From 3e8abbdfb66b3e5c9f363e2d8aac8f7b4d16bdeb Mon Sep 17 00:00:00 2001
From: SR20290919 <SR20290919@APL-PG02PW8B>
Date: Sun, 25 May 2025 18:03:39 +0530
Subject: [PATCH 1/2] adding code changes to invalidate jwt token

---
 .../controller/users/IEMRAdminController.java | 54 +++++++++++++++----
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
index a8cced19..468a2870 100644
--- a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
+++ b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
@@ -887,21 +887,55 @@ private void deleteSessionObject(String key) {
 		}
 	}
 
+
+
 	@CrossOrigin()
 	@Operation(summary = "Force log out")
 	@RequestMapping(value = "/forceLogout", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization")
-	public String forceLogout(@Param(value = "{\"userName\":\"String user name to force logout\", "
-			+ "\"providerServiceMapID\":\"Integer service provider ID\"}") @RequestBody ForceLogoutRequestModel request) {
-		OutputResponse response = new OutputResponse();
-		try {
-			iemrAdminUserServiceImpl.forceLogout(request);
-			response.setResponse("Success");
-		} catch (Exception e) {
-			response.setError(e);
-		}
-		return response.toString();
+	public String forceLogout(@RequestBody ForceLogoutRequestModel request, HttpServletRequest httpRequest, HttpServletResponse response) {
+	    OutputResponse outputResponse = new OutputResponse();
+	    try {
+	        // Perform the force logout logic
+	        iemrAdminUserServiceImpl.forceLogout(request);
+
+	        // Extract and invalidate JWT token cookie dynamically from the request
+	        invalidateJwtCookie(httpRequest, response);
+
+	        // Set the response message
+	        outputResponse.setResponse("Success");
+	    } catch (Exception e) {
+	        outputResponse.setError(e);
+	    }
+	    return outputResponse.toString();
+	}
+	
+	private void invalidateJwtCookie(HttpServletRequest request, HttpServletResponse response) {
+	    // Get the cookies from the incoming request
+	    Cookie[] cookies = request.getCookies();
+
+	    if (cookies != null) {
+	        for (Cookie cookie : cookies) {
+	            // Check if the cookie name matches "Jwttoken" (case-sensitive)
+	            if (cookie.getName().equalsIgnoreCase("Jwttoken")) {
+	                // Invalidate the JWT token cookie by setting the value to null and max age to 0
+	                cookie.setValue(null);
+	                cookie.setMaxAge(0);    // Expire the cookie immediately
+	                cookie.setPath("/");    // Ensure the path matches the cookie's original path
+	                cookie.setHttpOnly(true);  // Secure the cookie so it can't be accessed via JS
+	                cookie.setSecure(true);    // Only send over HTTPS if you're using secure connections
+
+	                // Add the invalidated cookie back to the response
+	                response.addCookie(cookie);
+	                break;  // If we found the JWT cookie, no need to continue looping
+	            }
+	        }
+	    } else {
+	        // Log or handle the case when no cookies are found in the request
+	        logger.warn("No cookies found in the request.");
+	    }
 	}
 
+	
 	@CrossOrigin()
 	@Operation(summary = "User force log out")
 	@RequestMapping(value = "/userForceLogout", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON, headers = "Authorization")

From f67d796a88b8b3c0e9654057b8d4045825eab884 Mon Sep 17 00:00:00 2001
From: SR20290919 <SR20290919@APL-PG02PW8B>
Date: Sun, 25 May 2025 18:12:40 +0530
Subject: [PATCH 2/2] adding code rabbit suggested changes

---
 .../com/iemr/common/controller/users/IEMRAdminController.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
index 468a2870..b4be2989 100644
--- a/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
+++ b/src/main/java/com/iemr/common/controller/users/IEMRAdminController.java
@@ -920,10 +920,10 @@ private void invalidateJwtCookie(HttpServletRequest request, HttpServletResponse
 	                // Invalidate the JWT token cookie by setting the value to null and max age to 0
 	                cookie.setValue(null);
 	                cookie.setMaxAge(0);    // Expire the cookie immediately
-	                cookie.setPath("/");    // Ensure the path matches the cookie's original path
+	                cookie.setPath(cookie.getPath());    // Ensure the path matches the cookie's original path
 	                cookie.setHttpOnly(true);  // Secure the cookie so it can't be accessed via JS
 	                cookie.setSecure(true);    // Only send over HTTPS if you're using secure connections
-
+	                cookie.setAttribute("SameSite", "Strict");
 	                // Add the invalidated cookie back to the response
 	                response.addCookie(cookie);
 	                break;  // If we found the JWT cookie, no need to continue looping