Introduce headerButtonGroup content_block
Change-Id: I5a3ca7d46befc702c0bda2203498e76cdebe17f4
diff --git a/Changes b/Changes
index e384a95..9dcf937 100755
--- a/Changes
+++ b/Changes
@@ -1,9 +1,10 @@
-0.31 2018-11-16
+0.31 2018-11-18
- Update to Mojolicious >= 8.06.
- Made Authentication/Authorization a separated Kalamar::Plugin::Auth
(deprecated moth helpers from Kalamar::Plugin::KalamarUser).
- Introduced abstract 'korap_request' helper.
- Introduce 'sidebar' content_block.
+ - Introduce 'headerButtonGroup' content_block.
0.30 2018-11-13
- Rewrote backend:
diff --git a/README.md b/README.md
index 4bf15e1..e5dd06b 100644
--- a/README.md
+++ b/README.md
@@ -171,6 +171,7 @@
Currently the documented sections are in
```footer```, in the bottom line of the user interface,
```sidebar```, in the left part of the user interface if present,
+```headerButtonGroup```, in the right top part of the user interface,
and ```loginInfo```, below the login form if present.
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 6fe30dd..7693b45 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -4,9 +4,9 @@
# TODO:
# Get rid of auth_support for templates!
+
# TODO:
-# Make all authentification parts in templates
-# content_block aware!
+# CSRF-protect logout!
# Register the plugin
sub register {
@@ -74,6 +74,13 @@
);
+ # Add logout button to header button list
+ $app->content_block(
+ headerButtonGroup => {
+ template => 'partial/auth/logout'
+ }
+ );
+
# Inject authorization to all korap requests
$app->hook(
before_korap_request => sub {
@@ -304,4 +311,13 @@
</fieldset>
% }
+@@ partial/auth/logout.html.ep
+% if ($c->auth->token) {
+ %# TODO: CSRF protection
+ <a href="<%= url_for 'logout' %>"
+ class="logout"
+ title="<%= loc 'logout' %>: <%= user_handle %>"><span><%= loc 'logout' %></span></a>
+% };
+
+
__END__
diff --git a/t/plugin/auth.t b/t/plugin/auth.t
index a81c06f..e63b1b2 100644
--- a/t/plugin/auth.t
+++ b/t/plugin/auth.t
@@ -39,6 +39,7 @@
->text_like('h1 span', qr/KorAP: Find .Baum./i)
->text_like('#total-results', qr/\d+$/)
->content_like(qr/\"authorized\"\:null/)
+ ->element_exists_not('div.button.top a')
;
$t->get_ok('/')
@@ -54,6 +55,7 @@
->status_is(200)
->element_exists('div.notify-error')
->element_exists('input[name=handle_or_email][value=test]')
+ ->element_exists_not('div.button.top a')
;
$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
@@ -64,6 +66,7 @@
->status_is(200)
->element_exists('div.notify-error')
->text_is('div.notify-error', 'Bad CSRF token')
+ ->element_exists_not('div.button.top a')
->tx->res->dom->at('input[name=csrf_token]')->attr('value')
;
@@ -91,6 +94,8 @@
->text_like('#total-results', qr/\d+$/)
->element_exists_not('div.notify-error')
->content_like(qr/\"authorized\"\:\"test\"/)
+ ->element_exists('div.button.top a')
+ ->element_exists('div.button.top a.logout[title~="test"]')
;
# Logout
diff --git a/templates/partial/header.html.ep b/templates/partial/header.html.ep
index 349104e..5f1433d 100644
--- a/templates/partial/header.html.ep
+++ b/templates/partial/header.html.ep
@@ -1,14 +1,7 @@
<header>
<%= link_to 'index', class => 'logo', begin %><h1><span><%= title() // loc('korap_desc') %></span></h1><% end %>
<div class="button top">
-
-% if (stash('user')) {
- %# TODO: CSRF protection
- <a href="<%= url_for 'logout' %>"
- class="logout"
- title="<%= loc 'logout' %>: <%= stash('user') %>"><span><%= loc 'logout' %></span></a>
-% };
-
+ %= content_block 'headerButtonGroup'
</div>
<form autocomplete="off" action="<%= url_for 'index' %>" id="searchform">
<div id="searchbar">