Extract /logout handler to LogoutRequest

dmitrizagidulin · dmitrizagidulin · commit 2efc42f55416 · 2017-04-28T15:51:22.000-04:00
diff --git a/lib/api/authn/webid-oidc.js b/lib/api/authn/webid-oidc.js
@@ -10,6 +10,8 @@ const error = require('../../http-error')
 const bodyParser = require('body-parser').urlencoded({ extended: false })
 
 const DiscoverProviderRequest = require('../../requests/discover-provider-request')
+const LogoutRequest = require('../../requests/logout-request')
+
 const { LoginByPasswordRequest } = require('../../requests/login-request')
 
 /**
@@ -41,7 +43,11 @@ function middleware (oidc) {
 
   router.post(['/login', '/signin'], bodyParser, login)
 
-  router.post('/logout', logout)
+  router.get('/logout', logout)
+
+  router.get('/goodbye', (req, res) => {
+    res.sendFile('goodbye.html', { root: './static/oidc/' })
+  })
 
   // The relying party callback is called at the end of the OIDC signin process
   router.get('/api/oidc/rp/:issuer_id', (req, res, next) => {
@@ -84,9 +90,8 @@ function login (req, res, next) {
 }
 
 function logout (req, res, next) {
-  req.session.userId = ''
-  req.session.identified = false
-  res.status(200).send()
+  return LogoutRequest.handle(req, res)
+    .catch(next)
 }
 
 function authCodeFlowCallback (oidc, req) {
diff --git a/lib/models/oidc-manager.js b/lib/models/oidc-manager.js
@@ -4,6 +4,7 @@ const url = require('url')
 const debug = require('./../debug').oidc
 
 const OidcManager = require('oidc-auth-manager')
+const LogoutRequest = require('../requests/logout-request')
 
 /**
  * Returns an instance of the OIDC Authentication Manager, initialized from
@@ -29,7 +30,7 @@ function fromServerConfig (argv) {
   }
 
   let authCallbackUri = url.resolve(providerUri, '/api/oidc/rp')
-  let postLogoutUri = url.resolve(providerUri, '/signed_out.html')
+  let postLogoutUri = url.resolve(providerUri, '/goodbye')
 
   let options = {
     providerUri,
@@ -101,15 +102,8 @@ function obtainConsent (authRequest) {
 }
 
 function logout (logoutRequest) {
-  let req = logoutRequest.req
-  req.session.accessToken = ''
-  req.session.refreshToken = ''
-  // req.session.issuer = ''
-  req.session.userId = ''
-  req.session.identified = false
-  // Inject post_logout_redirect_uri here? (If Accept: text/html)
-  debug('LOGOUT behavior')
-  return logoutRequest
+  return LogoutRequest.handle(logoutRequest.req, logoutRequest.res)
+    .then(() => logoutRequest)
 }
 
 module.exports = {
diff --git a/lib/requests/logout-request.js b/lib/requests/logout-request.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const debug = require('./../debug').authentication
+
+class LogoutRequest {
+  /**
+   * @constructor
+   * @param options
+   * @param options.request {IncomingRequest} req
+   * @param options.response {ServerResponse} res
+   */
+  constructor (options) {
+    this.request = options.request
+    this.response = options.response
+  }
+
+  static handle (req, res) {
+    return Promise.resolve()
+      .then(() => {
+        let request = LogoutRequest.fromParams(req, res)
+
+        return LogoutRequest.logout(request)
+      })
+  }
+
+  static fromParams (req, res) {
+    let options = {
+      request: req,
+      response: res
+    }
+
+    return new LogoutRequest(options)
+  }
+
+  static logout (request) {
+    debug(`Logging out user ${request.request.session.userId}`)
+
+    request.clearUserSession()
+    request.redirectToGoodbye()
+  }
+
+  clearUserSession () {
+    let session = this.request.session
+
+    session.accessToken = ''
+    session.refreshToken = ''
+    session.userId = ''
+    session.identified = false
+    session.subject = ''
+  }
+
+  redirectToGoodbye () {
+    this.response.redirect('/goodbye')
+  }
+}
+
+module.exports = LogoutRequest
diff --git a/static/oidc/goodbye.html b/static/oidc/goodbye.html
@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Logged Out</title>
+  <!-- Bootstrap CSS and Theme for demo purposes -->
+  <link rel="stylesheet" href="css/bootstrap-3.3.6.min.css">
+</head>
+<body>
+<div class="container">
+  <h3>You have logged out.</h3>
+</div>
+<div class="container">
+  <form method="get" action="/login">
+    <button type="submit" class="btn btn-primary"
+            id="login">Login Again</button>
+  </form>
+</div>
+</body>
+</html>
diff --git a/static/oidc/signed_out.html b/static/oidc/signed_out.html
diff --git a/test/unit/login-by-password-request.js b/test/unit/login-by-password-request.js
@@ -9,9 +9,7 @@ chai.should()
 const HttpMocks = require('node-mocks-http')
 const url = require('url')
 
-// const defaults = require('../../config/defaults')
 const {
-  // LoginRequest,
   LoginByPasswordRequest
 } = require('../../lib/requests/login-request')
 
diff --git a/test/unit/logout-request.js b/test/unit/logout-request.js
@@ -0,0 +1,39 @@
+'use strict'
+
+const chai = require('chai')
+const expect = chai.expect
+const HttpMocks = require('node-mocks-http')
+
+const LogoutRequest = require('../../lib/requests/logout-request')
+
+describe('LogoutRequest', () => {
+  it('should clear user session properties', () => {
+    let req = {
+      session: {
+        userId: 'https://alice.example.com/#me',
+        identified: true,
+        accessToken: {},
+        refreshToken: {},
+        subject: {}
+      }
+    }
+    let res = HttpMocks.createResponse()
+
+    return LogoutRequest.handle(req, res)
+      .then(() => {
+        let session = req.session
+        expect(session.userId).to.be.empty
+      })
+  })
+
+  it('should redirect to /goodbye', () => {
+    let req = { session: {} }
+    let res = HttpMocks.createResponse()
+
+    return LogoutRequest.handle(req, res)
+      .then(() => {
+        expect(res.statusCode).to.equal(302)
+        expect(res._getRedirectUrl()).to.equal('/goodbye')
+      })
+  })
+})
