From 330f878085e36e4c72ff4a2aa0c3083aa28c2a91 Mon Sep 17 00:00:00 2001
From: Ersun Warncke <ersun.warncke@gmail.com>
Date: Tue, 15 Jan 2019 12:31:46 -0400
Subject: [PATCH] Merge pull request #1378 from sharelatex/ew-post-logout

POST logout instead of GET

GitOrigin-RevId: b502a6ed945acd336d1a921e5c4c5433d8b7c7b7
---
 .../Features/User/UserController.coffee       |  3 ++-
 .../Features/User/UserPagesController.coffee  |  3 +++
 services/web/app/coffee/router.coffee         |  4 +++-
 services/web/app/views/layout/navbar.pug      |  5 ++++-
 services/web/app/views/user/logout.pug        | 20 +++++++++++++++++++
 .../public/src/directives/autoSubmitForm.js   |  9 +++++++++
 services/web/public/src/main.js               |  1 +
 .../stylesheets/components/buttons.less       | 11 ++++++++++
 .../coffee/RegistrationTests.coffee           |  2 +-
 .../acceptance/coffee/helpers/User.coffee     |  2 +-
 10 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 services/web/app/views/user/logout.pug
 create mode 100644 services/web/public/src/directives/autoSubmitForm.js

diff --git a/services/web/app/coffee/Features/User/UserController.coffee b/services/web/app/coffee/Features/User/UserController.coffee
index 85af0a638c..72e2eaff88 100644
--- a/services/web/app/coffee/Features/User/UserController.coffee
+++ b/services/web/app/coffee/Features/User/UserController.coffee
@@ -136,7 +136,8 @@ module.exports = UserController =
 	logout : (req, res, next)->
 		UserController._doLogout req, (err) ->
 			return next(err) if err?
-			res.redirect '/login'
+			redirect_url = if settings.overleaf? then settings.overleaf.host + '/users/ensure_signed_out' else '/login'
+			res.redirect redirect_url
 
 	register : (req, res, next = (error) ->)->
 		email = req.body.email
diff --git a/services/web/app/coffee/Features/User/UserPagesController.coffee b/services/web/app/coffee/Features/User/UserPagesController.coffee
index e906f3570e..7670ced4d8 100644
--- a/services/web/app/coffee/Features/User/UserPagesController.coffee
+++ b/services/web/app/coffee/Features/User/UserPagesController.coffee
@@ -56,6 +56,9 @@ module.exports =
 			title: 'login',
 			email: req.query.email
 
+	logoutPage: (req, res) ->
+		res.render 'user/logout'
+
 	settingsPage : (req, res, next)->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log user: user_id, "loading settings page"
diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee
index 9a3b4b090d..fbcebd1511 100644
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@@ -67,7 +67,9 @@ module.exports = class Router
 
 		webRouter.post '/login', AuthenticationController.passportLogin
 
-		webRouter.get  '/logout', UserController.logout
+		webRouter.get  '/logout', UserPagesController.logoutPage
+		webRouter.post '/logout', UserController.logout
+
 		webRouter.get  '/restricted', AuthorizationMiddlewear.restricted
 
