Improve logout patch debug and tighten detection

- Add debugMode parameter to initLogoutPatch with structured console logging - Pass MODE_DEBUG into logout_one_liner init call - Exclude <form> elements and large text blocks from logout candidates to avoid mapping LAM user list form as logout Ref: https://chatgpt.com/share/692b325e-37c0-800f-bb5a-129aae4c65f8
2025-12-03 07:59:42 +00:00 · 2025-11-29 18:53:03 +01:00
parent 26dfab147d
commit 86760a4be7
2 changed files with 95 additions and 29 deletions
--- a/roles/sys-front-inj-logout/files/logout.js
+++ b/roles/sys-front-inj-logout/files/logout.js
@@ -1,17 +1,28 @@
 /* logoutPatch.js */
 (function(global) {
+
  /**
   * Initialize the logout patch script.
   * @param {string} logoutUrlBase - Base logout URL (e.g., from your OIDC client).
   * @param {string} webProtocol - Protocol to use (e.g., "https").
   * @param {string} primaryDomain - Primary domain (e.g., "example.com").
+   * @param {boolean} debugMode - If true, debug logging is enabled.
   */
-  function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain) {
+  function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain, debugMode) {
+    const DEBUG = !!debugMode;
+
+    function log(reason, el, extra) {
+      if (!DEBUG) return;
+      console.debug('[logoutPatch]', reason, extra || {}, el || null);
+    }
+
    const redirectUri = encodeURIComponent(webProtocol + '://' + primaryDomain);
    const logoutUrl = logoutUrlBase + '?redirect_uri=' + redirectUri;

    function matchesLogout(str) {
-      return str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
+      const matched = str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
+      if (matched) log('matchesLogout', null, { value: str });
+      return matched;
    }

    /**
@@ -19,11 +30,28 @@
     * contains the substring "logout" (case-insensitive).
     *
     * @param {Element} element – The DOM element to inspect.
-    * @returns {boolean} – True if "logout" appears in any attribute name or value.
+     * @returns {boolean} – True if "logout" appears in any relevant attribute name or value.
     */
    function containsLogoutAttribute(element) {
      for (const attribute of element.attributes) {
-        if (/logout/i.test(attribute.name) || /logout/i.test(attribute.value)) {
+        const name = attribute.name || '';
+        const value = attribute.value || '';
+
+        // Strong indicator: attribute *name* contains "logout"
+        if (/logout/i.test(name)) {
+          log('containsLogoutAttribute (name match)', element, {
+            attrName: name,
+            attrValue: value
+          });
+          return true;
+        }
+
+        // Only consider values of semantic attributes (NOT href/action)
+        if ((name.startsWith('data-') || name.startsWith('aria-')) && /logout/i.test(value)) {
+          log('containsLogoutAttribute (data/aria value match)', element, {
+            attrName: name,
+            attrValue: value
+          });
          return true;
        }
      }
@@ -35,18 +63,35 @@
      const ariaLabel = el.getAttribute('aria-label');
      const onclick = el.getAttribute('onclick');

-      if (matchesLogout(title) || matchesLogout(ariaLabel) || matchesLogout(onclick)) return true;
+      if (matchesLogout(title)) return true;
+      if (matchesLogout(ariaLabel)) return true;
+      if (matchesLogout(onclick)) return true;

      for (const attr of el.attributes) {
-        if (attr.name.startsWith('data-') && matchesLogout(attr.name + attr.value)) return true;
+        if (attr.name.startsWith('data-') &&
+            matchesLogout(attr.name + attr.value)) {
+          log('matchesTechnicalIndicators (data-* match)', el, {
+            attrName: attr.name,
+            attrValue: attr.value
+          });
+          return true;
+        }
      }

-      if (typeof el.onclick === 'function' && matchesLogout(el.onclick.toString())) return true;
+      if (typeof el.onclick === 'function' &&
+          matchesLogout(el.onclick.toString())) {
+        log('matchesTechnicalIndicators (onclick function match)', el);
+        return true;
+      }

      if (el.tagName.toLowerCase() === 'use') {
        const href = el.getAttribute('xlink:href') || el.getAttribute('href');
-        if (matchesLogout(href)) return true;
+        if (matchesLogout(href)) {
+          log('matchesTechnicalIndicators (<use> href match)', el, { href });
+          return true;
        }
+      }
+
      return false;
    }

@@ -61,14 +106,20 @@
     */
    function overrideLogout(el, logoutUrl) {
      // avoid patching the same element twice
-      if (el.dataset._logoutHandled) return;
+      if (el.dataset._logoutHandled) {
+        log('overrideLogout skipped (already handled)', el);
+        return;
+      }
      el.dataset._logoutHandled = "true";

+      log('overrideLogout applied', el, { logoutUrl });
+
      // show pointer cursor
      el.style.cursor = 'pointer';

      // capture‐phase listener so it fires before any framework handlers
      el.addEventListener('click', function(e) {
+        log('click intercepted, redirecting to logoutUrl', el);
        e.preventDefault();
        window.location.href = logoutUrl;
      }, { capture: true });
@@ -92,34 +143,48 @@
    function scanAndPatch(elements) {
      elements.forEach(el => {
        const tagName = el.tagName.toLowerCase();
-        const isPotential = ['a','button','input','form','use'].includes(tagName);
+        const isPotential = ['a','button','input','use'].includes(tagName);
        if (!isPotential) return;
-        if (
+
+        // Prevent massive matches on huge containers
+        let text = el.innerText;
+        if (text && text.length > 1000) {
+          text = ''; // ignore very large blocks
+        }
+
+        const match =
          matchesLogout(el.getAttribute('name')) ||
          matchesLogout(el.id) ||
          matchesLogout(el.className) ||
-          matchesLogout(el.innerText) ||
+          matchesLogout(text) ||
          containsLogoutAttribute(el) ||
-          matchesTechnicalIndicators(el)
-        ) {
+          matchesTechnicalIndicators(el);
+
+        if (match) {
+          log('scanAndPatch match', el, { tagName });
          overrideLogout(el, logoutUrl);
        }
      });
    }

    // Initial scan
+    log('initial scan start');
    scanAndPatch(Array.from(document.querySelectorAll('*')));
+    log('initial scan end');

    // Watch for dynamic content
    const observer = new MutationObserver(mutations => {
      mutations.forEach(mutation => {
        mutation.addedNodes.forEach(node => {
          if (!(node instanceof Element)) return;
+          log('MutationObserver (new element)', node);
          scanAndPatch([node, ...node.querySelectorAll('*')]);
        });
      });
    });
    observer.observe(document.body, { childList: true, subtree: true });
+
+    log('MutationObserver attached');
  }

  // Expose to global scope
--- a/roles/sys-front-inj-logout/templates/logout_one_liner.js.j2
+++ b/roles/sys-front-inj-logout/templates/logout_one_liner.js.j2
@@ -2,6 +2,7 @@ document.addEventListener('DOMContentLoaded', function() {
    initLogoutPatch(
        '{{ OIDC.CLIENT.LOGOUT_URL }}',
        '{{ WEB_PROTOCOL }}',
-        '{{ PRIMARY_DOMAIN }}'
+        '{{ PRIMARY_DOMAIN }}',
+        {{ MODE_DEBUG | lower }}
    );
 });