From: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Date: Fri, 25 Sep 2020 13:29:30 +0000 (+0530)
Subject: Added Token Validation before logout
X-Git-Tag: opnfv-10.0.0~18
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F77%2F71277%2F4;p=dovetail-webportal.git

Added Token Validation before logout

Issue-ID: DOVETAIL-801
Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Change-Id: I75062a31f17e628215aa7c0d8768e5be486a515e
---

diff --git a/opnfv_testapi/ui/auth/sign.py b/opnfv_testapi/ui/auth/sign.py
index f245c4b..6b70d1a 100644
--- a/opnfv_testapi/ui/auth/sign.py
+++ b/opnfv_testapi/ui/auth/sign.py
@@ -325,6 +325,9 @@ class LoginHandler(base.BaseHandler):
 
 class LogoutHandler(base.BaseHandler):
     def post(self):
+        token=self.get_secure_cookie('token')
         input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token :
+            raises.Unauthorized(message.invalid_token())
         resp = {'Message': 'You have been logged out successfully.'}
         self.finish_request(resp)