htmx logout tidy up (#2884)

libs/client/src/lib.rs

@@ -59,6 +59,7 @@ const EXPECT_VERSION: &str = env!("CARGO_PKG_VERSION");
 #[derive(Debug)]
 pub enum ClientError {
     Unauthorized,
+    SessionExpired,
     Http(reqwest::StatusCode, Option<OperationError>, String),
     Transport(reqwest::Error),
     AuthenticationFailed,
@@ -633,10 +634,16 @@ impl KanidmClient {
     }
 
     pub async fn logout(&self) -> Result<(), ClientError> {
-        self.perform_get_request("/v1/logout").await?;
+        match self.perform_get_request("/v1/logout").await {
-        let mut tguard = self.bearer_token.write().await;
+            Err(ClientError::Unauthorized)
-        *tguard = None;
+            | Err(ClientError::Http(reqwest::StatusCode::UNAUTHORIZED, _, _))
-        Ok(())
+            | Ok(()) => {
+                let mut tguard = self.bearer_token.write().await;
+                *tguard = None;
+                Ok(())
+            }
+            e => e,
+        }
     }
 
     pub fn get_token_cache_path(&self) -> String {

server/testkit/tests/proto_v1_test.rs

@@ -1662,6 +1662,13 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) {
         .await
         .expect("Failed to destroy user auth token");
 
+    // The session is revoked server side, but we can still call logout locally
+    // and on the 401 it will just clear the token.
+    rsclient
+        .logout()
+        .await
+        .expect("Failed to remove local token");
+
     // Since the session is revoked, check with the admin.
     let res = rsclient
         .auth_simple_password(ADMIN_TEST_USER, ADMIN_TEST_PASSWORD)