More spiking

app.js

@@ -118,6 +118,7 @@ app.get('/', backpack.manage);
 app.get('/backpack', backpack.manage)
 app.get('/backpack/login', backpack.login);
 app.get('/backpack/signout', backpack.signout);
+app.post('/backpack/signout', backpack.signout);
 app.post('/backpack/badge', backpack.userBadgeUpload);
 app.post('/backpack/authenticate', backpack.authenticate);
 app.get('/stats', backpack.stats);

controllers/backpack.js

@@ -17,6 +17,9 @@ var Group = require('../models/group');
  */
 
 exports.login = function login(request, response) {
+  if (request.user)
+    return response.redirect('/', 303);
+
   // request.flash returns an array. Pass on the whole thing to the view and
   // decide there if we want to display all of them or just the first one.
   response.render('login.html', {
@@ -85,7 +88,10 @@ exports.authenticate = function authenticate(request, response) {
 
 exports.signout = function signout(request, response) {
   request.session = {};
-  response.redirect('/backpack/login', 303);
+  if (request.xhr)
+    response.json(200);
+  else
+    response.redirect('/backpack/login', 303);
 };
 
 /**

middleware.js

@@ -115,9 +115,10 @@ exports.csrf = function (options) {
   var value = options.value || defaultValue;
   var list = options.whitelist;
   return function (req, res, next) {
+    var token = res.locals.csrfToken = req.session._csrf || (req.session._csrf = utils.uid(24));
+
     if (whitelisted(list, req.url)) return next();
 
-    var token = req.session._csrf || (req.session._csrf = utils.uid(24));
     if ('GET' == req.method || 'HEAD' == req.method) return next();
     var val = value(req);
     if (val != token) {

static/js/backpack.js

@@ -28,7 +28,7 @@ if(!nunjucks.env) {
 }(/*end setup*/)
 
 
-!!function appInitialize (){
+!!function appInitialize ($){
 
 var global = {
   dragging: false
@@ -568,4 +568,4 @@ _.each(existingBadges, Badge.fromElement);
 _.each(existingGroups, Group.fromElement);
 
 //end app scope
-}();
+}(window.jQuery);

static/js/browserid-ajax.js

@@ -4,37 +4,46 @@ define(["jquery", "backbone-events"], function($, BackboneEvents) {
   return function BrowserIDAjax(options) {
     var id = options.id || window.navigator.id;
     var network = options.network || $;
+
     var self = {
-      email: options.email || null,
+      email: options.email,
       csrfToken: options.csrfToken,
       id: id,
       login: function() {
-        self.id.get(function(assertion) {
-          if (assertion)
-            post(options.verifyURL, {assertion: assertion}, 'login');
-          else
-            self.trigger("login:error");
-        });
+        self.id.request();
       },
       logout: function() {
-        post(options.logoutURL, {}, 'logout');
+        self.id.logout();
       }
     };
 
+    self.id.watch({
+      loggedInUser: self.email,
+      onlogin: function(assertion) {
+        if (assertion)
+          post(options.verifyURL, {assertion: assertion}, 'login');
+        else
+          self.trigger("login:error");
+      },
+      onlogout: function() {
+        post(options.logoutURL, {}, 'logout');
+      }
+    });
+
     BackboneEvents.mixin(self);
 
     function post(url, data, eventName) {
       network.ajax({
         type: 'POST',
         url: url,
-        headers: {"X-CSRFToken": self.csrfToken},
+        headers: {"x-csrf-token": self.csrfToken},
         dataType: 'json',
         data: data,
         error: function() {
+          console.log(arguments);
           self.trigger(eventName + ":error");
         },
         success: function(data) {
-          self.csrfToken = data.csrfToken;
           self.email = data.email;
           self.trigger(eventName, self);
         }

static/js/require-config.js

@@ -2,7 +2,10 @@ var require = {
   baseUrl: "js",
   shim: {
     'jquery': {
-      exports: 'jQuery'
+      exports: 'jQuery',
+      init: function() {
+        this.jQuery.noConflict();
+      }
     }
   },
   paths: {

static/test/backpack/test-browserid-ajax.js

@@ -3,11 +3,17 @@
 defineTests(["browserid-ajax"], function(BrowserIDAjax) {
   module("browserid-ajax");
 
