src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs

using SIGCM2.Application.Abstractions;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Audit;

namespace SIGCM2.Application.Auth.Logout;

public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>
{
    private readonly IRefreshTokenRepository _refreshRepo;
    private readonly ISecurityEventLogger _security;
    private readonly TimeProvider _timeProvider;

    public LogoutCommandHandler(
        IRefreshTokenRepository refreshRepo,
        ISecurityEventLogger security,
        TimeProvider timeProvider)
    {
        _refreshRepo = refreshRepo;
        _security = security;
        _timeProvider = timeProvider;
    }

    public async Task<LogoutResponseDto> Handle(LogoutCommand command)
    {
        // Revoke all active tokens for the user across all families.
        // Idempotent: 0 rows affected is not an error.
        var now = _timeProvider.GetUtcNow().UtcDateTime;
        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, now);
        await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);
        return new LogoutResponseDto(true, "Sesión cerrada correctamente");
    }
}
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`using SIGCM2.Application.Abstractions;`
			`using SIGCM2.Application.Abstractions.Persistence;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`using SIGCM2.Application.Audit;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00
			`namespace SIGCM2.Application.Auth.Logout;`

			`public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>`
			`{`
			`private readonly IRefreshTokenRepository _refreshRepo;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`private readonly ISecurityEventLogger _security;`
feat(udt-011): T400.10 — inject TimeProvider into all Application handlers All command handlers that call domain mutators now inject TimeProvider via constructor and use _timeProvider.GetUtcNow().UtcDateTime as the explicit 'now' argument. Replaces previous direct DateTime.UtcNow usage. 2026-04-18 10:12:17 -03:00			`private readonly TimeProvider _timeProvider;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00
feat(udt-011): T400.10 — inject TimeProvider into all Application handlers All command handlers that call domain mutators now inject TimeProvider via constructor and use _timeProvider.GetUtcNow().UtcDateTime as the explicit 'now' argument. Replaces previous direct DateTime.UtcNow usage. 2026-04-18 10:12:17 -03:00			`public LogoutCommandHandler(`
			`IRefreshTokenRepository refreshRepo,`
			`ISecurityEventLogger security,`
			`TimeProvider timeProvider)`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`{`
			`_refreshRepo = refreshRepo;`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`_security = security;`
feat(udt-011): T400.10 — inject TimeProvider into all Application handlers All command handlers that call domain mutators now inject TimeProvider via constructor and use _timeProvider.GetUtcNow().UtcDateTime as the explicit 'now' argument. Replaces previous direct DateTime.UtcNow usage. 2026-04-18 10:12:17 -03:00			`_timeProvider = timeProvider;`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`}`

			`public async Task<LogoutResponseDto> Handle(LogoutCommand command)`
			`{`
			`// Revoke all active tokens for the user across all families.`
			`// Idempotent: 0 rows affected is not an error.`
feat(udt-011): T400.10 — inject TimeProvider into all Application handlers All command handlers that call domain mutators now inject TimeProvider via constructor and use _timeProvider.GetUtcNow().UtcDateTime as the explicit 'now' argument. Replaces previous direct DateTime.UtcNow usage. 2026-04-18 10:12:17 -03:00			`var now = _timeProvider.GetUtcNow().UtcDateTime;`
			`await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, now);`
feat(audit): security events en Auth + authorization handlers (UDT-010 B9) Instruments auth pipeline with ISecurityEventLogger per #REQ-AUTH-SEC: LoginCommandHandler: - login success → action=login result=success actorUserId=user.Id - login failure disaggregated internally (client still sees 401 unified): user_not_found / user_inactive / invalid_password — attempts captured with attemptedUsername + FailureReason LogoutCommandHandler: - action=logout result=success actorUserId=cmd.UsuarioId RefreshCommandHandler: - refresh.issue success on successful rotation - refresh.reuse_detected failure when revoked token is presented (chain revoke already happens; we add the security event with metadata.familyId) - refresh.issue failure for: token_expired / sub_mismatch / user_not_found / user_inactive PermissionAuthorizationHandler: - permission.denied failure on require-permission rejection, with metadata { permissionRequired, endpoint, method }. ActorUserId from JWT sub. DI: ISecurityEventLogger was already registered by B6 (AddInfrastructure). Test updates: 4 test classes now inject ISecurityEventLogger mock: - LoginCommandHandlerTests, LogoutCommandHandlerTests, RefreshCommandHandlerTests - PermissionAuthorizationHandlerTests (Api.Tests) Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-SEC-2/3/4/5 #REQ-AUTH-SEC, design, tasks#B9} 2026-04-16 13:59:27 -03:00			`await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);`
feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00			`return new LogoutResponseDto(true, "Sesión cerrada correctamente");`
			`}`
			`}`