From d9d731ab59f5931119a4ecf5dfd10537d8118c54 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Sun, 31 May 2026 10:29:46 +0200
Subject: [PATCH] Add logout functionality for envelope sessions

Introduced a "Logout" button in `ReportViewer.razor` that is displayed when an `EnvelopeKey` is present. The button includes a spinner to indicate progress during the logout process.

Added the `LogoutAsync` method in `ReportViewer.razor` to handle the logout operation, preventing multiple attempts and navigating the user to the login page upon success.

Implemented `LogoutEnvelopeReceiverAsync` in `AuthService` to send a POST request to remove the per-envelope receiver cookie. This ensures proper backend handling of the logout process.

Improved user experience by providing a responsive and clear logout mechanism for envelope-based sessions.
---
 .../Pages/ReportViewer.razor                  | 22 +++++++++++++++++++
 .../Services/AuthService.cs                   | 12 ++++++++++
 2 files changed, 34 insertions(+)

diff --git a/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor b/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor
index c09740c0..4ad0e86d 100644
--- a/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor
+++ b/EnvelopeGenerator.ReceiverUI/Pages/ReportViewer.razor
@@ -48,6 +48,19 @@
                 @(SignatureApplied ? "Unterschrift erneuern" : "Unterschrift hinzufuegen")
             </button>
             <button class="btn btn-success" disabled="@(!SignatureApplied)" @onclick="ExportSignedPdfAsync">Signiertes PDF exportieren</button>
+            @if (!string.IsNullOrWhiteSpace(EnvelopeKey)) {
+                <button class="btn btn-outline-danger ms-auto" @onclick="LogoutAsync" disabled="@IsLoggingOut" title="Abmelden">
+                    @if (IsLoggingOut) {
+                        <span class="spinner-border spinner-border-sm me-1" role="status" aria-hidden="true"></span>
+                    } else {
+                        <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="me-1" viewBox="0 0 16 16">
+                            <path fill-rule="evenodd" d="M10 12.5a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-9a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v2a.5.5 0 0 0 1 0v-2A1.5 1.5 0 0 0 9.5 2h-8A1.5 1.5 0 0 0 0 3.5v9A1.5 1.5 0 0 0 1.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-2a.5.5 0 0 0-1 0v2z"/>
+                            <path fill-rule="evenodd" d="M15.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 0 0-.708.708L14.293 7.5H5.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
+                        </svg>
+                    }
+                    Abmelden
+                </button>
+            }
         </div>
     </div>
 </div>
@@ -169,6 +182,15 @@
     string SignerPosition = string.Empty;
     string SignaturePlace = string.Empty;
     int ViewerKey;
+    bool IsLoggingOut;
+
+    async Task LogoutAsync() {
+        if (string.IsNullOrWhiteSpace(EnvelopeKey) || IsLoggingOut) return;
+        IsLoggingOut = true;
+        await InvokeAsync(StateHasChanged);
+        await AuthService.LogoutEnvelopeReceiverAsync(EnvelopeKey);
+        Navigation.NavigateTo($"/login/{Uri.EscapeDataString(EnvelopeKey)}", forceLoad: true);
+    }
 
     protected override async Task OnInitializedAsync() {
 
diff --git a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
index 5caf2e5c..b68097b3 100644
--- a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
+++ b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
@@ -42,4 +42,16 @@ public class AuthService(HttpClient http, IOptions<ApiOptions> apiOptions)
             _ => EnvelopeLoginResult.Error
         };
     }
+
+    /// <summary>
+    /// Removes the per-envelope receiver cookie for the given envelope key.
+    /// Calls POST /api/auth/logout/envelope/{envelopeKey}.
+    /// </summary>
+    public async Task<bool> LogoutEnvelopeReceiverAsync(string envelopeKey, CancellationToken cancel = default)
+    {
+        var response = await http.PostAsync(
+            $"{_api.BaseUrl}/api/auth/logout/envelope/{Uri.EscapeDataString(envelopeKey)}",
+            null, cancel);
+        return response.IsSuccessStatusCode;
+    }
 }