diff --git a/endpoints/logout.post.py b/endpoints/logout.post.py index 222f6ef..a3e0925 100644 --- a/endpoints/logout.post.py +++ b/endpoints/logout.post.py @@ -5,30 +5,18 @@ router = APIRouter() @router.post("/logout") async def logout_handler( - username: str, - db: Session = Depends(get_db), - token: str = Depends(oauth2_scheme) + token: str = Depends(oauth2_scheme), + db: Session = Depends(get_db) ): """Demo logout endpoint""" - user = fake_users_db.get(username) + user = get_user_by_token(token, db) if not user: - raise HTTPException(status_code=404, detail="User not found") + raise HTTPException(status_code=401, detail="Invalid authentication credentials") - # Clear access token - access_tokens = user.get("access_tokens", []) - access_tokens = [t for t in access_tokens if t != token] - user["access_tokens"] = access_tokens + # Clear access token, refresh token and session from cookies + response = RedirectResponse(url="/") + response.delete_cookie("access_token") + response.delete_cookie("refresh_token") + response.delete_cookie("session_id") - # Clear refresh token - user["refresh_token"] = None - - # Clear session data - user["session"] = {} - - return { - "message": "Logout successful", - "user": username, - "next_steps": [ - "Redirect to login page" - ] - } \ No newline at end of file + return response \ No newline at end of file