damir/pgz-sport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

logout() proper fix: revoke backend + clear ALL session keys

Browse Source 
Old logout() was demo placeholder:
- only cleared 'app-role' + 'jwt' (NOT pgz_access/refresh/user)
- did NOT call POST /auth/logout to revoke JWT
- redirected to /static/sport2.html (wrong)

New logout() now:
1. POST /auth/logout to revoke JWT server-side
2. Clear ALL keys: pgz_access, pgz_refresh, pgz_user, app-role, jwt, access_token, refresh_token, pgz_session_id (both localStorage + sessionStorage)
3. Redirect to /login

Verified by Playwright E2E: token absent after logout.
This commit is contained in:
Damir Radulić
2026-05-05 09:24:12 +02:00
parent a0fb328029
commit e07292ba44
12 changed files with 85 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_audit/sub4_enrich.py
+2 -2
View File
@@ -113,11 +113,11 @@ def verify_content(url: str, naziv: str):
"""
status, final_url, body = get_snippet(url, max_kb=50)
if status < 200 or status >= 400 or not body:
return (status, final_url, 0, False, False)
return (status, final_url, 0, False, False, True, [])
try:
text = body.decode("utf-8", errors="ignore")
except Exception:
return (status, final_url, 0, False, False)
return (status, final_url, 0, False, False, True, [])
text_low = strip_diacritics(text).lower()
substr = strip_diacritics(naziv_substr(naziv)).lower()