From 1dbe3776c682f469d1497247fac22f0aa233a598 Mon Sep 17 00:00:00 2001
From: Toby Vincent <tobyv@tobyvin.dev>
Date: Tue, 7 May 2024 12:34:50 -0500
Subject: fix: allow any user to access users

---
 src/api/account.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/api/account.rs')

diff --git a/src/api/account.rs b/src/api/account.rs
index 598d172..bae7c54 100644
--- a/src/api/account.rs
+++ b/src/api/account.rs
@@ -7,7 +7,7 @@ use axum::{
 };
 use axum_extra::{
     either::Either,
-    extract::{cookie::Cookie, CookieJar},
+    extract::CookieJar,
     headers::{authorization::Basic, Authorization},
     TypedHeader,
 };
@@ -37,7 +37,7 @@ pub async fn login(
 }
 
 pub async fn logout(claims: AccessClaims, jar: CookieJar) -> Result<CookieJar, Error> {
-    Ok(jar.remove(Cookie::try_from(claims)?))
+    Ok(jar.remove(("token", crate::auth::jwt::JWT.encode(&claims)?)))
 }
 
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -74,7 +74,7 @@ mod tests {
         body::Body,
         http::{
             header::{AUTHORIZATION, COOKIE, SET_COOKIE},
-            HeaderValue, Request, StatusCode,
+            Request, StatusCode,
         },
         Router,
     };
@@ -188,7 +188,10 @@ mod tests {
         let request = Request::builder()
             .uri("/logout")
             .method("GET")
-            .header(COOKIE, HeaderValue::try_from(AccessClaims::issue(USER_ID))?)
+            .header(
+                COOKIE,
+                AccessClaims::issue(USER_ID).as_cookie()?.to_string(),
+            )
             .body(Body::empty())?;
 
         let (mut parts, _) = router.oneshot(request).await?.into_parts();
-- 
cgit v1.2.3-70-g09d2