Token revocation endpoint

2017-10-11 02:18:08 +02:00 · 2017-10-11 02:18:08 +02:00 · 5969aa5283
parent fe90a80abf
commit 5969aa5283
1 changed files with 10 additions and 0 deletions
--- a/auth.py
+++ b/auth.py
@ -286,6 +286,16 @@ def profile():
    return 'You are logged in as {}'.format(current_user.email)


+@app.route('/token/<int:id>/revoke', methods=['POST'])
+@login_required
+def token_revoke(id):
+    token = Token.query.filter(Token.user == current_user.username, Token.id == id).first()
+    if not token:
+        flask.abort(404)
+    token.delete()
+    return redirect('/')
+
+
@app.route('/login', methods=['GET', 'POST'])
 def login():
    form = LoginForm()