Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Logout returns 200 when given an invalid access_token #2932

Closed
ajberchek opened this issue Mar 2, 2018 · 3 comments
Closed

Logout returns 200 when given an invalid access_token #2932

ajberchek opened this issue Mar 2, 2018 · 3 comments
Labels
Z-Help-Wanted We know exactly how to fix this issue, and would be grateful for any contribution z-minor (Deprecated Label) z-p2 (Deprecated Label)

Comments

@ajberchek
Copy link

Description

According to the specification for the /logout endpoint, it invalidates an existing token. However, when supplied an invalid/non-existent access_token (such as "42") it still returns a 200 status code.

Steps to reproduce

  • Send a POST to /_matrix/client/r0/logout with an Authorization header containing an invalid access_token (e.g. "Bearer 42")
  • Response is a 200 status code

Ideally this should respond with error code M_UNKNOWN_TOKEN to provide a more verbose error

@neilisfragile neilisfragile added Z-Help-Wanted We know exactly how to fix this issue, and would be grateful for any contribution z-p2 (Deprecated Label) z-minor (Deprecated Label) labels Mar 2, 2018
@erikjohnston
Copy link
Member

(We probably want to somehow ensure that we return 200 for tokens that were just invalidated by a call to /logout, i.e., we should ensure that we handle the client retrying the request.)

@turt2live
Copy link
Member

#2938 claims to have already fixed this issue?

@erikjohnston
Copy link
Member

Ah, cool

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Z-Help-Wanted We know exactly how to fix this issue, and would be grateful for any contribution z-minor (Deprecated Label) z-p2 (Deprecated Label)
Projects
None yet
Development

No branches or pull requests

4 participants