use post instead of get for logout

lib/fotohaecker_web/controllers/auth_controller.ex

@@ -99,7 +99,7 @@ defmodule FotohaeckerWeb.AuthController do
     end
   end
 
-  def locale_from_session(conn) do
+  defp locale_from_session(conn) do
     fallback_locale = Gettext.get_locale(FotohaeckerWeb.Gettext)
 
     conn

lib/fotohaecker_web/controllers/page_controller.ex

@@ -1,29 +1,7 @@
 defmodule FotohaeckerWeb.PageController do
   use FotohaeckerWeb, :controller
 
-  import FotohaeckerWeb.AuthController, only: [locale_from_session: 1]
-
-  alias FotohaeckerWeb.Router.Helpers
-
   def index(conn, _params) do
     render(conn, "index.html")
   end
-
-  def logout(conn, _params) do
-    locale = locale_from_session(conn)
-    domain = System.get_env("AUTH0_DOMAIN")
-    client_id = System.get_env("AUTH0_CLIENT_ID")
-
-    return_to =
-      conn
-      |> Helpers.index_home_url(:home, locale)
-      |> URI.encode_www_form()
-
-    logout_url = "https://#{domain}/v2/logout?returnTo=#{return_to}&client_id=#{client_id}"
-
-    conn
-    |> put_flash(:info, FotohaeckerWeb.Gettext.gettext("You have been logged out!"))
-    |> clear_session()
-    |> redirect(external: logout_url)
-  end
 end

lib/fotohaecker_web/live/user_live/index.ex

@@ -30,20 +30,32 @@ defmodule FotohaeckerWeb.UserLive.Index do
           <%= gettext("Delete Account") %>
         </button>
       </.form>
-      <.link
-        class="btn btn--red flex items-center gap-2 max-w-max"
-        href={
-          Routes.page_path(
-            FotohaeckerWeb.Endpoint,
-            :logout,
-            Gettext.get_locale(FotohaeckerWeb.Gettext)
+
+      <.form
+        for={%{}}
+        method="post"
+        action={
+          FotohaeckerWeb.Router.Helpers.auth_path(
+            @socket,
+            :logout
           )
         }
       >
-        <span class="text-white">
+        <button
+          type="submit"
+          class="btn btn--red flex items-center gap-2 max-w-max"
+          href={
+            Routes.auth_path(
+              FotohaeckerWeb.Endpoint,
+              :logout
+            )
+          }
+        >
+          <%!-- <span class="text-white"> --%>
           <%= gettext("logout") %>
-        </span>
-      </.link>
+          <%!-- </span> --%>
+        </button>
+      </.form>
     </div>
     """
   end

lib/fotohaecker_web/plugs/require_auth.ex

@@ -24,7 +24,7 @@ defmodule FotohaeckerWeb.Plugs.RequireAuth do
         :error,
         "You must be logged in to access this page."
       )
-      |> Phoenix.Controller.redirect(external: "https://google.com")
+      |> Phoenix.Controller.redirect(to: Routes.index_home_path(conn, :home))
     end
   end
 end

lib/fotohaecker_web/router.ex

@@ -37,9 +37,9 @@ defmodule FotohaeckerWeb.Router do
     live "/:locale/photos/:id", PhotoLive.Show, :show
     post "/:locale/search", SearchController, :search
     live "/:locale/search", SearchLive.Search, :index
-    get "/:locale/logout", PageController, :logout
 
     scope "/auth" do
+      post "/logout", AuthController, :logout
       get "/login", AuthController, :login
       get "/:provider", AuthController, :request
       get "/:provider/callback", AuthController, :callback

test/e2e/tests/user.spec.ts

@@ -25,7 +25,7 @@ test.describe("User Settings page", () => {
 
   test("can logout", async ({ page }) => {
     await page.locator("a", { hasText: "your account" }).click();
-    await page.locator("a", { hasText: "logout" }).click();
+    await page.locator("button", { hasText: "logout" }).click();
     await expect(page.locator(".alert--info")).toContainText("logged out");
     await page.locator(".alert--info").click();
     await expect(page.locator("a", { hasText: "login" })).toBeVisible();