From a5c5a44b55961ff936c59f2322306b37036128d6 Mon Sep 17 00:00:00 2001
From: Alex Ashley <alexa@liatrio.com>
Date: Mon, 16 Aug 2021 10:01:39 -0400
Subject: [PATCH 1/3] Drop session cookies after refresh failure

---
 server/middleware.mjs          |  2 +-
 test/server/middleware.spec.js | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/server/middleware.mjs b/server/middleware.mjs
index 726a37d4..0738f872 100644
--- a/server/middleware.mjs
+++ b/server/middleware.mjs
@@ -60,7 +60,7 @@ export const tokenRefresh = () => async (req, res, next) => {
     } catch (error) {
       console.error("Error refreshing oidc token", error);
 
-      return res.redirect("/login");
+      return res.oidc.logout();
     }
   }
 
diff --git a/test/server/middleware.spec.js b/test/server/middleware.spec.js
index 688fc9c2..8b1b4b39 100644
--- a/test/server/middleware.spec.js
+++ b/test/server/middleware.spec.js
@@ -94,7 +94,9 @@ describe("middleware", () => {
         },
       };
       response = {
-        redirect: jest.fn(),
+        oidc: {
+          logout: jest.fn(),
+        },
       };
     });
 
@@ -104,7 +106,7 @@ describe("middleware", () => {
       expect(request.accessToken).toEqual(accessToken);
       expect(next).toHaveBeenCalled();
       expect(refresh).not.toHaveBeenCalled();
-      expect(response.redirect).not.toHaveBeenCalled();
+      expect(response.oidc.logout).not.toHaveBeenCalled();
     });
 
     describe("the token is expired", () => {
@@ -120,19 +122,17 @@ describe("middleware", () => {
         expect(request.accessToken).toEqual(nextAccessToken);
         expect(refresh).toHaveBeenCalled();
         expect(next).toHaveBeenCalled();
-        expect(response.redirect).not.toHaveBeenCalled();
+        expect(response.oidc.logout).not.toHaveBeenCalled();
       });
 
-      it("should redirect the request to the login route if the refresh fails", async () => {
+      it("should end the session ", async () => {
         refresh.mockRejectedValue(new Error("refresh failed"));
 
         await tokenRefresh()(request, response, next);
 
         expect(request.accessToken).toBeUndefined();
         expect(next).not.toHaveBeenCalled();
-        expect(response.redirect)
-          .toHaveBeenCalledTimes(1)
-          .toHaveBeenCalledWith("/login");
+        expect(response.oidc.logout).toHaveBeenCalledTimes(1);
       });
     });
   });

From ee74b986a9820787a59f59f5746af4e69f17ec00 Mon Sep 17 00:00:00 2001
From: Alex Ashley <alexa@liatrio.com>
Date: Mon, 16 Aug 2021 10:28:51 -0400
Subject: [PATCH 2/3] Fix addlicense check after Go 1.16 upgrade

---
 .github/workflows/verify.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
index 5058bec5..b1d02ed5 100644
--- a/.github/workflows/verify.yaml
+++ b/.github/workflows/verify.yaml
@@ -26,11 +26,11 @@ jobs:
           push: false
   license-check:
     runs-on: ubuntu-latest
-    container: golang:1.15
+    container: golang:1.16
     steps:
       - uses: actions/checkout@v2
       - name: Download License Utility
-        run: go get -u github.com/google/addlicense
+        run: go install github.com/google/addlicense@master
       - name: Check License Headers
         run: |
           shopt -s globstar

From 78a7335ca79e7408303cbf9050fd1f8360d1d3d9 Mon Sep 17 00:00:00 2001
From: Alex Ashley <alexa@liatrio.com>
Date: Mon, 16 Aug 2021 10:30:28 -0400
Subject: [PATCH 3/3] Fix test description

---
 test/server/middleware.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/server/middleware.spec.js b/test/server/middleware.spec.js
index 8b1b4b39..905d875e 100644
--- a/test/server/middleware.spec.js
+++ b/test/server/middleware.spec.js
@@ -125,7 +125,7 @@ describe("middleware", () => {
         expect(response.oidc.logout).not.toHaveBeenCalled();
       });
 
-      it("should end the session ", async () => {
+      it("should end the session", async () => {
         refresh.mockRejectedValue(new Error("refresh failed"));
 
         await tokenRefresh()(request, response, next);