From 3d46e73e8b01ced7d4c54e5c75e0270792f7d5d9 Mon Sep 17 00:00:00 2001
From: An Phan <an@construct.sg>
Date: Fri, 6 May 2016 13:04:59 +0800
Subject: [PATCH] Auto log out when session expires (fixes #320)

---
 app/Http/Controllers/API/UserController.php | 13 +++++++------
 app/Http/routes.php                         |  2 +-
 resources/assets/js/main.js                 |  2 +-
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 52d28bd6..42378f2c 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -7,6 +7,7 @@ use App\Http\Requests\API\UserLoginRequest;
 use App\Http\Requests\API\UserStoreRequest;
 use App\Http\Requests\API\UserUpdateRequest;
 use App\Models\User;
+use Exception;
 use Hash;
 use JWTAuth;
 use Log;
@@ -43,12 +44,12 @@ class UserController extends Controller
      */
     public function logout()
     {
-        try {
-            JWTAuth::invalidate(JWTAuth::getToken());
-        } catch (JWTException $e) {
-            Log:error($e);
-
-            return response()->json(['error' => 'could_not_invalidate_token'], 500);
+        if ($token = JWTAuth::getToken()) {
+            try {
+                JWTAuth::invalidate($token);
+            } catch (Exception $e) {
+                Log::error($e);
+            }
         }
 
         return response()->json();
diff --git a/app/Http/routes.php b/app/Http/routes.php
index b198a1cc..2674705a 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -12,6 +12,7 @@ Route::get('/♫', function () {
 Route::group(['prefix' => 'api', 'namespace' => 'API'], function () {
 
     Route::post('me', 'UserController@login');
+    Route::delete('me', 'UserController@logout');
 
     Route::group(['middleware' => 'jwt.auth'], function () {
         Route::get('/', function () {
@@ -40,7 +41,6 @@ Route::group(['prefix' => 'api', 'namespace' => 'API'], function () {
 
         Route::resource('user', 'UserController', ['only' => ['store', 'update', 'destroy']]);
         Route::put('me', 'UserController@updateProfile');
-        Route::delete('me', 'UserController@logout');
 
         Route::get('lastfm/connect', 'LastfmController@connect');
         Route::post('lastfm/session-key', 'LastfmController@setSessionKey');
diff --git a/resources/assets/js/main.js b/resources/assets/js/main.js
index cdf6d2bf..a6861e0c 100644
--- a/resources/assets/js/main.js
+++ b/resources/assets/js/main.js
@@ -22,7 +22,7 @@ Vue.http.interceptors.push({
         NProgress.done();
 
         if (r.status === 400 || r.status === 401) {
-            if (r.request.method !== 'POST' && r.request.url !== 'me') {
+            if (!(r.request.method === 'POST' && r.request.url === 'me')) {
                 // This is not a failed login. Log out then.
                 app.logout();
             }