From 50d98fa8a1beba25de173b0e631a0c7150d1e8ab Mon Sep 17 00:00:00 2001
From: ro <ro@freedom.press>
Date: Wed, 5 Feb 2020 09:46:41 -0500
Subject: [PATCH] Add logout page and route that directs users to click the New
 Identity button in Tor browser to complete their session, if they were logged
 in, else redirectst to main source interface page.

Update functional tests (wip) and add id to logout element
---
 securedrop/source_app/main.py                          | 9 ++++++++-
 securedrop/source_templates/logout.html                | 5 +++++
 securedrop/tests/functional/source_navigation_steps.py | 7 ++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 securedrop/source_templates/logout.html

diff --git a/securedrop/source_app/main.py b/securedrop/source_app/main.py
index 09213985972..1a25f8eb7e5 100644
--- a/securedrop/source_app/main.py
+++ b/securedrop/source_app/main.py
@@ -296,6 +296,11 @@ def login():
 
     @view.route('/logout')
     def logout():
+        """
+        If a user is logged in, show them a logout page that prompts them to
+        click the New Identity button in Tor Browser to complete their session.
+        Otherwise redirect to the main Source Interface page.
+        """
         if logged_in():
             msg = render_template('logout_flashed_message.html')
 
@@ -306,6 +311,8 @@ def logout():
             session['locale'] = user_locale
 
             flash(Markup(msg), "important hide-if-not-tor-browser")
-        return redirect(url_for('.index'))
+            return render_template('logout.html')
+        else:
+            return redirect(url_for('.index'))
 
     return view
diff --git a/securedrop/source_templates/logout.html b/securedrop/source_templates/logout.html
new file mode 100644
index 00000000000..b1e27aea403
--- /dev/null
+++ b/securedrop/source_templates/logout.html
@@ -0,0 +1,5 @@
+{% extends "base.html" %}
+{% block body %}
+<h1>{{ gettext('One last thing') }}</h1>
+<p id="click-new-identity-tor">{{ gettext('Click the <strong>New Identity</strong> button in your Tor browser window to complete your session.') }}</p>
+{% endblock %}
diff --git a/securedrop/tests/functional/source_navigation_steps.py b/securedrop/tests/functional/source_navigation_steps.py
index 3778c30dc0e..6c41d5b6d95 100644
--- a/securedrop/tests/functional/source_navigation_steps.py
+++ b/securedrop/tests/functional/source_navigation_steps.py
@@ -194,8 +194,13 @@ def reply_deleted():
         self.wait_for(reply_deleted)
 
     def _source_logs_out(self):
+        # if self._is_logged_in():
         self.safe_click_by_id("logout")
-        self.wait_for(lambda: ("Submit for the first time" in self.driver.page_source))
+        # self.wait_for(lambda: ("Click the New Identity button") in self.driver.page_source)
+        message = self.driver.find_element_by_id("click-new-identity-tor")
+        assert message.is_displayed()
+        # else:
+        #     self.wait_for(lambda: ("Submit for the first time" in self.driver.page_source))
 
     def _source_not_found(self):
         self.driver.get(self.source_location + "/unlikely")