Implement logout-successful handler

changelog.md

@@ -5,13 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+### Added
+- implement logout-successful handler
+
 ## [0.1.3] - 2023-07-24
+### Fixed
 - fix conf parameter name
 
 ## [0.1.2] - 2023-07-24
+### Fixed
 - fix path to cacert-idp binary
 
 ## [0.1.1] - 2023-07-24
+### Fixed
 - fix ExecStart entry in systemd service unit
 
 ## [0.1.0] - 2023-07-24

cmd/idp/main.go

@@ -118,7 +118,7 @@ func main() {
 	consentHandler := handlers.NewConsentHandler(logger, bundle, catalog, adminClient.Admin)
 	logoutHandler := handlers.NewLogoutHandler(logger, adminClient.Admin)
 
-	logoutSuccessHandler := handlers.NewLogoutSuccessHandler()
+	logoutSuccessHandler := handlers.NewLogoutSuccessHandler(logger, bundle, catalog)
 	errorHandler := handlers.NewErrorHandler()
 	staticFiles := http.FileServer(http.FS(ui.Static))
 

internal/handlers/logout.go

@@ -18,11 +18,17 @@ limitations under the License.
 package handlers
 
 import (
+	"bytes"
+	"html/template"
 	"net/http"
 	"time"
 
+	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/ory/hydra-client-go/client/admin"
 	log "github.com/sirupsen/logrus"
+
+	"code.cacert.org/cacert/oidc_idp/internal/services"
+	"code.cacert.org/cacert/oidc_idp/ui"
 )
 
 type LogoutHandler struct {
@@ -66,12 +72,54 @@ func NewLogoutHandler(logger *log.Logger, adminClient admin.ClientService) *Logo
 }
 
 type LogoutSuccessHandler struct {
+	bundle         *i18n.Bundle
+	logger         *log.Logger
+	messageCatalog *services.MessageCatalog
+	template       *template.Template
 }
 
-func (l *LogoutSuccessHandler) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {
-	panic("implement me")
+func (h *LogoutSuccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
+
+		return
+	}
+
+	accept := r.Header.Get("Accept-Language")
+	localizer := i18n.NewLocalizer(h.bundle, accept)
+
+	rendered := bytes.NewBuffer(make([]byte, 0))
+
+	err := h.template.Lookup("base").Execute(rendered, map[string]interface{}{
+		"Title": h.messageCatalog.LookupMessage("LogoutSuccessfulTitle", nil, localizer),
+		"Explanation": template.HTML(h.messageCatalog.LookupMarkdownMessage( //nolint:gosec
+			"LogoutSuccessfulText",
+			nil,
+			localizer,
+		)),
+	})
+	if err != nil {
+		h.logger.WithError(err).Error("template rendering failed")
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
+	_, _ = w.Write(rendered.Bytes())
 }
 
-func NewLogoutSuccessHandler() *LogoutSuccessHandler {
-	return &LogoutSuccessHandler{}
+func NewLogoutSuccessHandler(
+	logger *log.Logger,
+	bundle *i18n.Bundle,
+	messageCatalog *services.MessageCatalog,
+) *LogoutSuccessHandler {
+	return &LogoutSuccessHandler{
+		bundle:         bundle,
+		logger:         logger,
+		messageCatalog: messageCatalog,
+		template: template.Must(template.ParseFS(ui.Templates,
+			"templates/base.gohtml",
+			"templates/logout_successful.gohtml",
+		)),
+	}
 }

internal/services/i18n.go

@@ -100,6 +100,14 @@ func AddMessages(catalog *MessageCatalog) error {
 		ID:    "LoginDeniedByUser",
 		Other: "Login has been denied by the user.",
 	}
+	messages["LogoutSuccessfulTitle"] = &i18n.Message{
+		ID:    "LogoutSuccessfulTitle",
+		Other: "Logout successful",
+	}
+	messages["LogoutSuccessfulText"] = &i18n.Message{
+		ID:    "LogoutSuccessfulText",
+		Other: "You have been logged out successfully.",
+	}
 	messages["HintChooseAnIdentityForAuthentication"] = &i18n.Message{
 		ID:    "HintChooseAnIdentityForAuthentication",
 		Other: "Choose an identity for authentication.",

translations/active.de.toml

@@ -61,6 +61,14 @@ other = "Die Anmeldung wurde durch den Nutzer abgelehnt."
 hash = "sha1-9a24c8b64e047edc13f3c41ef7785bb2044a6d69"
 other = "Anmelden mit einem Client-Zertifikat"
 
+[LogoutSuccessfulText]
+hash = "sha1-ff5492eab296ca3dd1a783512095be6f195e0acb"
+other = "Du wurdest erfolreich abgemeldet."
+
+[LogoutSuccessfulTitle]
+hash = "sha1-c92ba3b5f47d0b37b43ba499793a09baa94e5b9d"
+other = "Abmeldung erfolgreich"
+
 [NoChallengeInRequestExplanation]
 hash = "sha1-b26a3ef99ecadfbceb62b62eb52e34d197c56c02"
 other = "In Deinem Anmelde-Request fehlt der notwendige `login_challenge`-Parameter. Mehr Informationen zu diesem Parameter findest du in [der ORY Hydra-Dokumentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)."

translations/active.en.toml

@@ -10,6 +10,8 @@ LabelConsent = "I hereby agree that the application may get the requested permis
 LabelSubmit = "Submit"
 LoginDeniedByUser = "Login has been denied by the user."
 LoginTitle = "Authenticate with a client certificate"
+LogoutSuccessfulText = "You have been logged out successfully."
+LogoutSuccessfulTitle = "Logout successful"
 NoChallengeInRequestExplanation = "Your authentication request did not contain the necessary `login_challenge` parameter. You can find more information about this parameter in [the ORY Hydra documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)."
 NoChallengeInRequestTitle = "No challenge parameter in your authentication request"
 NoEmailsInClientCertificateExplanation = "The presented client certificate does not contain any email address value.\nAn email address is required to authenticate yourself."

ui/templates/logout_successful.gohtml

@@ -0,0 +1,7 @@
+{{ define "content" }}
+    <div class="container">
+        <img src="/images/CAcert-logo.svg" width="300" height="68" alt="CAcert" class="mb-4">
+        <h1 class="h3 mb-3">{{ .Title }}</h1>
+        <p class="text-left">{{ .Explanation }}</p>
+    </div>
+{{ end }}