implemented user logout

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java

@@ -119,6 +119,7 @@ public abstract class PathHandler implements HttpHandler {
 		}
 
 		public static boolean sendContent(HttpExchange ex, Object o) throws IOException {
+			if (o instanceof JSONObject) ex.getResponseHeaders().add(CONTENT_TYPE, JSON);
 			return sendContent(ex, HTTP_OK, o.toString().getBytes(UTF_8));
 		}
 

de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java

@@ -59,10 +59,23 @@ public class Backend extends PathHandler {
 
 	@Override
 	public boolean doGet(String path, HttpExchange ex) throws IOException {
+		// pre-login paths
 		switch (path) {
 			case "/openid-configuration":
 				return openidConfig(ex);
 		}
+
+		var optSession = getSession(ex);
+		if (optSession.isEmpty()) return sendEmptyResponse(HTTP_UNAUTHORIZED, ex);
+
+		// post-login paths
+		var session = optSession.get();
+		switch (path) {
+			case "/logout":
+				return logout(ex,session);
+		}
+
+		System.err.println("not implemented");
 		return sendEmptyResponse(HTTP_NOT_FOUND, ex);
 	}
 
@@ -98,6 +111,12 @@ public class Backend extends PathHandler {
 		return SessionToken.from(ex).map(SessionToken::sessionId).flatMap(sessions::retrieve);
 	}
 
+	private boolean logout(HttpExchange ex, Session session) throws IOException {
+		sessions.dropSession(session.id());
+		new SessionToken("").addTo(ex);
+		return sendEmptyResponse(HTTP_OK,ex);
+	}
+
 	private boolean openidConfig(HttpExchange ex) throws IOException {
 		var        uri	= ex.getRequestURI().toString();
 		JSONObject json = new JSONObject();
@@ -108,15 +127,8 @@ public class Backend extends PathHandler {
 
 
 	private boolean sendUserAndCookie(HttpExchange ex, Session session) throws IOException {
-		var bytes   = new JSONObject(session.user().map(false)).toString().getBytes(UTF_8);
-		var headers = ex.getResponseHeaders();
-
-		headers.add(CONTENT_TYPE, JSON);
-		new SessionToken(session.id()).addTo(headers);
-		ex.sendResponseHeaders(200, bytes.length);
-		var out = ex.getResponseBody();
-		out.write(bytes);
-		return true;
+		new SessionToken(session.id()).addTo(ex);
+		return sendContent(ex,new JSONObject(session.user().map(false)));
 	}
 
 	private boolean updatePassword(HttpExchange ex, Session session) throws IOException {
@@ -126,13 +138,15 @@ public class Backend extends PathHandler {
 		if (!uuid.equals(user.uuid())) {
 			return sendEmptyResponse(HTTP_FORBIDDEN, ex);
 		}
-		var oldPass = json.getJSONArray("oldpass");
-		var oldPass1 = oldPass.getString(0);
-		if (!oldPass1.equals(oldPass.getString(1))){
+		var oldPass = json.getString("oldpass");
+		if (!users.passwordMatches(oldPass,user.hashedPassword())) return sendError(ex,"wrong password");
+
+		var newpass = json.getJSONArray("newpass");
+		var newPass1 = newpass.getString(0);
+		if (!newPass1.equals(newpass.getString(1))){
 			return sendError(ex,"password mismatch");
 		}
-		if (!users.passwordMatches(oldPass1,user.hashedPassword())) return sendError(ex,"wrong password");
-		users.updatePassword(user,json.getString("newpass"));
+		users.updatePassword(user,newPass1);
 		return sendContent(ex,new JSONObject(user.map(false)));
 	}
 

de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java

@@ -143,6 +143,9 @@ public class FileStore implements ClientService, SessionService, UserService {
 
