Closed
Description
Adding a few improvements to the logout
feature based on feedback in #1609
Feedback 1:
Maybe I'm just paranoid, but I think this should only remove config.Session()
, config.URL()
and config.Organization()
, and not any other files that happen to have ended up in the directory (at least not without confirmation). I would be worried that a misconfigured CODER_CONFIG_DIR
could lead to somebody accidentally wiping out their home directory.
See e.g. ValveSoftware/steam-for-linux#3671
Originally posted by @dwahler in #1609 (comment)
Feedback 2:
typo: s/autheticated/authenticated/
I also feel we should fail the logout
request if the user is not logged in.