Add API endpoint for destroying tokens #584
Conversation
…ken (used for the web UI)
# Conflicts: # settings/routes.php
…point to DELETE method.
|
I have removed the |
| @@ -11,6 +11,11 @@ async function submitCredentials() { | |||
| return; | |||
| } | |||
|
|
|||
| const forbiddenPageAlert = document.getElementById('forbiddenPageAlert'); | |||
There was a problem hiding this comment.
info: while testing the logout I noticed that the Sign in to access page did not vanish when other error messages are displayed (e.g. Invalid credentials). Displaying two alerts seems weird, so I added this
| method: 'DELETE', | ||
| }); | ||
|
|
||
| window.location.href = '/' |
There was a problem hiding this comment.
info: I only wanted to reload the current page initially on logout, so that the user is only redirect to the login page if he was on a protected page, but that this would display the Sign in to access page alert on the login page, which seems weird if the user purposefully logged out, so I decided for the redirect on default
| @@ -0,0 +1,97 @@ | |||
| POST http://127.0.0.1/api/authentication/token | |||
There was a problem hiding this comment.
This is interesting feature in phpstorm, you can run assertions against the http requests.
To execute every request in a row press the green "Run all requests" button:
You can see the result in the Run window and which (if any) assertion failed, example with a failed assertion (wrong password):
This feature is a bit bulky to use, but at least we both can run the same tests in an automatic way locally.
This PR adds an API endpoint that can destroy API tokens (manually generated by the user in the settings) and authentication tokens (generated upon login of the user).
Also important to mention that this PR is based on #575 , so that PR has to be merged before this one.
Part of #572