added ability to expire a token cookie

api/sso/sso_api/endpoints/authenticate_internal.py

@@ -28,7 +28,7 @@ class AuthenticateInternalEndpoint(SeleneEndpoint):
             self._authenticate_credentials()
             access_token, refresh_token = self._generate_tokens()
             self._add_refresh_token_to_db(refresh_token)
-            self._generate_token_cookies(access_token, refresh_token)
+            self._set_token_cookies(access_token, refresh_token)
         except AuthenticationError as ae:
             self.response = (str(ae), HTTPStatus.UNAUTHORIZED)
         else:

api/sso/sso_api/endpoints/validate_federated.py

@@ -14,7 +14,7 @@ class ValidateFederatedEndpoint(SeleneEndpoint):
             self.response = str(ae), HTTPStatus.UNAUTHORIZED
         else:
             access_token, refresh_token = self._generate_tokens()
-            self._generate_token_cookies(access_token, refresh_token)
+            self._set_token_cookies(access_token, refresh_token)
             self._add_refresh_token_to_db(refresh_token)
             self.response = 'account validated', HTTPStatus.OK
 

shared/selene/api/base_endpoint.py

@@ -122,7 +122,7 @@ class SeleneEndpoint(Resource):
 
         return access_token, refresh_token
 
-    def _generate_token_cookies(self, access_token, refresh_token):
+    def _set_token_cookies(self, access_token, refresh_token, expire=False):
         access_token_cookie = dict(
             key='seleneAccess',
             value=str(access_token),
@@ -136,6 +136,10 @@ class SeleneEndpoint(Resource):
             max_age=ONE_MONTH,
         )
 
+        if expire:
+            for cookie in (access_token_cookie, refresh_token_cookie):
+                cookie.update(value='', max_age=0)
+
         @after_this_request
         def set_cookies(response):
             response.set_cookie(**access_token_cookie)