From 745f7fd7e371de4e40783b21c6e1aab624719235 Mon Sep 17 00:00:00 2001
From: Chris Veilleux <veilleux.chris@gmail.com>
Date: Tue, 5 Feb 2019 13:25:22 -0600
Subject: [PATCH] added ability to expire a token cookie

---
 api/sso/sso_api/endpoints/authenticate_internal.py | 2 +-
 api/sso/sso_api/endpoints/validate_federated.py    | 2 +-
 shared/selene/api/base_endpoint.py                 | 6 +++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/api/sso/sso_api/endpoints/authenticate_internal.py b/api/sso/sso_api/endpoints/authenticate_internal.py
index a8fa9aa2..734a8b13 100644
--- a/api/sso/sso_api/endpoints/authenticate_internal.py
+++ b/api/sso/sso_api/endpoints/authenticate_internal.py
@@ -28,7 +28,7 @@ class AuthenticateInternalEndpoint(SeleneEndpoint):
             self._authenticate_credentials()
             access_token, refresh_token = self._generate_tokens()
             self._add_refresh_token_to_db(refresh_token)
-            self._generate_token_cookies(access_token, refresh_token)
+            self._set_token_cookies(access_token, refresh_token)
         except AuthenticationError as ae:
             self.response = (str(ae), HTTPStatus.UNAUTHORIZED)
         else:
diff --git a/api/sso/sso_api/endpoints/validate_federated.py b/api/sso/sso_api/endpoints/validate_federated.py
index cc341953..90d64f4f 100644
--- a/api/sso/sso_api/endpoints/validate_federated.py
+++ b/api/sso/sso_api/endpoints/validate_federated.py
@@ -14,7 +14,7 @@ class ValidateFederatedEndpoint(SeleneEndpoint):
             self.response = str(ae), HTTPStatus.UNAUTHORIZED
         else:
             access_token, refresh_token = self._generate_tokens()
-            self._generate_token_cookies(access_token, refresh_token)
+            self._set_token_cookies(access_token, refresh_token)
             self._add_refresh_token_to_db(refresh_token)
             self.response = 'account validated', HTTPStatus.OK
 
diff --git a/shared/selene/api/base_endpoint.py b/shared/selene/api/base_endpoint.py
index bce3d6c2..f9cd04b4 100644
--- a/shared/selene/api/base_endpoint.py
+++ b/shared/selene/api/base_endpoint.py
@@ -122,7 +122,7 @@ class SeleneEndpoint(Resource):
 
         return access_token, refresh_token
 
-    def _generate_token_cookies(self, access_token, refresh_token):
+    def _set_token_cookies(self, access_token, refresh_token, expire=False):
         access_token_cookie = dict(
             key='seleneAccess',
             value=str(access_token),
@@ -136,6 +136,10 @@ class SeleneEndpoint(Resource):
             max_age=ONE_MONTH,
         )
 
+        if expire:
+            for cookie in (access_token_cookie, refresh_token_cookie):
+                cookie.update(value='', max_age=0)
+
         @after_this_request
         def set_cookies(response):
             response.set_cookie(**access_token_cookie)