From 7d24c436a4b9498405d457f35dd7e9549a2c07bd Mon Sep 17 00:00:00 2001
From: ro <ro@freedom.press>
Date: Wed, 5 Feb 2020 09:46:41 -0500
Subject: [PATCH] Add logout page and route that directs users to click the New
 Identity button in Tor browser to complete their session, if they were logged
 in, else redirectst to main source interface page.

Update functional tests (wip) and add id to logout element
---
 securedrop/source_app/main.py                         | 11 ++++++++---
 securedrop/source_templates/logout.html               |  5 +++++
 .../tests/functional/source_navigation_steps.py       |  3 ++-
 3 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 securedrop/source_templates/logout.html

diff --git a/securedrop/source_app/main.py b/securedrop/source_app/main.py
index 09213985972..2dbde5fe809 100644
--- a/securedrop/source_app/main.py
+++ b/securedrop/source_app/main.py
@@ -296,8 +296,12 @@ def login():
 
     @view.route('/logout')
     def logout():
+        """
+        If a user is logged in, show them a logout page that prompts them to
+        click the New Identity button in Tor Browser to complete their session.
+        Otherwise redirect to the main Source Interface page.
+        """
         if logged_in():
-            msg = render_template('logout_flashed_message.html')
 
             # Clear the session after we render the message so it's localized
             # If a user specified a locale, save it and restore it
@@ -305,7 +309,8 @@ def logout():
             session.clear()
             session['locale'] = user_locale
 
-            flash(Markup(msg), "important hide-if-not-tor-browser")
-        return redirect(url_for('.index'))
+            return render_template('logout.html')
+        else:
+            return redirect(url_for('.index'))
 
     return view
diff --git a/securedrop/source_templates/logout.html b/securedrop/source_templates/logout.html
new file mode 100644
index 00000000000..b1e27aea403
--- /dev/null
+++ b/securedrop/source_templates/logout.html
@@ -0,0 +1,5 @@
+{% extends "base.html" %}
+{% block body %}
+<h1>{{ gettext('One last thing') }}</h1>
+<p id="click-new-identity-tor">{{ gettext('Click the <strong>New Identity</strong> button in your Tor browser window to complete your session.') }}</p>
+{% endblock %}
diff --git a/securedrop/tests/functional/source_navigation_steps.py b/securedrop/tests/functional/source_navigation_steps.py
index 3778c30dc0e..7938d25417e 100644
--- a/securedrop/tests/functional/source_navigation_steps.py
+++ b/securedrop/tests/functional/source_navigation_steps.py
@@ -195,7 +195,8 @@ def reply_deleted():
 
     def _source_logs_out(self):
         self.safe_click_by_id("logout")
-        self.wait_for(lambda: ("Submit for the first time" in self.driver.page_source))
+        message = self.driver.find_element_by_id("click-new-identity-tor")
+        assert message.is_displayed()
 
     def _source_not_found(self):
         self.driver.get(self.source_location + "/unlikely")