diff --git a/app/routes.py b/app/routes.py index 0be81eb..668057a 100644 --- a/app/routes.py +++ b/app/routes.py @@ -41,7 +41,7 @@ from .utils import ( get_course, token_required, get_cached_deck_info, - is_safe_url + is_safe_url, ) @@ -138,7 +138,7 @@ def set_cookie(token): resp = make_response(redirect(next_url)) resp.set_cookie( - "access_token", serialize_token(token), httponly=True, samesite="Lax", path="/" + "access_token", serialize_token(token), httponly=True, samesite="Lax", path="/", max_age=31536000 ) return resp @@ -222,12 +222,15 @@ def register(): def logout(): token = get_token() user_name = token.name if token else "Unknown" + + if flask_login.current_user.is_authenticated: + current_app.logger.info(f"Admin logout: {flask_login.current_user.id}") + flask_login.logout_user() + current_app.logger.info(f"User logout: {user_name}") - resp = make_response( - redirect(url_for("main.index")) - ) # Redirect to a safe page, e.g., index or login - resp.set_cookie("access_token", "", expires=0) # Clears the cookie + resp = make_response(redirect(url_for("main.index"))) + resp.set_cookie("access_token", "", expires=0) return resp @@ -266,7 +269,9 @@ def admin_login(): next_page = request.args.get("next") if next_page and not is_safe_url(next_page): - current_app.logger.warning(f"Blocked unsafe redirect attempt to: {next_page}") + current_app.logger.warning( + f"Blocked unsafe redirect attempt to: {next_page}" + ) return abort(400) if next_page: