Use enhanced header navigation with POST to sign out

DFE-Digital · Apr 9, 2024 · c548e3e · c548e3e
1 parent 711a81f
commit c548e3e
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 11 deletions.
diff --git a/app/assets/stylesheets/main.scss b/app/assets/stylesheets/main.scss
@@ -7,11 +7,15 @@ $govuk-images-path: "/";
 @import "govuk-frontend/dist/govuk/all";
 
 button.govuk-header__link {
-  background: none !important;
+  background: none;
   border: none;
-  padding: 0 !important;
-  color: #fff;
+  padding: 0;
+  color: $govuk-body-background-colour;
   cursor: pointer;
   font-size: 1rem;
   font-weight: bold;
 }
+
+button.govuk-header__link:focus {
+  background-color: $govuk-focus-colour;
+}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,4 +1,5 @@
 require "dfe/analytics/filtered_request_event"
+require "govuk_component/header_component"
 
 class ApplicationController < ActionController::Base
   include DfE::Analytics::Requests

diff --git a/app/views/layouts/base.html.erb b/app/views/layouts/base.html.erb
@@ -28,7 +28,11 @@
     <%= govuk_header(service_name: t("service.name")) do |header|
       if request.path != main_app.not_authorised_path
         if current_dsi_user
-          header.with_navigation_item(href: main_app.dsi_sign_out_path(id_token_hint: session[:id_token]), text: "Sign out")
+          header.with_navigation_item(
+            href: main_app.dsi_sign_out_post_path({ id_token_hint: session[:id_token] }),
+            post: true,
+            text: "Sign out"
+          )
         else
           header.with_navigation_item(href: main_app.sign_in_path, text: "Sign in")
         end

diff --git a/config/routes.rb b/config/routes.rb
@@ -7,6 +7,7 @@
   get "/sign-in", to: "sign_in#new"
   get "/sign-out", to: "sign_out#new"
   get "/auth/dfe/sign-out", to: "sign_out#new", as: :dsi_sign_out
+  post "/auth/dfe/sign-out", to: "sign_out#new", as: :dsi_sign_out_post
 
   get "/auth/dfe/callback", to: "omniauth_callbacks#dfe"
   post "/auth/developer/callback", to: "omniauth_callbacks#dfe_bypass"

diff --git a/lib/govuk_component/header_component.rb b/lib/govuk_component/header_component.rb
@@ -1,5 +1,5 @@
 class GovukComponent::HeaderComponent
-  class GovukComponent::HeaderComponent::NavigationItem
+  class NavigationItem
     attr_reader :post, :params
 
     def initialize(text:, href: nil, post: false, options: {}, active: nil, classes: [], html_attributes: {})
@@ -10,8 +10,9 @@ def initialize(text:, href: nil, post: false, options: {}, active: nil, classes:
       @post            = post
 
       if button_to?
-        query = URI(@href).query
-        @params = query.present? ? Hash[URI.decode_www_form(query)] : {}
+        uri = URI(@href)
+        @href = uri.path
+        @params = uri.query.present? ? Hash[URI.decode_www_form(uri.query)] : {}
       end
 
       super(classes:, html_attributes:)

diff --git a/spec/system/user_signs_in_spec.rb b/spec/system/user_signs_in_spec.rb
@@ -24,10 +24,11 @@
 
   def then_i_am_signed_in
     within("header") do
-      expect(page).to have_link("Sign out")
-      sign_out_link = find_link("Sign out")
-      # Expect the token from mocked auth to be in the sign out link
-      expect(sign_out_link[:href]).to include "id_token_hint=abc123"
+      expect(page).to have_button("Sign out")
+      sign_out_button = find_button("Sign out")
+      # Expect the token from mocked auth to be in the sign out form
+      token_hint_field = sign_out_button.sibling("input[name=id_token_hint]", visible: false)
+      expect(token_hint_field.value).to eq("abc123")
     end
     expect(DsiUser.count).to eq 1
     expect(DsiUserSession.count).to eq 1