Skip to content

Commit

Permalink
fix token deletion on logout (#213)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgunnCO
jgunnCO authored May 7, 2024
1 parent 3192cdf commit 4102abe
Showing 1 changed file with 4 additions and 12 deletions.
16 changes: 4 additions & 12 deletions src/main/java/gov/cabinetoffice/gapuserservice/service/user/OneLoginUserService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ public class OneLoginUserService {
@Value("${jwt.cookie-name}")
public String userServiceCookieName;

@Value("${jwt.cookie-domain}")
public String userServiceCookieDomain;

@Value("${admin-backend}")
private String adminBackend;

Expand Down Expand Up @@ -369,21 +372,10 @@ public void invalidateUserJwt(final Cookie customJWTCookie, final HttpServletRes
new Cookie(userServiceCookieName, null),
Boolean.TRUE,
Boolean.TRUE,
null
userServiceCookieDomain
);
userTokenCookie.setMaxAge(0);
response.addCookie(userTokenCookie);

final String authenticationCookieDomain = Objects.equals(this.configProperties.getProfile(), "LOCAL") ? "localhost" : "cabinetoffice.gov.uk";

final Cookie thirdPartyAuthToken = WebUtil.buildCookie(
new Cookie(authenticationProvider.getTokenCookie(), null),
Boolean.TRUE,
Boolean.TRUE,
authenticationCookieDomain
);
thirdPartyAuthToken.setMaxAge(0);
response.addCookie(thirdPartyAuthToken);
}

public void validateRoles(List<Role> userRoles, String payloadRoles) {
Expand Down

0 comments on commit 4102abe

Please sign in to comment.