Rename the `login` module to `user`.

3 files changed, 130 insertions, 0 deletions

diff --git a/src/user/routes/logout/mod.rs b/src/user/routes/logout/mod.rs
new file mode 100644
index 0000000..36b384e
--- /dev/null
+++ b/src/user/routes/logout/mod.rs
@@ -0,0 +1,4 @@
+pub mod post;
+
+#[cfg(test)]
+mod test;
diff --git a/src/user/routes/logout/post.rs b/src/user/routes/logout/post.rs
new file mode 100644
index 0000000..bb09b9f
--- /dev/null
+++ b/src/user/routes/logout/post.rs
@@ -0,0 +1,47 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::{Internal, Unauthorized},
+    token::{app, extract::IdentityCookie},
+};
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(_): Json<Request>,
+) -> Result<(IdentityCookie, StatusCode), Error> {
+    if let Some(secret) = identity.secret() {
+        let (token, _) = app.tokens().validate(&secret, &now).await?;
+        app.tokens().logout(&token).await?;
+    }
+
+    let identity = identity.clear();
+    Ok((identity, StatusCode::NO_CONTENT))
+}
+
+// This forces the only valid request to be `{}`, and not the infinite
+// variation allowed when there's no body extractor.
+#[derive(Default, serde::Deserialize)]
+pub struct Request {}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::ValidateError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        #[allow(clippy::match_wildcard_for_single_variants)]
+        match error {
+            app::ValidateError::InvalidToken => Unauthorized.into_response(),
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/user/routes/logout/test.rs b/src/user/routes/logout/test.rs
new file mode 100644
index 0000000..775fa9f
--- /dev/null
+++ b/src/user/routes/logout/test.rs
@@ -0,0 +1,79 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+};
+
+use super::post;
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn successful() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let now = fixtures::now();
+    let creds = fixtures::login::create_with_password(&app, &fixtures::now()).await;
+    let identity = fixtures::cookie::logged_in(&app, &creds, &now).await;
+    let secret = fixtures::cookie::secret(&identity);
+
+    // Call the endpoint
+
+    let (response_identity, response_status) = post::handler(
+        State(app.clone()),
+        fixtures::now(),
+        identity.clone(),
+        Json::default(),
+    )
+    .await
+    .expect("logged out with a valid token");
+
+    // Verify the return value's basic structure
+
+    assert!(response_identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, response_status);
+
+    // Verify the semantics
+    let error = app
+        .tokens()
+        .validate(&secret, &now)
+        .await
+        .expect_err("secret is invalid");
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
+
+#[tokio::test]
+async fn no_identity() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let (identity, status) = post::handler(State(app), fixtures::now(), identity, Json::default())
+        .await
+        .expect("logged out with no token succeeds");
+
+    // Verify the return value's basic structure
+
+    assert!(identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, status);
+}
+
+#[tokio::test]
+async fn invalid_token() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::fictitious();
+    let post::Error(error) = post::handler(State(app), fixtures::now(), identity, Json::default())
+        .await
+        .expect_err("logged out with an invalid token fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}