9531 - Add a Log Out endpoint available when the session API auth feature flag is enabled

src/main/java/edu/harvard/iq/dataverse/api/Logout.java

@@ -0,0 +1,41 @@
+package edu.harvard.iq.dataverse.api;
+
+import edu.harvard.iq.dataverse.DataverseHeaderFragment;
+import edu.harvard.iq.dataverse.DataverseSession;
+import edu.harvard.iq.dataverse.settings.FeatureFlags;
+
+import javax.inject.Inject;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+
+@Path("logout")
+public class Logout extends AbstractApiBean {
+
+    @Inject
+    DataverseSession session;
+
+    /**
+     * The only current API authentication mechanism subject to Log Out is the session cookie auth, and this mechanism is only available when the corresponding feature flag is enabled:
+     *
+     * @see FeatureFlags#API_SESSION_AUTH
+     * <p>
+     * This endpoint replicates the logic from the JSF Log Out feature:
+     * @see DataverseHeaderFragment#logout()
+     * <p>
+     * TODO: This endpoint must change when a final API authentication mechanism is established for use cases / applications subject to Log Out
+     */
+    @POST
+    @Path("/")
+    public Response logout() {
+        if (!FeatureFlags.API_SESSION_AUTH.enabled()) {
+            return error(Response.Status.INTERNAL_SERVER_ERROR, "This endpoint is only available when session authentication feature flag is enabled");
+        }
+        if (!session.getUser().isAuthenticated()) {
+            return error(Response.Status.BAD_REQUEST, "No valid session cookie was sent in the request");
+        }
+        session.setUser(null);
+        session.setStatusDismissed(false);
+        return ok("User logged out");
+    }
+}

src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java

@@ -110,7 +110,6 @@ public enum JvmSettings {
     SCOPE_MAIL(PREFIX, "mail"),
     SUPPORT_EMAIL(SCOPE_MAIL, "support-email"),
     CC_SUPPORT_ON_CONTACT_EMAIL(SCOPE_MAIL, "cc-support-on-contact-email"),
-
     ;
 
     private static final String SCOPE_SEPARATOR = ".";

src/test/java/edu/harvard/iq/dataverse/api/LogoutIT.java

@@ -0,0 +1,24 @@
+package edu.harvard.iq.dataverse.api;
+
+import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.response.Response;
+import org.junit.BeforeClass;
+import org.junit.jupiter.api.Test;
+
+import static javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class LogoutIT {
+
+    @BeforeClass
+    public static void setUpClass() {
+        RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
+    }
+
+    @Test
+    public void testLogout() {
+        // Test failure because feature flag is turned off
+        Response logoutResponse = UtilIT.logout();
+        assertEquals(INTERNAL_SERVER_ERROR.getStatusCode(), logoutResponse.getStatusCode());
+    }
+}

src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java

@@ -3170,4 +3170,11 @@ static String getSignedUrlFromResponse(Response createSignedUrlResponse) {
         String signedUrl = jsonPath.getString("data.signedUrl");
         return signedUrl;
     }
+
+    static Response logout() {
+        Response response = given()
+                .contentType("application/json")
+                .post("/api/logout");
+        return response;
+    }
 }