From 3bb2ed6a2a1f4532eae7715b9af2e52da2ed097e Mon Sep 17 00:00:00 2001 From: Caleb Doxsey Date: Wed, 22 Feb 2023 21:42:10 -0700 Subject: [PATCH] authenticate: don't require a session for sign_out (#4007) authenticate: dont require a session for sign_out --- authenticate/handlers.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/authenticate/handlers.go b/authenticate/handlers.go index d34b4e715..d7b036bee 100644 --- a/authenticate/handlers.go +++ b/authenticate/handlers.go @@ -86,11 +86,16 @@ func (a *Authenticate) mountDashboard(r *mux.Router) { AllowedHeaders: []string{"*"}, }) sr.Use(c.Handler) + + // routes that don't need a session: + sr.Path("/sign_out").Handler(httputil.HandlerFunc(a.SignOut)) + + // routes that need a session: + sr = sr.NewRoute().Subrouter() sr.Use(a.RetrieveSession) sr.Use(a.VerifySession) sr.Path("/").Handler(a.requireValidSignatureOnRedirect(a.userInfo)) sr.Path("/sign_in").Handler(httputil.HandlerFunc(a.SignIn)) - sr.Path("/sign_out").Handler(httputil.HandlerFunc(a.SignOut)) sr.Path("/device-enrolled").Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { userInfoData, err := a.getUserInfoData(r) if err != nil {