Commit 42a7cde1 authored by ale's avatar ale

Test Javascript-based logout

Using CORS-enabled requests in the background.
parent 1712ee81
Pipeline #908 passed with stages
in 1 minute and 4 seconds
......@@ -130,6 +130,8 @@ func (s *SSOWrapper) handleLogout(w http.ResponseWriter, req *http.Request, sess
}
w.Header().Set("Content-Type", "text/plain")
w.Header().Set("Access-Control-Allow-Origin", strings.TrimRight(s.serverURL, "/"))
w.Header().Set("Access-Control-Allow-Credentials", "true")
io.WriteString(w, "OK")
}
......
This diff is collapsed.
......@@ -254,6 +254,7 @@ func (h *Server) handleLogout(w http.ResponseWriter, req *http.Request, session
}
if req.Method == "POST" {
data["IsPOST"] = true
data["IncludeLogoutScripts"] = true
// Clear the local session.
httpSession, _ := h.authSessionStore.Get(req, authSessionKey)
......
......@@ -40,3 +40,16 @@ body {
font-weight: bold;
color: red;
}
/* logout page */
.logout-status {
font-weight: bold;
}
.logout-status-ok {
background-color: green;
color: white;
}
.logout-status-error {
background-color: red;
color: white;
}
var idlogout = {};
idlogout.get_services = function() {
return JSON.parse($('#services').attr('data_values'));
};
idlogout.logout_service = function(service) {
var logout_url = service.url + 'sso_logout';
console.log('logging out of ' + service.name);
$.ajax({
type: 'GET',
url: logout_url,
contentType: 'text/plain',
xhrFields: {
withCredentials: true
},
success: function() {
$('#status_'+service.idx).class('logout-status-ok').text('OK');
console.log('successful logout for ' + service.name);
},
error: function() {
$('#status_'+service.idx).class('logout-status-error').text('ERROR');
console.log('error logging out of ' + service.name);
}
});
};
idlogout.logout = function() {
var services = idlogout.get_services();
$.each(services, func(index, arg) {
idlogout.logout_service(arg);
});
};
$(function() {
idlogout.logout();
});
......@@ -4,18 +4,36 @@
<div class="form-signin">
<h1 class="form-signin-heading>">Sign Out</h1>
<noscript>
<p>
It seems that Javascript is disabled.
</p>
<p>
We can try to log you out using third-party cookies, but if
you have a privacy extension that disables that, you will
need to <b>QUIT YOUR BROWSER COMPLETELY</b> to sign yourself
out of the current session!
</p>
</noscript>
<p>
Signing you out from all services...
</p>
<ul>
{{range .Services}}
{{range $i, $svc := .Services}}
<li>
<img src="{{.URL}}" class="logout-img"> {{.Name}}
<noscript>
<img src="{{$svc.URL}}">
</noscript>
<div class="logout-status" id="status_{{$i}}">...</div> {{$svc.Name}}
</li>
{{end}}
</ul>
<div id="#services" data_values="[{{range $i, $svc := .Services}}{{if gt $i 0}},{{end}}{%22idx%22:{{$i}},%22name%22:%22{{$svc.Name}}%22,%22url%22:%22{{$svc.URL}}%22}{{end}}]"></div>
</div>
{{else}}
<form class="form-signin" action="/logout" method="post">
......
......@@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
{{if .U2FSignRequest}}<meta name="u2f_request" value="{{json .U2FSignRequest}}">{{end}}
<link rel="stylesheet" href="/static/css/bootstrap.min.css" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M">
<link rel="stylesheet" href="/static/css/signin.css" integrity="sha384-cd2kbbMX+cYhUlp/Xc7Mu9yBphBGNEvZpeIltWsgUMlkt1kNO3hytQQeTglDcMF/">
<link rel="stylesheet" href="/static/css/signin.css" integrity="sha384-Qj/laxKROb+o3N4XlayJF2LOuybTRxjeOP+DEeYYEwQUiVtNjaMdgnPbN5ffI/Ub">
<title>Sign In</title>
</head>
......@@ -22,6 +22,9 @@
{{if .U2FSignRequest}}
<script type="text/javascript" src="/static/js/u2f-api.js" integrity="sha384-9ChevE6pp8ArGK03HgolnFjZbF3webZQtYkwcabzbcI28Lx1/2x2j2fbaAWD4cgR"></script>
<script type="text/javascript" src="/static/js/u2f.js" integrity="sha384-vd6lytRvVm189G5gr34wlOvN672vVBceTZqV+lTSeec0DBLc0GlWLyKDHc6mrIZS"></script>
{{end}}
{{if .IncludeLogoutScripts}}
<script type="text/javascript" src="/static/js/logout.js" integrity="sha384-kRP1MtnGgO2BwMmtNODaqnREJyxzsGanV92uEKCf54ilYWxtHSNNYuw3YiCQ+ElP"></script>
{{end}}
</body>
</html>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment