fix logout

cozy · Jan 24, 2017 · aff1c19 · aff1c19
1 parent 2d347a2
commit aff1c19
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/pkg/apps/apps.go b/pkg/apps/apps.go
@@ -198,7 +198,7 @@ func (m *Manifest) BuildToken(i *instance.Instance) string {
 			IssuedAt: crypto.Timestamp(),
 			Subject:  m.Slug,
 		},
-		Scope: "io.cozy._all", // TODO scope
+		Scope: "", // apps token doesnt have a scope
 	})
 	if err != nil {
 		return ""

diff --git a/web/auth/auth.go b/web/auth/auth.go
@@ -117,7 +117,7 @@ func login(c echo.Context) error {
 
 func logout(c echo.Context) error {
 	instance := middlewares.GetInstance(c)
-	claims, ok := c.Get("token_claims").(permissions.Claims)
+	claims, ok := c.Get("token_claims").(*permissions.Claims)
 	if !ok || claims.Audience != permissions.AppAudience {
 		return c.Redirect(http.StatusSeeOther, instance.SubDomain(apps.HomeSlug))
 	}

diff --git a/web/auth/auth_test.go b/web/auth/auth_test.go
@@ -999,12 +999,15 @@ func TestLogoutNoToken(t *testing.T) {
 func TestLogoutSuccess(t *testing.T) {
 	a := app.Manifest{Slug: "home"}
 	token := a.BuildToken(testInstance)
+	permissions.Create(testInstance, a.Slug, permissions.Set{})
 	req, _ := http.NewRequest("DELETE", ts.URL+"/auth/login", nil)
 	req.Host = domain
 	req.Header.Add("Authorization", "Bearer "+token)
 	res, err := client.Do(req)
 	assert.NoError(t, err)
 	defer res.Body.Close()
+	permissions.Destroy(testInstance, "home")
+
 	if assert.Equal(t, "303 See Other", res.Status) {
 		assert.Equal(t, "https://cozy.example.net/auth/login",
 			res.Header.Get("Location"))