-  function FakeNavigatorID() {
+  function FakeNavigatorID(assertion) {
     return {
       _options: null,
-      get: function(cb) {
-        this._options = {onlogin: cb};
+      watch: function(opts) {
+        this._options = opts;
+      },
+      request: function(opts) {
+        this._options.onlogin(assertion);
+      },
+      logout: function() {
+        this._options.onlogout();
       }
     };
   }
@@ -20,11 +26,33 @@ defineTests(["browserid-ajax"], function(BrowserIDAjax) {
     };
   }
 
+  test("email sentinel values preserved", function() {
+    var id = FakeNavigatorID();
+
+    var browserid = BrowserIDAjax({
+      email: null, /* not logged in */
+      id: id
+    });
+    strictEqual(id._options.loggedInUser, null);
+
+    browserid = BrowserIDAjax({
+      email: undefined, /* login status unknown */
+      id: id
+    });
+    strictEqual(id._options.loggedInUser, undefined);
+
+    browserid = BrowserIDAjax({
+      email: 'foo@bar.org', /* foo@bar.org logged in */
+      id: id
+    });
+    equal(id._options.loggedInUser, 'foo@bar.org');
+  });
+
   test("login error on failed verify works", function() {
     var loginErrorEvents = 0;
     var browserid = BrowserIDAjax({
-      email: '',
-      id: FakeNavigatorID(),
+      email: null,
+      id: FakeNavigatorID('fake assertion for foo@bar.org'),
       verifyURL: '/verify',
       logoutURL: '/logout',
       csrfToken: 'fake csrf token',
@@ -37,26 +65,25 @@ defineTests(["browserid-ajax"], function(BrowserIDAjax) {
 
     equal(loginErrorEvents, 0);
     browserid.login();
-    browserid.id._options.onlogin('fake assertion for foo@bar.org');
     equal(loginErrorEvents, 1);
   });
 
   test("verification works", function() {
     var loginEvents = 0;
     var loginErrorEvents = 0;
     var browserid = BrowserIDAjax({
-      email: '',
-      id: FakeNavigatorID(),
+      email: null,
+      id: FakeNavigatorID('fake assertion for foo@bar.org'),
       verifyURL: '/verify',
       logoutURL: '/logout',
       csrfToken: 'fake csrf token',
       network: FakeNetwork({
         'POST /verify': function(options) {
           equal(options.data.assertion, 'fake assertion for foo@bar.org');
-          equal(options.headers['X-CSRFToken'], 'fake csrf token');
+          equal(options.headers['x-csrf-token'], 'fake csrf token');
           equal(options.dataType, 'json');
           options.success({
-            csrfToken: 'new fake csrf token',
+            status: 'ok',
             email: 'foo@bar.org',
           });
         }
@@ -65,17 +92,11 @@ defineTests(["browserid-ajax"], function(BrowserIDAjax) {
       .on('login:error', function() { loginErrorEvents++; });
 
     equal(browserid.email, null);
-    equal(browserid.csrfToken, 'fake csrf token');
 
     browserid.login();
-    browserid.id._options.onlogin(null);
-    equal(loginEvents, 0, "null assertions don't trigger login events");
-    equal(loginErrorEvents, 1, "null assertions do trigger login:error evts");
-    browserid.id._options.onlogin('fake assertion for foo@bar.org');
 
     equal(loginEvents, 1);
     equal(browserid.email, 'foo@bar.org');
-    equal(browserid.csrfToken, 'new fake csrf token');
   });
 
   test("logout works", function() {
@@ -88,23 +109,21 @@ defineTests(["browserid-ajax"], function(BrowserIDAjax) {
       csrfToken: 'fake csrf token',
       network: FakeNetwork({
         'POST /logout': function(options) {
-          equal(options.headers['X-CSRFToken'], 'fake csrf token');
+          equal(options.headers['x-csrf-token'], 'fake csrf token');
           equal(options.dataType, 'json');
           options.success({
-            csrfToken: 'another new fake csrf token',
+            status: 'ok',
             email: null,
           });
         }
       })
     }).on('logout', function() { logoutEvents++; });
 
     equal(browserid.email, 'foo@barf.org');
-    equal(browserid.csrfToken, 'fake csrf token');
 
     browserid.logout();
 
     equal(logoutEvents, 1);
     equal(browserid.email, null);
-    equal(browserid.csrfToken, 'another new fake csrf token');
   });
 });