 
diff --git a/services/web/app/views/layout/navbar.pug b/services/web/app/views/layout/navbar.pug
index 36327dc5b7..1e517ba9a6 100644
--- a/services/web/app/views/layout/navbar.pug
+++ b/services/web/app/views/layout/navbar.pug
@@ -91,4 +91,7 @@ nav.navbar.navbar-default.navbar-main
 									a(href="/user/subscription") #{translate('subscription')}
 							li.divider
 							li
-								a(href="/logout") #{translate('log_out')}
+								a(href="#")
+									form(method="POST" action="/logout")
+										input(name='_csrf', type='hidden', value=csrfToken)
+										button.btn-unstyled #{translate('log_out')}
diff --git a/services/web/app/views/user/logout.pug b/services/web/app/views/user/logout.pug
new file mode 100644
index 0000000000..811f34bc37
--- /dev/null
+++ b/services/web/app/views/user/logout.pug
@@ -0,0 +1,20 @@
+extends ../layout
+
+block vars
+	- metadata = { viewport: true }
+
+block content
+	.content.content-alt
+		.login-register-container
+			.card.login-register-card
+				.login-register-header
+					h1.login-register-header-heading #{translate("log_out")}
+				form.login-register-form(name="logoutForm", action='/logout', method="POST" ng-init="$scope.inflight=true" auto-submit-form)
+					input(name='_csrf', type='hidden', value=csrfToken)
+					.actions
+						button#submit-logout.btn-primary.btn.btn-block(
+							type='submit',
+							ng-disabled="$scope.inflight"
+						)
+							span(ng-show="!$scope.inflight") #{translate("log_out")}
+							span(ng-show="$scope.inflight" ng-cloak) #{translate("logging_out")}...
diff --git a/services/web/public/src/directives/autoSubmitForm.js b/services/web/public/src/directives/autoSubmitForm.js
new file mode 100644
index 0000000000..52dc550608
--- /dev/null
+++ b/services/web/public/src/directives/autoSubmitForm.js
@@ -0,0 +1,9 @@
+define(['base'], function(App) {
+  App.directive('autoSubmitForm', function() {
+    return {
+      link(scope, element) {
+        element.submit() // Runs on load
+      }
+    }
+  })
+})
diff --git a/services/web/public/src/main.js b/services/web/public/src/main.js
index 92570318be..a0302ff3ef 100644
--- a/services/web/public/src/main.js
+++ b/services/web/public/src/main.js
@@ -39,6 +39,7 @@ define([
   'main/cms/index',
   'main/importing',
   'analytics/AbTestingManager',
+  'directives/autoSubmitForm',
   'directives/asyncForm',
   'directives/complexPassword',
   'directives/stopPropagation',
diff --git a/services/web/public/stylesheets/components/buttons.less b/services/web/public/stylesheets/components/buttons.less
index 998c10e6e3..80459900b9 100755
--- a/services/web/public/stylesheets/components/buttons.less
+++ b/services/web/public/stylesheets/components/buttons.less
@@ -121,6 +121,17 @@
   }
 }
 
+// Unstyled button
+// -------------------------
+
+// Remove styling from button so that text is style like parent
+.btn-unstyled {
+  background: none;
+  border: none;
+  margin: 0;
+  outline: none;
+  padding: 0;
+}
 
 // Button Sizes
 // --------------------------------------------------
diff --git a/services/web/test/acceptance/coffee/RegistrationTests.coffee b/services/web/test/acceptance/coffee/RegistrationTests.coffee
index e7e1440f27..09b93fe367 100644
--- a/services/web/test/acceptance/coffee/RegistrationTests.coffee
+++ b/services/web/test/acceptance/coffee/RegistrationTests.coffee
@@ -115,7 +115,7 @@ describe "CSRF protection", ->
 		@user.request.get '/login', (err, res, body) =>
 			@user.getCsrfToken (error) =>
 				oldCsrfToken = @user.csrfToken
-				@user.request.get '/logout', (err, res, body) =>
+				@user.logout (err) =>
 					@user.request.post {
 						url: "/register"
 						json:
diff --git a/services/web/test/acceptance/coffee/helpers/User.coffee b/services/web/test/acceptance/coffee/helpers/User.coffee
index 7740c9189b..61ff3d3cb3 100644
--- a/services/web/test/acceptance/coffee/helpers/User.coffee
+++ b/services/web/test/acceptance/coffee/helpers/User.coffee
@@ -89,7 +89,7 @@ class User
 	logout: (callback = (error) ->) ->
 		@getCsrfToken (error) =>
 			return callback(error) if error?
-			@request.get {
+			@request.post {
 				url: "/logout"
 				json:
 					email: @email