Implement Logout

[Ayurshi-Singh]

Closes:#14

Summary by CodeRabbit

• New Features

  • Added secure sign-out and visible "Logged Out" messaging/title so users see a clear logged-out state.

• Bug Fixes

  • Fixed popover markup so user info displays correctly.

• Refactor

  • Restructured authentication and security token handling and unified forbidden-state handling so error titles/messages and login/retry visibility behave consistently.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1306ec47-9fa1-454b-b324-824aedbc243f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This change adds a tenant-scoped secure logout flow and related UI hook, moves CSRF token handling to per-call tenant lookup, and replaces a callback-based 401 handling with direct forbidden-state updates. It introduces a LOGGED_OUT error code and i18n strings, extends the forbidden-state model with an error title and logged-out handling, and adds an App controller sign-out handler that invokes Auth.secureLogout. Miscellaneous adjustments include a small XML comment fix, repositioning of Api.init, and non-functional formatting edits.

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Implement Logout' accurately and directly summarizes the main change—adding logout functionality across multiple files including a new secureLogout method, sign-out handler, and logout UI state management.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@webapp/services/Auth.service.ts`:
- Around line 54-87: secureLogout currently only clears storage and never
informs the caller or redirects; update secureLogout to (1) properly check
response.ok using response.status (or response.ok) and include that in the
thrown Error if not ok, (2) call the existing postLogoutClearance() after a
successful logout, and (3) change secureLogout to return a boolean (or resolved
value) indicating success/failure so callers (e.g., the controller that
fire-and-forgets this promise) can clear UI state and navigate; also call
postLogoutClearance() in the catch path before returning false (or rethrow if
you prefer) and optionally perform a client redirect (e.g., window.location.href
= '/login') only after clearance when desired.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e2a760ba-67a9-408b-9b20-de57a1d108f3

📥 Commits

Reviewing files that changed from the base of the PR and between c946583 and 17d8924.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• webapp/controller/App.controller.ts
• webapp/resources/fragments/UserInfoPopover.fragment.xml
• webapp/services/Api.service.ts
• webapp/services/Auth.service.ts

[Ayurshi-Singh]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Ayurshi-Singh]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 76b800d1-6b92-40f4-86c5-a3005854a53c

📥 Commits

Reviewing files that changed from the base of the PR and between 17d8924 and c5cbb8d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (10)

• webapp/common/Constants.ts
• webapp/common/Helpers.ts
• webapp/controller/App.controller.ts
• webapp/controller/Forbidden.controller.ts
• webapp/i18n/i18n_en.properties
• webapp/resources/fragments/UserInfoPopover.fragment.xml
• webapp/services/Api.service.ts
• webapp/services/Auth.service.ts
• webapp/utils/ForbiddenState.ts
• webapp/view/Forbidden.view.xml

✅ Files skipped from review due to trivial changes (4)

• webapp/common/Constants.ts
• webapp/view/Forbidden.view.xml
• webapp/common/Helpers.ts
• webapp/i18n/i18n_en.properties

🚧 Files skipped from review as they are similar to previous changes (1)

• webapp/resources/fragments/UserInfoPopover.fragment.xml