From ca87c4f83b7f14e36075795b3831d1cd348102eb Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Thu, 2 Feb 2017 16:32:09 -0500 Subject: [PATCH] Implement logout semantics by support DELETE on authtoken --- awx/api/templates/api/auth_token_view.md | 3 +++ awx/api/views.py | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/awx/api/templates/api/auth_token_view.md b/awx/api/templates/api/auth_token_view.md index c25c658aef..69078842d4 100644 --- a/awx/api/templates/api/auth_token_view.md +++ b/awx/api/templates/api/auth_token_view.md @@ -32,3 +32,6 @@ agent that originally obtained it. Each request that uses the token for authentication will refresh its expiration timestamp and keep it from expiring. A token only expires when it is not used for the configured timeout interval (default 1800 seconds). + +A DELETE request with the token set will cause the token to be invalidated and +no further requests can be made with it. diff --git a/awx/api/views.py b/awx/api/views.py index 95cf913617..e358c70932 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -4,6 +4,7 @@ # Python import os +import re import cgi import datetime import dateutil @@ -608,6 +609,16 @@ class AuthTokenView(APIView): extra=dict(actor=request.data['username'])) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + def delete(self, request): + print request.META + if 'HTTP_AUTHORIZATION' in request.META: + token_match = re.match("Token\s(.+)", request.META['HTTP_AUTHORIZATION']) + if token_match: + filter_tokens = AuthToken.objects.filter(key=token_match.groups()[0]) + if filter_tokens.exists(): + filter_tokens[0].invalidate() + return Response(status=status.HTTP_204_NO_CONTENT) + class OrganizationCountsMixin(object):