fix firebase logout (#97)

main issue was with the overriden /logout view not being called so now the blueprints are sorted with overriden ones first. CPCN-62
superdesk · Mar 22, 2023 · 0d1d4fe · 0d1d4fe
1 parent e2220ac
commit 0d1d4fe
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 17 deletions.
diff --git a/client/src/login.js b/client/src/login.js
@@ -9,8 +9,7 @@ if (params.get("email")) {
 }
 
 const sendTokenToServer = (token) => {
-  document.cookie = `token=${token}`;
-  window.location.replace('/auth_token');
+  window.location.replace(`/auth_token?token=${token}`);
 }
 
 // get firebase auth status
@@ -22,7 +21,6 @@ auth.onAuthStateChanged((user) => {
     }
 
     if (params.get('logout') === '1') { // force logout from firebase
-      document.cookie = 'token=';
       signOut(auth);
       return;
     }

diff --git a/server/cp/auth.py b/server/cp/auth.py
@@ -5,6 +5,7 @@
 from flask_babel import gettext
 from google.auth.transport import requests
 from newsroom.auth.utils import sign_user_by_email
+from newsroom.auth.views import logout as _logout
 
 TIMEOUT = 5
 
@@ -16,7 +17,7 @@
 @blueprint.route("/auth_token")
 def token():
     claims = None
-    token = flask.request.cookies.get('token')
+    token = flask.request.args.get('token')
     if token:
         try:
             claims = google.oauth2.id_token.verify_firebase_token(
@@ -32,17 +33,13 @@ def token():
         email = claims["email"]
         return sign_user_by_email(email)
 
-    return flask.redirect(flask.url_for("auth.index"))
+    return flask.redirect(flask.url_for("auth.login"))
 
 
 @blueprint.route("/logout")
 def logout():
-    flask.session.pop("user", None)
-    flask.session.pop("name", None)
-    flask.session.pop("user_type", None)
-    resp = flask.redirect(flask.url_for("auth.login", logout=1))
-    resp.delete_cookie("token")
-    return resp
+    _logout()
+    return flask.redirect(flask.url_for("auth.login", logout=1))
 
 
 @blueprint.route("/cp_reset_password_done")

diff --git a/server/settings.py b/server/settings.py
@@ -195,17 +195,15 @@
 
 
 BLUEPRINTS = [
+    "cp.auth",  # we need this one loaded before newsroom.auth to make it override logout
+    "cp.mgmt_api_docs",
+] + [
     blueprint
     for blueprint in DEFAULT_BLUEPRINTS
     if blueprint
     not in ["newsroom.design", "newsroom.monitoring", "newsroom.news_api.api_tokens"]
 ]
-BLUEPRINTS.extend(
-    [
-        "cp.mgmt_api_docs",
-        "cp.auth",
-    ]
-)
+
 
 CORE_APPS = [
     app