From c97bb4110588c41211ae8ee960b1ae70a3f1de47 Mon Sep 17 00:00:00 2001
From: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Date: Fri, 25 Sep 2020 18:59:30 +0530
Subject: Added Token Validation before logout

Issue-ID: DOVETAIL-801
Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Change-Id: I75062a31f17e628215aa7c0d8768e5be486a515e
---
 opnfv_testapi/ui/auth/sign.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/opnfv_testapi/ui/auth/sign.py b/opnfv_testapi/ui/auth/sign.py
index f245c4b..6b70d1a 100644
--- a/opnfv_testapi/ui/auth/sign.py
+++ b/opnfv_testapi/ui/auth/sign.py
@@ -325,6 +325,9 @@ class LoginHandler(base.BaseHandler):
 
 class LogoutHandler(base.BaseHandler):
     def post(self):
+        token=self.get_secure_cookie('token')
         input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token :
+            raises.Unauthorized(message.invalid_token())
         resp = {'Message': 'You have been logged out successfully.'}
         self.finish_request(resp)
-- 
cgit 1.2.3-korg