['error' => 'Logout failed.']); + throw new HttpMethodNotAllowedException; } // Destroy the active session CurrentSession::stop(); - - return $this->json(['error' => null]); } /** @@ -109,8 +108,8 @@ class AuthController extends Controller ); $cookiePrefix = config('cookie.prefix'); - setcookie("{$cookiePrefix}id", $user->id, time() + 604800); - setcookie("{$cookiePrefix}session", $session->key, time() + 604800); + setcookie("{$cookiePrefix}id", $user->id, time() + 604800, '/'); + setcookie("{$cookiePrefix}session", $session->key, time() + 604800, '/'); $this->touchRateLimit($user->id, true); diff --git a/app/Router.php b/app/Router.php index ebeec73..3311544 100644 --- a/app/Router.php +++ b/app/Router.php @@ -138,7 +138,7 @@ class Router * @param string $url * @return string */ - public static function handle(string $method, string $url): string + public static function handle(string $method, string $url): ?string { // Check if the dispatcher is defined if (self::$dispatcher === null) { diff --git a/resources/views/yuuno/master.twig b/resources/views/yuuno/master.twig index 4d2373e..ef93ff5 100644 --- a/resources/views/yuuno/master.twig +++ b/resources/views/yuuno/master.twig @@ -127,34 +127,26 @@ confirm.AddCallback(Sakura.DialogueButton.Yes, function () { var ajax = new Sakura.AJAX; - - ajax.SetUrl("{{ route('auth.logout') }}"); - ajax.Form(); - ajax.SetSend({ - "session": Sakura.Config.SessionId - }); + ajax.SetUrl("{{ route('auth.logout') }}?session=" + Sakura.Config.SessionId); ajax.AddCallback(200, function () { - var result = ajax.JSON(); + window.location.reload(); + }); + ajax.AddCallback(403, function () { confirm.Close(); - if (result.error) { - var error = new Sakura.Dialogue; - error.Title = "Logout Error"; - error.Text = result.error; - error.SetType(Sakura.DialogueType.Info); + var error = new Sakura.Dialogue; + error.Title = "Logout Error"; + error.Text = "Logout failed."; - error.AddCallback(Sakura.DialogueButton.Ok, function () { - this.Close(); - }); + error.AddCallback(Sakura.DialogueButton.Ok, function () { + this.Close(); + }); - error.Display(); - } else { - window.location.reload(); - } + error.Display(); }); - ajax.Start(Sakura.HTTPMethod.POST); + ajax.Start(Sakura.HTTPMethod.DELETE); }); confirm.Display(); diff --git a/routes.php b/routes.php index fd0fe77..2808aa3 100644 --- a/routes.php +++ b/routes.php @@ -22,17 +22,6 @@ Router::group(['before' => 'maintenance'], function () { Router::get('/', 'MetaController@index', 'main.index'); Router::get('/search', 'MetaController@search', 'main.search'); - // Auth - Router::post('/login', 'AuthController@login', 'auth.login'); - Router::post('/logout', 'AuthController@logout', 'auth.logout'); - Router::get('/register', 'AuthController@register', 'auth.register'); - Router::post('/register', 'AuthController@register', 'auth.register'); - Router::get('/resetpassword', 'AuthController@resetPassword', 'auth.resetpassword'); - Router::post('/resetpassword', 'AuthController@resetPassword', 'auth.resetpassword'); - Router::get('/reactivate', 'AuthController@reactivate', 'auth.reactivate'); - Router::post('/reactivate', 'AuthController@reactivate', 'auth.reactivate'); - Router::get('/activate', 'AuthController@activate', 'auth.activate'); - // Link compatibility layer, prolly remove this in like a year Router::get('/r/{id}', function ($id) { return redirect("/p/{$id}"); @@ -64,6 +53,19 @@ Router::group(['before' => 'maintenance'], function () { return redirect(substr($link, 0, 4) === 'http' ? $link : route($link)); }); + // Auth + Router::group(['prefix' => 'auth'], function () { + Router::post('/login', 'AuthController@login', 'auth.login'); + Router::delete('/logout', 'AuthController@logout', 'auth.logout'); + Router::get('/register', 'AuthController@register', 'auth.register'); + Router::post('/register', 'AuthController@register', 'auth.register'); + Router::get('/resetpassword', 'AuthController@resetPassword', 'auth.resetpassword'); + Router::post('/resetpassword', 'AuthController@resetPassword', 'auth.resetpassword'); + Router::get('/reactivate', 'AuthController@reactivate', 'auth.reactivate'); + Router::post('/reactivate', 'AuthController@reactivate', 'auth.reactivate'); + Router::get('/activate', 'AuthController@activate', 'auth.activate'); + }); + // Info Router::group(['prefix' => 'info'], function () { Router::get('/terms', 'InfoController@terms', 'info.terms');