 	/*** Session Service Methods ***/
 
+	// TODO: prolong session on user activity
+	// TODO: drop expired sessions
+
 	@Override
 	public Session createSession(User user) {
 		var now	 = Instant.now();
@@ -152,7 +155,9 @@ public class FileStore implements ClientService, SessionService, UserService {
 
 	@Override
 	public SessionService dropSession(String sessionId) {
-		return null;
+		json.getJSONObject(SESSIONS).remove(sessionId);
+		save();
+		return this;
 	}
 
 	@Override

de.srsoftware.oidc.web/src/main/resources/en/login.html

@@ -4,6 +4,7 @@
         <title>Light OIDC</title>
         <script src="common.js"></script>
         <script src="login.js"></script>
+        <link rel="stylesheet" href="style.css" />
     </head>
     <body>
         <h1>Login</h1>
@@ -15,7 +16,7 @@
             </label>
             <label>
                 Password
-                <input type="password" id="password" />
+                <input type="password" id="password" onkeydown="keyDown()"/>
             </label>
             <button type="button" onClick="tryLogin()">Login</button>
         </fieldset>

de.srsoftware.oidc.web/src/main/resources/en/login.js

@@ -31,3 +31,7 @@ function tryLogin(){
     }).then(handleLogin);
     return false;
 }
+
+function keyDown(ev){
+   if (event.keyCode == 13) tryLogin();
+}

de.srsoftware.oidc.web/src/main/resources/en/logout.html

@@ -0,0 +1,12 @@
+<html>
+    <head>
+        <meta charset="utf-8">
+        <title>Light OIDC</title>
+        <script src="common.js"></script>
+        <script src="logout.js"></script>
+        <link rel="stylesheet" href="style.css" />
+    </head>
+    <body>
+        You are being logged out…
+    </body>
+</html>

de.srsoftware.oidc.web/src/main/resources/en/logout.js

@@ -0,0 +1,7 @@
+function handleLogout(response){
+    if (response.ok){
+    document.body.innerHTML += 'success';
+    document.location.href='index.html';
+    }
+}
+fetch(api+"/logout").then(handleLogout)

de.srsoftware.oidc.web/src/main/resources/en/newclient.html

@@ -4,6 +4,7 @@
     <title>Light OIDC</title>
     <script src="common.js"></script>
     <script src="user.js"></script>
+    <link rel="stylesheet" href="style.css" />
 </head>
 <body>
 <h1>Add new client</h1>

de.srsoftware.oidc.web/src/main/resources/en/settings.html

@@ -38,15 +38,15 @@
         <table>
             <tr>
                 <th>Old password</th>
-                <td><input id="oldpass1" type="password"></td>
+                <td><input id="oldpass" type="password"></td>
             </tr>
             <tr>
-                <th>Repeat Password</th>
-                <td><input id="oldpass2" type="password"></td>
+                <th>New Password</th>
+                <td><input id="newpass1" type="password"></td>
             </tr>
             <tr>
-                <th>New Password</th>
-                <td><input id="newpass" type="password"></td>
+                <th>Repeat Password</th>
+                <td><input id="newpass2" type="password" onkeydown="passKeyDown()"></td>
             </tr>
         </table>
         <button id="passBtn" type="button" onClick="updatePass()">Update</button>

de.srsoftware.oidc.web/src/main/resources/en/settings.js

@@ -47,8 +47,8 @@ function updatePass(){
     disable('passBtn');
     setText('passBtn','sent…');
     var newData = {
-        oldpass : [getValue('oldpass1'),getValue('oldpass2')],
-        newpass : getValue('newpass'),
+        oldpass : getValue('oldpass'),
+        newpass : [getValue('newpass1'),getValue('newpass2')],
         uuid : getValue('uuid')
     }
     fetch(api+'/update/password',{
@@ -65,4 +65,8 @@ function updatePass(){
         },10000);
 }
 
+function passKeyDown(ev){
+   if (event.keyCode == 13) updatePass();
+}
+
 setTimeout(fillForm,100);