Merge pull request #1378 from sharelatex/ew-post-logout

POST logout instead of GET

GitOrigin-RevId: b502a6ed945acd336d1a921e5c4c5433d8b7c7b7

services/web/app/coffee/Features/User/UserController.coffee

@@ -136,7 +136,8 @@ module.exports = UserController =
 	logout : (req, res, next)->
 		UserController._doLogout req, (err) ->
 			return next(err) if err?
-			res.redirect '/login'
+			redirect_url = if settings.overleaf? then settings.overleaf.host + '/users/ensure_signed_out' else '/login'
+			res.redirect redirect_url
 
 	register : (req, res, next = (error) ->)->
 		email = req.body.email

services/web/app/coffee/Features/User/UserPagesController.coffee

@@ -56,6 +56,9 @@ module.exports =
 			title: 'login',
 			email: req.query.email
 
+	logoutPage: (req, res) ->
+		res.render 'user/logout'
+
 	settingsPage : (req, res, next)->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log user: user_id, "loading settings page"

services/web/app/coffee/router.coffee

@@ -67,7 +67,9 @@ module.exports = class Router
 
 		webRouter.post '/login', AuthenticationController.passportLogin
 
-		webRouter.get  '/logout', UserController.logout
+		webRouter.get  '/logout', UserPagesController.logoutPage
+		webRouter.post '/logout', UserController.logout
+
 		webRouter.get  '/restricted', AuthorizationMiddlewear.restricted
 
 

services/web/app/views/layout/navbar.pug

@@ -91,4 +91,7 @@ nav.navbar.navbar-default.navbar-main
 									a(href="/user/subscription") #{translate('subscription')}
 							li.divider
 							li
-								a(href="/logout") #{translate('log_out')}
+								a(href="#")
+									form(method="POST" action="/logout")
+										input(name='_csrf', type='hidden', value=csrfToken)
+										button.btn-unstyled #{translate('log_out')}

services/web/app/views/user/logout.pug

@@ -0,0 +1,20 @@
+extends ../layout
+
+block vars
+	- metadata = { viewport: true }
+
+block content
+	.content.content-alt
+		.login-register-container
+			.card.login-register-card
+				.login-register-header
+					h1.login-register-header-heading #{translate("log_out")}
+				form.login-register-form(name="logoutForm", action='/logout', method="POST" ng-init="$scope.inflight=true" auto-submit-form)
+					input(name='_csrf', type='hidden', value=csrfToken)
+					.actions
+						button#submit-logout.btn-primary.btn.btn-block(
+							type='submit',
+							ng-disabled="$scope.inflight"
+						)
+							span(ng-show="!$scope.inflight") #{translate("log_out")}
+							span(ng-show="$scope.inflight" ng-cloak) #{translate("logging_out")}...

services/web/public/src/directives/autoSubmitForm.js

@@ -0,0 +1,9 @@
+define(['base'], function(App) {
+  App.directive('autoSubmitForm', function() {
+    return {
+      link(scope, element) {
+        element.submit() // Runs on load
+      }
+    }
+  })
+})

services/web/public/src/main.js

@@ -39,6 +39,7 @@ define([
   'main/cms/index',
   'main/importing',
   'analytics/AbTestingManager',
+  'directives/autoSubmitForm',
   'directives/asyncForm',
   'directives/complexPassword',
   'directives/stopPropagation',

services/web/public/stylesheets/components/buttons.less

@@ -121,6 +121,17 @@
   }
 }
 
+// Unstyled button
+// -------------------------
+
+// Remove styling from button so that text is style like parent
+.btn-unstyled {
+  background: none;
+  border: none;
+  margin: 0;
+  outline: none;
+  padding: 0;
+}
 
 // Button Sizes
 // --------------------------------------------------

services/web/test/acceptance/coffee/RegistrationTests.coffee

@@ -115,7 +115,7 @@ describe "CSRF protection", ->
 		@user.request.get '/login', (err, res, body) =>
 			@user.getCsrfToken (error) =>
 				oldCsrfToken = @user.csrfToken
-				@user.request.get '/logout', (err, res, body) =>
+				@user.logout (err) =>
 					@user.request.post {
 						url: "/register"
 						json:

services/web/test/acceptance/coffee/helpers/User.coffee

@@ -89,7 +89,7 @@ class User
 	logout: (callback = (error) ->) ->
 		@getCsrfToken (error) =>
 			return callback(error) if error?
-			@request.get {
+			@request.post {
 				url: "/logout"
 				json:
 					email: @email