clearCreds support for JSON

[meteficha]

This is the current definition of clearCreds, used on logout:

-- | Clears current user credentials for the session.
--
-- Since 1.1.7
clearCreds :: YesodAuth master
           => Bool -- ^ if HTTP redirect to 'logoutDest' should be done
           -> HandlerT master IO ()
clearCreds doRedirects = do
    y <- getYesod
    onLogout
    deleteSession credsKey
    when doRedirects $ do
        redirectUltDest $ logoutDest y

Note that it always redirects, even if a request was made accepting JSON responses. One could argue that a JSON client should just forget the session cookie themselves, but I think this is a bad idea for two reasons:

• Other session variables may still be relevant even if the user logged out.
• There may be some relevant action on onLogout that should be taken.
• The server could change its session implementation.

I propose changing the above definition to something along the lines of:

-- | Clears current user credentials for the session.
--
-- Since 1.1.7
clearCreds :: YesodAuth master
           => Bool -- ^ if HTTP redirect to 'logoutDest' should be done
           -> HandlerT master IO ()
clearCreds doRedirects = do
    y <- getYesod
    onLogout
    deleteSession credsKey
    when doRedirects $ do
        aj <- acceptsJson
        if aj
            then do
                let msg = "Logged out successfully!" :: Text
                sendResponse $ A.object ["message" A..= msg]
            else
                redirectUltDest $ logoutDest y

[snoyberg]

I'm OK with that. We should update the documentation to explain that. Also,
selectRep would probably be easier.

On Fri, May 15, 2015, 8:11 AM Felipe Lessa notifications@github.com wrote:

This is the current definition of clearCreds, used on logout:

-- | Clears current user credentials for the session.---- Since 1.1.7clearCreds :: YesodAuth master
=> Bool -- ^ if HTTP redirect to 'logoutDest' should be done
-> HandlerT master IO ()
clearCreds doRedirects = do
y <- getYesod
onLogout
deleteSession credsKey
when doRedirects $ do
redirectUltDest $ logoutDest y

Note that it always redirects, even if a request was made accepting JSON
responses. One could argue that a JSON client should just forget the
session cookie themselves, but I think this is a bad idea for two reasons:

Other session variables may still be relevant even if the user logged
out.

There may be some relevant action on onLogout that should be taken.

The server could change its session implementation.

I propose changing the above definition to something along the lines of:

-- | Clears current user credentials for the session.---- Since 1.1.7clearCreds :: YesodAuth master
=> Bool -- ^ if HTTP redirect to 'logoutDest' should be done
-> HandlerT master IO ()
clearCreds doRedirects = do
y <- getYesod
onLogout
deleteSession credsKey
when doRedirects $ do
aj <- acceptsJson
if aj
then do
let msg = "Logged out successfully!" :: Text
sendResponse $ A.object ["message" A..= msg]
else
redirectUltDest $ logoutDest y

—
Reply to this email directly or view it on GitHub
#991.

[meteficha]

Adding to my to do list.

[StevenXL]

See #1598