From 357f715789ccb17c5df77aba029f1a9d0ba3d339 Mon Sep 17 00:00:00 2001
From: Matthias Mair <code@mjmair.com>
Date: Fri, 19 Jan 2024 00:30:19 +0000
Subject: [PATCH] [PUI] Fix logout (#6284)

* fix path

* changed PUI to use logout route
Fixes #5968
---
 InvenTree/web/urls.py                   | 4 ++--
 src/frontend/src/App.tsx                | 5 +++++
 src/frontend/src/enums/ApiEndpoints.tsx | 1 +
 src/frontend/src/functions/auth.tsx     | 4 +++-
 src/frontend/src/states/ApiState.tsx    | 2 ++
 5 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/InvenTree/web/urls.py b/InvenTree/web/urls.py
index 13f05f5267..16cdb57f40 100644
--- a/InvenTree/web/urls.py
+++ b/InvenTree/web/urls.py
@@ -2,7 +2,7 @@
 
 from django.conf import settings
 from django.shortcuts import redirect
-from django.urls import include, path
+from django.urls import include, path, re_path
 from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.generic import TemplateView
 
@@ -31,7 +31,7 @@ urlpatterns = [
                 spa_view,
                 name='password_reset_confirm',
             ),
-            path('', spa_view),
+            re_path('.*', spa_view),
         ]),
     ),
     assets_path,
diff --git a/src/frontend/src/App.tsx b/src/frontend/src/App.tsx
index 762d5328b1..f7e3a19df1 100644
--- a/src/frontend/src/App.tsx
+++ b/src/frontend/src/App.tsx
@@ -13,5 +13,10 @@ export function setApiDefaults() {
 
   api.defaults.baseURL = host;
   api.defaults.headers.common['Authorization'] = `Token ${token}`;
+
+  // CSRF support (needed for POST, PUT, PATCH, DELETE)
+  api.defaults.withCredentials = true;
+  api.defaults.xsrfCookieName = 'csrftoken';
+  api.defaults.xsrfHeaderName = 'X-CSRFToken';
 }
 export const queryClient = new QueryClient();
diff --git a/src/frontend/src/enums/ApiEndpoints.tsx b/src/frontend/src/enums/ApiEndpoints.tsx
index 05a34f7d56..071d9c6f8c 100644
--- a/src/frontend/src/enums/ApiEndpoints.tsx
+++ b/src/frontend/src/enums/ApiEndpoints.tsx
@@ -19,6 +19,7 @@ export enum ApiPaths {
   user_email_verify = 'api-user-email-verify',
   user_email_primary = 'api-user-email-primary',
   user_email_remove = 'api-user-email-remove',
+  user_logout = 'api-user-logout',
 
   user_list = 'api-user-list',
   group_list = 'api-group-list',
diff --git a/src/frontend/src/functions/auth.tsx b/src/frontend/src/functions/auth.tsx
index 58e9d8e063..c4c341f5de 100644
--- a/src/frontend/src/functions/auth.tsx
+++ b/src/frontend/src/functions/auth.tsx
@@ -48,7 +48,9 @@ export const doClassicLogin = async (username: string, password: string) => {
  * Logout the user (invalidate auth token)
  */
 export const doClassicLogout = async () => {
-  // TODO @matmair - logout from the server session
+  // Logout from the server session
+  await api.post(apiUrl(ApiPaths.user_logout));
+
   // Set token in context
   const { setToken } = useSessionState.getState();
   setToken(undefined);
diff --git a/src/frontend/src/states/ApiState.tsx b/src/frontend/src/states/ApiState.tsx
index a7f2daab03..0508242d2a 100644
--- a/src/frontend/src/states/ApiState.tsx
+++ b/src/frontend/src/states/ApiState.tsx
@@ -95,6 +95,8 @@ export function apiEndpoint(path: ApiPaths): string {
       return 'auth/emails/:id/verify/';
     case ApiPaths.user_email_primary:
       return 'auth/emails/:id/primary/';
+    case ApiPaths.user_logout:
+      return 'auth/logout/';
     case ApiPaths.currency_list:
       return 'currency/exchange/';
     case ApiPaths.currency_refresh: