/// <summary> /// Logs out the current user. /// </summary> /// <param name="ultimateLogout">Whether this should be an ultimate logout. If set to True, the user will be logged out from all clients.</param> public static void Logout(bool ultimateLogout = false) { var user = User.Current; var info = new CancellableLoginInfo { UserName = user.Username }; LoginExtender.OnLoggingOut(info); if (info.Cancel) { return; } FormsAuthentication.SignOut(); AccessTokenVault.DeleteTokensByUser(user.Id); SnLog.WriteAudit(AuditEvent.Logout, new Dictionary <string, object> { { "UserName", user.Username }, { "ClientAddress", RepositoryTools.GetClientIpAddress() } }); LoginExtender.OnLoggedOut(new LoginInfo { UserName = user.Username }); if (HttpContext.Current != null) { if (HttpContext.Current.Session != null) { HttpContext.Current.Session.Abandon(); } // remove session cookie var sessionCookie = new HttpCookie(GetSessionIdCookieName(), string.Empty) { Expires = DateTime.UtcNow.AddDays(-1) }; HttpContext.Current.Response.Cookies.Add(sessionCookie); // in case of ultimate logout saves the time on user if (ultimateLogout || Configuration.Security.DefaultUltimateLogout) { using (new SystemAccount()) { if (user is User userNode) { userNode.LastLoggedOut = DateTime.UtcNow; userNode.Save(SavingMode.KeepVersion); } } } } }
public void AccessToken_Delete_ByUser() { var userId1 = 42; var userId2 = 43; var timeout = TimeSpan.FromMinutes(10); var shortTimeout = TimeSpan.FromSeconds(1); var savedTokens = new[] { AccessTokenVault.CreateToken(userId1, timeout), AccessTokenVault.CreateToken(userId1, shortTimeout), AccessTokenVault.CreateToken(userId2, timeout), AccessTokenVault.CreateToken(userId2, shortTimeout), }; // ACTION Thread.Sleep(1100); AccessTokenVault.DeleteTokensByUser(userId1); // ASSERT Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[0].Id)); Assert.IsNull(AccessTokenVault.GetTokenById(savedTokens[1].Id)); Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[2].Id)); Assert.IsNotNull(AccessTokenVault.GetTokenById(savedTokens[3].Id)); }