0

I have a node-red-dashboard app that I would like to log out of. I have setup settings.js for adminAuth, httpNodeAuth, and https key/cert. I'm using a template and would like to include a logout button. I've tried:

    scope.logOut = function() {
        $.ajax({
            type: "GET",
            url: '/ui',
            dataType: 'json',
            async: true,
            username: "logout",
            password: "logout",
            data: '{ "comment" }'
        })

        //In our case, we WANT to get access denied, so a success would be a failure.
        .done(function(){
            alert('Error!')
        })

        //Likewise, a failure *usually* means we succeeded.
        //set window.location to redirect the user to wherever you want them to go
        .fail(function(){
            window.location = "/ui";
        });
    }

This will reprompt for username and password but if I just hit the back button I'm back in the app without logging in. I was to be completely logged out and cross browser effective.

John Smith
  • 3,493
  • 3
  • 25
  • 52
  • Not sure if this is what you are looking for, but have you tried posting to the `auth/revoke` API as described on [this page](https://nodered.org/docs/api/admin/oauth)? – SteveR Feb 27 '18 at 13:46
  • @SteveR That is for the admin console. I am aware of it. What I'm after is specifically the /ui which is only basic auth. Having said that, if there is a way to use the admin auth page for node-red-dashboard that would probably work as there is a logout from the admin page. – John Smith Feb 27 '18 at 19:28
  • Sorry, I missed the "dashboard" reference... what I've done in the past is use a `ui_control` node to capture all browser page loads and tab changes -- then redirect to the home tab if some global flag is not set (i.e. they are logged out). Rather low-tech, but the user experience is ok, so long as you don't need high security. – SteveR Feb 27 '18 at 22:34

1 Answers1

0

Please see also: How to log out user from web site using BASIC authentication?

In short, logging out properly from basic auth is hard to do as basic auth isn't really designed to support it. There are some workarounds, as you outline in your question, but they have shortcomings.

Whilst node-red-dashboard only supports basic auth, your options will be limited. We would like to be able to provide a more integrating authentication mechanism, but it isn't something being worked on.

knolleary
  • 9,777
  • 2
  • 28
  • 35