Introduce headerButtonGroup content_block

Change-Id: I5a3ca7d46befc702c0bda2203498e76cdebe17f4
diff --git a/Changes b/Changes
index e384a95..9dcf937 100755
--- a/Changes
+++ b/Changes
@@ -1,9 +1,10 @@
-0.31 2018-11-16
+0.31 2018-11-18
         - Update to Mojolicious >= 8.06.
         - Made Authentication/Authorization a separated Kalamar::Plugin::Auth
           (deprecated moth helpers from Kalamar::Plugin::KalamarUser).
         - Introduced abstract 'korap_request' helper.
         - Introduce 'sidebar' content_block.
+        - Introduce 'headerButtonGroup' content_block.
 
 0.30 2018-11-13
         - Rewrote backend:
diff --git a/README.md b/README.md
index 4bf15e1..e5dd06b 100644
--- a/README.md
+++ b/README.md
@@ -171,6 +171,7 @@
 Currently the documented sections are in
 ```footer```, in the bottom line of the user interface,
 ```sidebar```, in the left part of the user interface if present,
+```headerButtonGroup```, in the right top part of the user interface,
 and ```loginInfo```, below the login form if present.
 
 
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 6fe30dd..7693b45 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -4,9 +4,9 @@
 
 # TODO:
 #   Get rid of auth_support for templates!
+
 # TODO:
-#   Make all authentification parts in templates
-#   content_block aware!
+#   CSRF-protect logout!
 
 # Register the plugin
 sub register {
@@ -74,6 +74,13 @@
   );
 
 
+  # Add logout button to header button list
+  $app->content_block(
+    headerButtonGroup => {
+      template => 'partial/auth/logout'
+    }
+  );
+
   # Inject authorization to all korap requests
   $app->hook(
     before_korap_request => sub {
@@ -304,4 +311,13 @@
     </fieldset>
 % }
 
+@@ partial/auth/logout.html.ep
+% if ($c->auth->token) {
+   %# TODO: CSRF protection
+   <a href="<%= url_for 'logout' %>"
+      class="logout"
+      title="<%= loc 'logout' %>: <%= user_handle %>"><span><%= loc 'logout' %></span></a>
+% };
+
+
 __END__
diff --git a/t/plugin/auth.t b/t/plugin/auth.t
index a81c06f..e63b1b2 100644
--- a/t/plugin/auth.t
+++ b/t/plugin/auth.t
@@ -39,6 +39,7 @@
   ->text_like('h1 span', qr/KorAP: Find .Baum./i)
   ->text_like('#total-results', qr/\d+$/)
   ->content_like(qr/\"authorized\"\:null/)
+  ->element_exists_not('div.button.top a')
   ;
 
 $t->get_ok('/')
@@ -54,6 +55,7 @@
   ->status_is(200)
   ->element_exists('div.notify-error')
   ->element_exists('input[name=handle_or_email][value=test]')
+  ->element_exists_not('div.button.top a')
   ;
 
 $t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
@@ -64,6 +66,7 @@
   ->status_is(200)
   ->element_exists('div.notify-error')
   ->text_is('div.notify-error', 'Bad CSRF token')
+  ->element_exists_not('div.button.top a')
   ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
   ;
 
@@ -91,6 +94,8 @@
   ->text_like('#total-results', qr/\d+$/)
   ->element_exists_not('div.notify-error')
   ->content_like(qr/\"authorized\"\:\"test\"/)
+  ->element_exists('div.button.top a')
+  ->element_exists('div.button.top a.logout[title~="test"]')
   ;
 
 # Logout
diff --git a/templates/partial/header.html.ep b/templates/partial/header.html.ep
index 349104e..5f1433d 100644
--- a/templates/partial/header.html.ep
+++ b/templates/partial/header.html.ep
@@ -1,14 +1,7 @@
 <header>
   <%= link_to 'index', class => 'logo', begin %><h1><span><%= title() // loc('korap_desc') %></span></h1><% end %>
   <div class="button top">
-
-% if (stash('user')) {
-   %# TODO: CSRF protection
-   <a href="<%= url_for 'logout' %>"
-      class="logout"
-      title="<%= loc 'logout' %>: <%= stash('user') %>"><span><%= loc 'logout' %></span></a>
-% };
-
+    %= content_block 'headerButtonGroup'
   </div>
   <form autocomplete="off" action="<%= url_for 'index' %>" id="searchform">
     <div id="searchbar">