Added moderator logout

be08d6d9 · Simon Künzel · f08ac0b8 · be08d6d9 · be08d6d9 · be08d6d9
Commit be08d6d9 authored Mar 3, 2024 by Simon Künzel
--- a/api_specification.md
+++ b/api_specification.md
-# Specification of the Web API for the Video-AG Website (v0.11).
+# Specification of the Web API for the Video-AG Website (v0.12).

 ## Introduction

@@ -416,6 +416,18 @@ Also finishes the last authentication started with `/authentication/start`. If t

 ---

+###### Request:
+
+`POST /authentication/moderator_logout`
+
+###### Response:
+
+Only logs moderators out.
+
+`200 OK` if now logged out
+
+---
+
 ### Objects

 These routes allow moderators to change fields of objects. For most objects this is done indirectly. The API
@@ -928,6 +940,10 @@ Possible `error_code`:

 ## Changelog

+### v0.12
+
+* `POST /authentication/moderator_logout`
+
 ### v0.11

 * Added Object Modification API

--- a/src/api/authentication.py
+++ b/src/api/authentication.py
@@ -264,6 +264,12 @@ def authenticate_fsmpi(username: str, password: str) -> {}:
    return get_user_info()


+def logout_moderator():
+    session.pop("user", None)
+    session.pop("_csrf_token", None)
+    session.permanent = False
+
+
 def __ldap_is_moderator(user_groups: []) -> bool:
    for group in server.config["LDAP_GROUPS"]:
        if group in user_groups:

--- a/src/api/routes/authentication.py
+++ b/src/api/routes/authentication.py
@@ -2,7 +2,7 @@ from flask import request

 from api.routes import *
 from api.authentication import (is_lecture_authenticated, get_currently_authenticated_methods,
-                                authenticate_password, authenticate_fsmpi,
+                                authenticate_password, authenticate_fsmpi, logout_moderator,
                                start_rwth_authentication, start_moodle_authentication,
                                is_rwth_authentication_running, is_moodle_authentication_running,
                                try_finish_running_authentication,
@@ -16,7 +16,7 @@ def authentication_password():
    username: str = json_request.get_string("username", max_length=128)
    password: str = json_request.get_string("password", max_length=128)
    authenticate_password(lecture_id, username, password)
-    return {}
+    return None


 @api_route("/authentication/fsmpi", ["POST"])
@@ -72,3 +72,9 @@ def authentication_status():
        json_response["user_info"] = get_user_info()
    
    return json_response
+
+
+@api_route("/authentication/moderator_logout", ["POST"])
+def authentication_moderator_logout():
+    logout_moderator()
+    return None