views/layout.html

@@ -45,12 +45,14 @@ <h3><a class="brand" href="/">
               Help: {% if tooltips %}Off{% else %}On{% endif %}
             </a></li>
           </ul>
-          {% if user %}
             <ul class="nav pull-right">
+            {% if user %}
               <li class="user">{{user.attributes.email}}</li>
-              <li><a href="/backpack/signout">Sign Out</a></li>
+              <li><a class="js-browserid-logout" href="#">Sign Out</a></li>
+            {% else %}
+              <li><a class="js-browserid-link" href="#">Sign In</a></li>
+            {% endif %}
             </ul>
-          {% endif %}
         </div>
       </div>
     </div>
@@ -87,6 +89,39 @@ <h2>Legal</h2>
     </div>
 
     <script src="//www.mozilla.org/tabzilla/media/js/tabzilla.js"></script>
+    <script src="/js/require-config.js"></script>
+    <script src="/js/require.min.js"></script>
+    <script type="text/javascript">
+      require(['browserid-ajax'], function(BrowserIDAjax){
+        var browserid = BrowserIDAjax({
+          {% if user %}
+          email: "{{ user.attributes.email }}",
+          {% else %}
+          email: null,
+          {% endif %}
+          verifyURL: '/backpack/authenticate',
+          logoutURL: '/backpack/signout',
+          csrfToken: '{{ csrfToken }}'
+        }).on('login:error', function() {
+          console.log('error');
+        }).on('login', function() {
+          console.log('woot');
+          window.location.reload();
+        }).on('logout', function() {
+          console.log('logout');
+          window.location.reload();
+        }).on('logout:error', function() {
+          console.log('wat');
+        });
+
+        $('.js-browserid-link').bind('click', function(){
+          browserid.login();
+        });
+        $('.js-browserid-logout').bind('click', function(){
+          browserid.logout();
+        });
+      });
+    </script>
     {% block scripts %}{% endblock %}
 
   </body>

views/login.html

@@ -1,55 +1,9 @@
 {% extends 'layout.html' %}
 {% block body %}
 <h1>Welcome</h1>
-<h2>Use the green button below to <a href="#" class="js-browserid-link">sign in.</a><br/> Don&rsquo;t worry if you don&rsquo;t have an account, that&rsquo;ll get taken care of.</h2>
-
-<form class="signin js-browserid-form" method="POST" action="/backpack/authenticate">
-  <input class="js-browserid-input" name="assertion" type="hidden"></input>
-  <input name="_csrf" type="hidden" value="{{ csrfToken }}"></input>
-</form>
+<h2>Use the blue button below to <a href="#" class="js-browserid-link">sign in.</a><br/> Don&rsquo;t worry if you don&rsquo;t have an account, that&rsquo;ll get taken care of.</h2>
 
 <div style="padding-top: 10px">
-  <a class="js-browserid-link" href="#"><img src="https://browserid.org/i/sign_in_green.png"/></a>
+  <a class="js-browserid-link" href="#"><img src="https://developer.mozilla.org/files/3957/email_sign_in_blue.png"/></a>
 </div>
-
-<script src="/js/require-config.js"></script>
-<script src="/js/require.min.js"></script>
-<script type="text/javascript">
-  require(['browserid-ajax', 'jquery'], function(BrowserIDAjax, $){
-    var browserid = BrowserIDAjax({
-      email: '',
-      verifyURL: '/backpack/authenticate',
-      logoutURL: '/backpack/signout',
-      csrfToken: '{{ csrfToken }}'
-    }).on('login:error', function() {
-      console.log('error');
-    }).on('login', function() {
-      console.log('woot');
-      window.location = '/';
-    });
-
-    $('.js-browserid-link').bind('click', function(){ browserid.login(); });
-  });
-/*!!function loginHandler () {
-//begin login handler
-
-  function launchBrowserId(callback) {
-    return function() { navigator.id.get(callback, {
-      siteName: 'Open Badge Backpack',
-      termsOfService: '/tou.html',
-      privacyPolicy: '/privacy.html',
-      returnTo: '/'
-    }); }
-  }
-  function handleResponse(assertion) {
-    if (!assertion) return false;
-    $('.js-browserid-input').val(assertion);
-    $('.js-browserid-form').trigger('submit');
-  }
-  $('.js-browserid-link').bind('click', launchBrowserId(handleResponse));
-
-//begin login handler scope
-}();
-*/
-</script>
 {% endblock %}