src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs

using SIGCM2.Application.Abstractions;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Audit;

namespace SIGCM2.Application.Auth.Logout;

public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>
{
    private readonly IRefreshTokenRepository _refreshRepo;
    private readonly ISecurityEventLogger _security;

    public LogoutCommandHandler(IRefreshTokenRepository refreshRepo, ISecurityEventLogger security)
    {
        _refreshRepo = refreshRepo;
        _security = security;
    }

    public async Task<LogoutResponseDto> Handle(LogoutCommand command)
    {
        // Revoke all active tokens for the user across all families.
        // Idempotent: 0 rows affected is not an error.
        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, DateTime.UtcNow);
        await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);
        return new LogoutResponseDto(true, "Sesión cerrada correctamente");
    }
}
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`using SIGCM2.Application.Abstractions;`
			`using SIGCM2.Application.Abstractions.Persistence;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`using SIGCM2.Application.Audit;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00
			`namespace SIGCM2.Application.Auth.Logout;`

			`public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>`
			`{`
			`private readonly IRefreshTokenRepository _refreshRepo;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`private readonly ISecurityEventLogger _security;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`public LogoutCommandHandler(IRefreshTokenRepository refreshRepo, ISecurityEventLogger security)`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`{`
			`_refreshRepo = refreshRepo;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`_security = security;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`}`

			`public async Task<LogoutResponseDto> Handle(LogoutCommand command)`
			`{`
			`// Revoke all active tokens for the user across all families.`
			`// Idempotent: 0 rows affected is not an error.`
			`await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, DateTime.UtcNow);`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`return new LogoutResponseDto(true, "Sesión cerrada correctamente");`
			`}`
			`}`