fix: logout api delete token (#5686)

2021-09-10 09:20:16 +08:00 · 2021-09-10 09:20:16 +08:00 · 9a09bf7964
parent 5da085bacc
commit 9a09bf7964
3 changed files with 20 additions and 9 deletions
--- a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
@ -40,7 +40,7 @@

 -export([ sign_token/2
        , verify_token/1
-        , destroy_token_by_username/1
+        , destroy_token_by_username/2
        ]).

 -export([add_default_user/0]).
@ -177,8 +177,13 @@ sign_token(Username, Password) ->
 verify_token(Token) ->
    emqx_dashboard_token:verify(Token).

-destroy_token_by_username(Username) ->
-    emqx_dashboard_token:destroy_by_username(Username).
+destroy_token_by_username(Username, Token) ->
+    case emqx_dashboard_token:lookup(Token) of
+        {ok, #mqtt_admin_jwt{username = Username}} ->
+            emqx_dashboard_token:destroy(Token);
+        _ ->
+            {error, not_found}
+    end.

 %%--------------------------------------------------------------------
 %% Internal functions
--- a/apps/emqx_dashboard/src/emqx_dashboard_api.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_api.erl
@ -170,10 +170,14 @@ login(post, #{body := Params}) ->
            {401, #{code => ?ERROR_USERNAME_OR_PWD, message => <<"Auth filed">>}}
    end.

-logout(_, #{body := Params}) ->
-    Username = maps:get(<<"username">>, Params),
-    emqx_dashboard_admin:destroy_token_by_username(Username),
-    {200}.
+logout(_, #{body := #{<<"username">> := Username},
+            headers := #{<<"authorization">> := <<"Bearer ", Token/binary>>}}) ->
+    case emqx_dashboard_admin:destroy_token_by_username(Username, Token) of
+        ok ->
+            200;
+        _R ->
+            {401, 'BAD_TOKEN_OR_USERNAME', <<"Ensure your token & username">>}
+    end.

 users(get, _Request) ->
    {200, [row(User) || User <- emqx_dashboard_admin:all_users()]};
--- a/apps/emqx_dashboard/src/emqx_dashboard_token.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_token.erl
@ -22,6 +22,7 @@

 -export([ sign/2
        , verify/1
+        , lookup/1
        , destroy/1
        , destroy_by_username/1
        ]).
@ -121,14 +122,15 @@ do_verify(Token)->

 do_destroy(Token) ->
    Fun = fun mnesia:delete/1,
-    ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]).
+    {atomic, ok} = ekka_mnesia:transaction(?DASHBOARD_SHARD, Fun, [{?TAB, Token}]),
+    ok.

 do_destroy_by_username(Username) ->
    gen_server:cast(?MODULE, {destroy, Username}).

 %%--------------------------------------------------------------------
 %% jwt internal util function
-
+-spec(lookup(Token :: binary()) -> {ok, #mqtt_admin_jwt{}} | {error, not_found}).
 lookup(Token) ->
    case mnesia:dirty_read(?TAB, Token) of
        [JWT] -> {ok, JWT};