Add logout page and route that directs users to click the New Identit…

…y button in Tor browser to complete their session, if they were logged in, else redirectst to main source interface page. Update functional tests (wip) and add id to logout element
freedomofpress · Feb 5, 2020 · 50d98fa · 50d98fa
1 parent d151a30
commit 50d98fa
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/securedrop/source_app/main.py b/securedrop/source_app/main.py
@@ -296,6 +296,11 @@ def login():
 
     @view.route('/logout')
     def logout():
+        """
+        If a user is logged in, show them a logout page that prompts them to
+        click the New Identity button in Tor Browser to complete their session.
+        Otherwise redirect to the main Source Interface page.
+        """
         if logged_in():
             msg = render_template('logout_flashed_message.html')
 
@@ -306,6 +311,8 @@ def logout():
             session['locale'] = user_locale
 
             flash(Markup(msg), "important hide-if-not-tor-browser")
-        return redirect(url_for('.index'))
+            return render_template('logout.html')
+        else:
+            return redirect(url_for('.index'))
 
     return view
diff --git a/securedrop/source_templates/logout.html b/securedrop/source_templates/logout.html
@@ -0,0 +1,5 @@
+{% extends "base.html" %}
+{% block body %}
+<h1>{{ gettext('One last thing') }}</h1>
+<p id="click-new-identity-tor">{{ gettext('Click the <strong>New Identity</strong> button in your Tor browser window to complete your session.') }}</p>
+{% endblock %}
diff --git a/securedrop/tests/functional/source_navigation_steps.py b/securedrop/tests/functional/source_navigation_steps.py
@@ -194,8 +194,13 @@ def reply_deleted():
         self.wait_for(reply_deleted)
 
     def _source_logs_out(self):
+        # if self._is_logged_in():
         self.safe_click_by_id("logout")
-        self.wait_for(lambda: ("Submit for the first time" in self.driver.page_source))
+        # self.wait_for(lambda: ("Click the New Identity button") in self.driver.page_source)
+        message = self.driver.find_element_by_id("click-new-identity-tor")
+        assert message.is_displayed()
+        # else:
+        #     self.wait_for(lambda: ("Submit for the first time" in self.driver.page_source))
 
     def _source_not_found(self):
         self.driver.get(self.source_location + "/unlikely")