From 3c10db3892cf35b298507834d870982c8640dcd8 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Thu, 16 Jan 2020 16:08:59 +0100
Subject: [PATCH] Add Logout button before skipping auth

---
 login_provider/app.py              | 17 +++++++++++++++--
 login_provider/templates/skip.html | 14 ++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 login_provider/templates/skip.html

diff --git a/login_provider/app.py b/login_provider/app.py
index e6d24eb..bf8052e 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -79,8 +79,21 @@ def login():
     # Skip, if true, let's us know that Hydra has already successfully authenticated
     # the user. we don't need to check anything and we can accept the request right away.
     elif login_request.skip:
-        app.logger.info("{0} is already logged in. Skip authentication".format(login_request.subject))
-        return redirect(login_request.accept(login_request.subject))
+        skip = request.args.get("skip")
+        logout = request.args.get("logout")
+        if skip:
+            app.logger.info("{0} is already logged in. Skip authentication".format(login_request.subject))
+            return redirect(login_request.accept(login_request.subject))
+        elif logout:
+            login_form.challenge.data = challenge
+            HYDRA.invalidate_login_sessions(login_request.subject);
+            return redirect(login_request.reject(
+                "Login cancelled",
+                error_description="Login was cancelled and user session was terminated "))
+        else:
+            return render_template('skip.html', challenge=challenge, logo=login_request.client.logo_uri, application_name=login_request.client.client_name, username=login_request.subject)
+
+
 
     # If Skip is not true and the user has not submitted any data via a form, we need
     # to display a login form for the user to type in their username and password.
diff --git a/login_provider/templates/skip.html b/login_provider/templates/skip.html
new file mode 100644
index 0000000..3a867bd
--- /dev/null
+++ b/login_provider/templates/skip.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<title>OAS authentication service</title>
+<div style='margin: 0 auto ; width: 350px; padding:20px; border-style:solid; border-color:#6c757d; border-width: 1px; background-color: #f8f9fa; font-family: "Segoe UI", Roboto; font-family: "Helvetica Neue", Arial; font-family: "Noto Sans", sans-serif;'>
+  {% if logo %}
+  <div style="position:relative; width: 350px; height:100px">
+        <img style="overflow: auto; top: 0; left: 0; bottom: 0; right: 0; position: absolute; margin: auto;max-width: 300px; max-height: 100px" src="{{logo}}" alt="Logo of application"></img>
+  </div>
+  {% endif %}
+  <h1>Log in to {{ application_name }}</h1>
+  <div style="width: 100%; margin-bottom: 5px; overflow: auto">
+      <div style="width:60%; float:left"><button onclick="window.location.href = '/login?login_challenge={{ challenge }}&skip=true';">Continue with {{ username }}</button></div>
+      <div style="width:40%; float:left;"><button onclick="window.location.href = '/login?login_challenge={{ challenge }}&logout=true';">Logout</button></div>
+  </div>
+</div>
-- 
GitLab