Logout Action is not working

Question

Logout Action is not working

app-generator opened this issue 3 years ago · 4 comments

Logout action seems to have issues.

Test scenario:

Register New user
Login new user
- token is generated
Use the generate token to logout

Current response

{
    "message": "The method is not allowed for the requested URL."
}

Expected Response

{
    "success": false,
    "msg": JWT Token revoked successfully"
}

ksh7 commented 3 years ago

Fixed

Answer 1 · 2021-07-16T12:25:09.000Z

During logout, the API bumps errors.

Test Scenario:

Create User -> ok
Login User -> ok, token is returned
Logout -> NOT_OK

Request Headers

Content-Type: application/json
authorization: JWT_TOKEN (returned by login)

Request Body

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTYyNjQzNzgyMywianRpIjoiZDljNmIzZmMtZTA5OC00ZDRmLWI0N2YtOWUzN2JjY2E1YmFhIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6InRlc3RAYXBwc2VlZC51cyIsIm5iZiI6MTYyNjQzNzgyMywiZXhwIjoxNjI2NDQxNDIzfQ._6eFI7xIcvO3VCG9JxpEOOjwwAJUVzmI0EPltn7_0cw"
}

Postman Response

{
    "message": "Internal Server Error"
}

Flask Console Messages

Short Error flask_jwt_extended.exceptions.NoAuthorizationError: Missing 'Bearer' type in 'Authorization' header. Expected 'Authorization: Bearer <JWT>'

Full Log

[2021-07-16 15:17:50,086] ERROR in app: Exception on /api/users/logout [POST]
Traceback (most recent call last):
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask\app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask\app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask_restx\api.py", line 397, in wrapper
    resp = resource(*args, **kwargs)
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask\views.py", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask_restx\resource.py", line 44, in dispatch_request
    resp = meth(*args, **kwargs)
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask_jwt_extended\view_decorators.py", line 121, in decorator
    verify_jwt_in_request(optional, fresh, refresh, locations)
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask_jwt_extended\view_decorators.py", line 69, in verify_jwt_in_request
    jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
  File "d:\work\repo-api-servers\api-server-flask\env\lib\site-packages\flask_jwt_extended\view_decorators.py", line 312, in _decode_jwt_from_request
    raise NoAuthorizationError(errors[0])
flask_jwt_extended.exceptions.NoAuthorizationError: Missing 'Bearer' type in 'Authorization' header. Expected 'Authorization: Bearer <JWT>'
127.0.0.1 - - [16/Jul/2021 15:17:50] "POST /api/users/logout HTTP/1.1" 500 -

Answer 2 · 2021-07-20T01:45:44.000Z

Fixed this. Instead of the jwt_extended module trying to find a Bearer token, now authorization token is checked for.

It works fine on Postman or Swagger, but berry react admin doesn't seem to be working.

Answer 3 · 2021-07-20T02:54:17.000Z

Tests ok -> closing.
Ty @ksh7!