adn-agov-iam-project/patterns/9196b809b539716b03ad8565_resources/logout_confirm.groovy

def redirect(location) {
    outargs.put('nevis.transfer.type', 'redirect')
    outargs.put('nevis.transfer.destination', location)
}

def getReturnURL() {
    if (inargs.containsKey('return')) {
        return inargs.get('return')
    }
    // determine returnURL based on Referer header (if present and not pointing to this page)
    def referer = request.getHttpHeader('Referer')
    if (referer == null) {
        LOG.debug('no Referer header found')
        return null
    }
    // strip query String for comparison
    String previous = referer.contains('?') ? referer.substring(0, referer.indexOf("?")) : referer
    def current = request.getCurrentResource()
    if (current.startsWith(previous)) {
        LOG.debug("Referer header $referer cannot be used as return URL - cyclic redirect")
        return null
    }
    return referer
}

if (inargs.containsKey('logout-confirm')) {
    def current = request.getCurrentResource()
    // user has confirmed logout -> replace /logout with /?logout
    String location
    if (current.contains('?')) {
        location = current.replace("/logout?", "/?logout&")
    }
    else {
        location = current.replace("/logout", "/?logout")
    }
    redirect(location)
    return
}

if (inargs.containsKey('logout-abort')) {
    // user has aborted logout -> redirect to stored return URL
    def location = session.get('logout-abort-url')
    redirect(location)
    return
}

// user has not clicked any button -> render GUI
response.setGuiName('saml_logout_confirm')
response.setGuiLabel('title.logout.confirmation')
// not setting a target as the API has been removed
response.addInfoGuiField('info', 'info.logout.confirmation', null)
response.addButtonGuiField('logout-confirm', 'continue.button.label', 'true')

def returnURL = getReturnURL()

if (returnURL != null) {
    // store return URL in session
    session.put('logout-abort-url', returnURL)
}

if (session.containsKey('logout-abort-url')) {
    // add cancel button to go back
    response.addButtonGuiField('logout-abort', 'cancel.button.label', 'true')
}