From e5c25ede1f34610ae6bf292f8a21521d34d985a4 Mon Sep 17 00:00:00 2001
From: Maxime Alves LIRMM <maxime.alves@lirmm.fr>
Date: Wed, 8 Feb 2023 12:53:32 +0100
Subject: [PATCH] [rc] 0.6.25-rc0

---
 CHANGELOG.md                  | 4 ++++
 halfapi/__init__.py           | 2 +-
 halfapi/halfapi.py            | 5 +++--
 halfapi/lib/jwt_middleware.py | 8 +++++++-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 976fbeb..ad6b64e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # HalfAPI
 
+## 0.6.25
+
+- Deletes the "Authorization" cookie on authentication error
+
 ## 0.6.24
 
 - Uses the "Authorization" cookie to read authentication token additionnaly to the "Authorization" header
diff --git a/halfapi/__init__.py b/halfapi/__init__.py
index ab75f24..9650b8b 100644
--- a/halfapi/__init__.py
+++ b/halfapi/__init__.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-__version__ = '0.6.24'
+__version__ = '0.6.25-rc0'
 
 def version():
     return f'HalfAPI version:{__version__}'
diff --git a/halfapi/halfapi.py b/halfapi/halfapi.py
index 4ac4d74..1ff3547 100644
--- a/halfapi/halfapi.py
+++ b/halfapi/halfapi.py
@@ -32,7 +32,7 @@ from timing_asgi.integrations import StarletteScopeToName
 from .lib.constants import API_SCHEMA_DICT
 from .lib.domain_middleware import DomainMiddleware
 from .lib.timing import HTimingClient
-from .lib.jwt_middleware import JWTAuthenticationBackend
+from .lib.jwt_middleware import JWTAuthenticationBackend, on_auth_error
 from .lib.responses import (ORJSONResponse, UnauthorizedResponse,
     NotFoundResponse, InternalServerErrorResponse, NotImplementedResponse,
     ServiceUnavailableResponse, gen_exception_route)
@@ -141,7 +141,8 @@ class HalfAPI(Starlette):
         if SECRET:
             self.add_middleware(
                 AuthenticationMiddleware,
-                backend=JWTAuthenticationBackend()
+                backend=JWTAuthenticationBackend(),
+                on_error=on_auth_error
             )
 
         if not PRODUCTION:
diff --git a/halfapi/lib/jwt_middleware.py b/halfapi/lib/jwt_middleware.py
index d9578fd..4c021f2 100644
--- a/halfapi/lib/jwt_middleware.py
+++ b/halfapi/lib/jwt_middleware.py
@@ -19,12 +19,13 @@ import jwt
 from starlette.authentication import (
     AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials,
     UnauthenticatedUser)
-from starlette.requests import HTTPConnection
+from starlette.requests import HTTPConnection, Request
 from starlette.exceptions import HTTPException
 
 from .user import CheckUser, JWTUser, Nobody
 from ..logging import logger
 from ..conf import CONFIG
+from ..lib.responses import ORJSONResponse
 
 SECRET=None
 
@@ -44,6 +45,11 @@ def cookies_from_scope(scope):
     simple_cookie.load(cookie.decode("utf8"))
     return {key: morsel.value for key, morsel in simple_cookie.items()}
 
+def on_auth_error(request: Request, exc: Exception):
+    response = ORJSONResponse({"error": str(exc)}, status_code=401)
+    response.delete_cookie('Authorization')
+    return response
+
 class JWTAuthenticationBackend(AuthenticationBackend):
     def __init__(self, secret_key: str = SECRET,
         algorithm: str = 'HS256', prefix: str = 'JWT'):