kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-03 16:09:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve logout patch debug and tighten detection

Browse Source 
- Add debugMode parameter to initLogoutPatch with structured console logging
- Pass MODE_DEBUG into logout_one_liner init call
- Exclude <form> elements and large text blocks from logout candidates to avoid mapping LAM user list form as logout

Ref: https://chatgpt.com/share/692b325e-37c0-800f-bb5a-129aae4c65f8
This commit is contained in:
Kevin Veen-Birkenbach
2025-11-29 18:53:03 +01:00
parent 26dfab147d
commit 86760a4be7
2 changed files with 95 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
roles/sys-front-inj-logout/files/logout.js
View File

@@ -1,29 +1,57 @@
/* logoutPatch.js */
(function(global) {
/**
* Initialize the logout patch script.
* @param {string} logoutUrlBase - Base logout URL (e.g., from your OIDC client).
* @param {string} webProtocol - Protocol to use (e.g., "https").
* @param {string} primaryDomain - Primary domain (e.g., "example.com").
* @param {boolean} debugMode - If true, debug logging is enabled.
*/
function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain) {
function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain, debugMode) {
const DEBUG = !!debugMode;
function log(reason, el, extra) {
if (!DEBUG) return;
console.debug('[logoutPatch]', reason, extra || {}, el || null);
}
const redirectUri = encodeURIComponent(webProtocol + '://' + primaryDomain);
const logoutUrl = logoutUrlBase + '?redirect_uri=' + redirectUri;
function matchesLogout(str) {
return str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
const matched = str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
if (matched) log('matchesLogout', null, { value: str });
return matched;
}
/**
* Returns true if any attribute name or value on the given element
* contains the substring "logout" (case-insensitive).
*
* @param {Element} element The DOM element to inspect.
* @returns {boolean} True if "logout" appears in any attribute name or value.
*/
* Returns true if any attribute name or value on the given element
* contains the substring "logout" (case-insensitive).
*
* @param {Element} element The DOM element to inspect.
* @returns {boolean} True if "logout" appears in any relevant attribute name or value.
*/
function containsLogoutAttribute(element) {
for (const attribute of element.attributes) {
if (/logout/i.test(attribute.name) || /logout/i.test(attribute.value)) {
const name = attribute.name || '';
const value = attribute.value || '';
// Strong indicator: attribute *name* contains "logout"
if (/logout/i.test(name)) {
log('containsLogoutAttribute (name match)', element, {
attrName: name,
attrValue: value
});
return true;
}
// Only consider values of semantic attributes (NOT href/action)
if ((name.startsWith('data-') || name.startsWith('aria-')) && /logout/i.test(value)) {
log('containsLogoutAttribute (data/aria value match)', element, {
attrName: name,
attrValue: value
});
return true;
}
}
@@ -35,40 +63,63 @@
const ariaLabel = el.getAttribute('aria-label');
const onclick = el.getAttribute('onclick');
if (matchesLogout(title) || matchesLogout(ariaLabel) || matchesLogout(onclick)) return true;
if (matchesLogout(title)) return true;
if (matchesLogout(ariaLabel)) return true;
if (matchesLogout(onclick)) return true;
for (const attr of el.attributes) {
if (attr.name.startsWith('data-') && matchesLogout(attr.name + attr.value)) return true;
if (attr.name.startsWith('data-') &&
matchesLogout(attr.name + attr.value)) {
log('matchesTechnicalIndicators (data-* match)', el, {
attrName: attr.name,
attrValue: attr.value
});
return true;
}
}
if (typeof el.onclick === 'function' && matchesLogout(el.onclick.toString())) return true;
if (typeof el.onclick === 'function' &&
matchesLogout(el.onclick.toString())) {
log('matchesTechnicalIndicators (onclick function match)', el);
return true;
}
if (el.tagName.toLowerCase() === 'use') {
const href = el.getAttribute('xlink:href') || el.getAttribute('href');
if (matchesLogout(href)) return true;
if (matchesLogout(href)) {
log('matchesTechnicalIndicators (<use> href match)', el, { href });
return true;
}
}
return false;
}
/**
* Apply logout redirect behavior to a matching element:
* Installs a capturing clickhandler to force navigation to logoutUrl
* Always sets href/formaction/action to logoutUrl
* Marks the element as patched to avoid doublebinding
*
* @param {Element} el The element to override (e.g. <a>, <button>, <form>, <input>)
* @param {string} logoutUrl The full logout URL including redirect params
*/
* Apply logout redirect behavior to a matching element:
* Installs a capturing clickhandler to force navigation to logoutUrl
* Always sets href/formaction/action to logoutUrl
* Marks the element as patched to avoid doublebinding
*
* @param {Element} el The element to override (e.g. <a>, <button>, <form>, <input>)
* @param {string} logoutUrl The full logout URL including redirect params
*/
function overrideLogout(el, logoutUrl) {
// avoid patching the same element twice
if (el.dataset._logoutHandled) return;
if (el.dataset._logoutHandled) {
log('overrideLogout skipped (already handled)', el);
return;
}
el.dataset._logoutHandled = "true";
log('overrideLogout applied', el, { logoutUrl });
// show pointer cursor
el.style.cursor = 'pointer';
// capturephase listener so it fires before any framework handlers
el.addEventListener('click', function(e) {
log('click intercepted, redirecting to logoutUrl', el);
e.preventDefault();
window.location.href = logoutUrl;
}, { capture: true });
@@ -92,34 +143,48 @@
function scanAndPatch(elements) {
elements.forEach(el => {
const tagName = el.tagName.toLowerCase();
const isPotential = ['a','button','input','form','use'].includes(tagName);
const isPotential = ['a','button','input','use'].includes(tagName);
if (!isPotential) return;
if (
// Prevent massive matches on huge containers
let text = el.innerText;
if (text && text.length > 1000) {
text = ''; // ignore very large blocks
}
const match =
matchesLogout(el.getAttribute('name')) ||
matchesLogout(el.id) ||
matchesLogout(el.className) ||
matchesLogout(el.innerText) ||
matchesLogout(text) ||
containsLogoutAttribute(el) ||
matchesTechnicalIndicators(el)
) {
matchesTechnicalIndicators(el);
if (match) {
log('scanAndPatch match', el, { tagName });
overrideLogout(el, logoutUrl);
}
});
}
// Initial scan
log('initial scan start');
scanAndPatch(Array.from(document.querySelectorAll('*')));
log('initial scan end');
// Watch for dynamic content
const observer = new MutationObserver(mutations => {
mutations.forEach(mutation => {
mutation.addedNodes.forEach(node => {
if (!(node instanceof Element)) return;
log('MutationObserver (new element)', node);
scanAndPatch([node, ...node.querySelectorAll('*')]);
});
});
});
observer.observe(document.body, { childList: true, subtree: true });
log('MutationObserver attached');
}
// Expose to global scope

3
roles/sys-front-inj-logout/templates/logout_one_liner.js.j2
View File

@@ -2,6 +2,7 @@ document.addEventListener('DOMContentLoaded', function() {
initLogoutPatch(
'{{ OIDC.CLIENT.LOGOUT_URL }}',
'{{ WEB_PROTOCOL }}',
'{{ PRIMARY_DOMAIN }}'
'{{ PRIMARY_DOMAIN }}',
{{ MODE_DEBUG | lower }}
);
});