aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIgor Pashev <pashev.igor@gmail.com>2016-11-25 13:39:13 +0300
committerIgor Pashev <pashev.igor@gmail.com>2016-11-25 13:39:13 +0300
commit7ba0b2158124bbf10fbdeeec70fb7e631a32a364 (patch)
treea0281acaed91e457ad5de8bf72eeae592e2eee1e
parenta3739193953b2ccbe9174d76de8adf122269fbb5 (diff)
downloadsproxy2-7ba0b2158124bbf10fbdeeec70fb7e631a32a364.tar.gz
/.sproxy/logout just redirects if no cookie
-rw-r--r--src/Sproxy/Application.hs40
1 files changed, 20 insertions, 20 deletions
diff --git a/src/Sproxy/Application.hs b/src/Sproxy/Application.hs
index 18d547b..83c4b70 100644
--- a/src/Sproxy/Application.hs
+++ b/src/Sproxy/Application.hs
@@ -81,10 +81,7 @@ sproxy key db oa2 backends = logException $ \req resp -> do
["robots.txt"] -> get robots req resp
(".sproxy":proxy) ->
case proxy of
- ["logout"] ->
- case extractCookie key Nothing cookieName req of
- Nothing -> notFound "logout without the cookie" req resp
- Just _ -> get (logout cookieName cookieDomain) req resp
+ ["logout"] -> get (logout key cookieName cookieDomain) req resp
["oauth2", provider] ->
case HM.lookup provider oa2 of
Nothing -> notFound "OAuth2 provider" req resp
@@ -322,23 +319,26 @@ userNotFound email _ resp = do
|]
-logout :: ByteString -> Maybe ByteString -> W.Application
-logout name domain req resp = do
+logout :: ByteString -> ByteString -> Maybe ByteString -> W.Application
+logout key cookieName cookieDomain req resp = do
let host = fromJust $ W.requestHeaderHost req
- cookie = WC.def {
- WC.setCookieName = name
- , WC.setCookieHttpOnly = True
- , WC.setCookiePath = Just "/"
- , WC.setCookieSameSite = Just WC.sameSiteStrict
- , WC.setCookieSecure = True
- , WC.setCookieValue = "goodbye"
- , WC.setCookieDomain = domain
- , WC.setCookieExpires = Just . posixSecondsToUTCTime . realToFrac $ CTime 0
- }
- resp $ W.responseLBS found302 [
- (hLocation, "https://" <> host)
- , ("Set-Cookie", toByteString $ WC.renderSetCookie cookie)
- ] ""
+ case extractCookie key Nothing cookieName req of
+ Nothing -> resp $ W.responseLBS found302 [ (hLocation, "https://" <> host) ] ""
+ Just _ -> do
+ let cookie = WC.def {
+ WC.setCookieName = cookieName
+ , WC.setCookieHttpOnly = True
+ , WC.setCookiePath = Just "/"
+ , WC.setCookieSameSite = Just WC.sameSiteStrict
+ , WC.setCookieSecure = True
+ , WC.setCookieValue = "goodbye"
+ , WC.setCookieDomain = cookieDomain
+ , WC.setCookieExpires = Just . posixSecondsToUTCTime . realToFrac $ CTime 0
+ }
+ resp $ W.responseLBS found302 [
+ (hLocation, "https://" <> host)
+ , ("Set-Cookie", toByteString $ WC.renderSetCookie cookie)
+ ] ""
badRequest ::String -> W.Application