update REDIRECT_SIGNOUT based on env (#139427)

.env_example

@@ -22,6 +22,7 @@ stageEnrollmentCountsTableArn=local_nonsense_if_unset_we_search_CF_for
 DYNAMODB_URL=http://localhost:8000
 COGNITO_USER_POOL_ID=placeholder
 COGNITO_USER_POOL_CLIENT_ID=placeholder
+POST_SIGNOUT_REDIRECT=http://localhost:3000/
 API_URL=http://localhost:3030/local
 S3_LOCAL_ENDPOINT=http://localhost:4569
 S3_ATTACHMENTS_BUCKET_NAME=local-uploads

services/ui-auth/serverless.yml

@@ -133,7 +133,9 @@ resources:
         DefaultRedirectURI: ${self:custom.application_endpoint_url}
         LogoutURLs:
           - ${self:custom.application_endpoint_url}
+          - "${self:custom.application_endpoint_url}postLogout"
           - http://localhost:3000/
+          - http://localhost:3000/postLogout
         SupportedIdentityProviders:
           - Fn::If:
               - BackWithOkta
@@ -142,7 +144,7 @@ resources:
         AccessTokenValidity: 30
         IdTokenValidity: 30
         RefreshTokenValidity: 24
-        TokenValidityUnits: 
+        TokenValidityUnits:
           AccessToken: "minutes"
           IdToken: "minutes"
           RefreshToken: "hours"

services/ui-src/.env_example

@@ -8,6 +8,7 @@ COGNITO_USER_POOL_CLIENT_ID=placeholder
 COGNITO_USER_POOL_CLIENT_DOMAIN=placeholder
 COGNITO_REDIRECT_SIGNIN=placeholder
 COGNITO_REDIRECT_SIGNOUT=placeholder
+POST_SIGNOUT_REDIRECT=placeholder
 S3_ATTACHMENTS_BUCKET_REGION=placeholder
 S3_ATTACHMENTS_BUCKET_NAME=placeholder
 S3_LOCAL_ENDPOINT=http://localhost:4569

services/ui-src/configureLocal.sh

@@ -41,7 +41,7 @@ export COGNITO_USER_POOL_ID=$cognito_user_pool_id
 export COGNITO_USER_POOL_CLIENT_ID=$cognito_user_pool_client_id
 export COGNITO_USER_POOL_CLIENT_DOMAIN=$cognito_user_pool_client_domain
 export COGNITO_REDIRECT_SIGNIN=http://localhost:3000/
-export COGNITO_REDIRECT_SIGNOUT=http://localhost:3000/
+export COGNITO_REDIRECT_SIGNOUT=http://localhost:3000/postLogout
 export S3_ATTACHMENTS_BUCKET_REGION=$s3_attachments_bucket_region
 export S3_ATTACHMENTS_BUCKET_NAME=$s3_attachements_bucket_name
 # This is set to false, as using this script points your local react server to Amazon

services/ui-src/serverless.yml

@@ -40,6 +40,8 @@ custom:
   ui_s3_bucket_name: ${cf:ui-${self:custom.stage}.S3BucketName}
   ui_cloudfront_distribution_id: ${cf:ui-${self:custom.stage}.CloudFrontDistributionId}
   application_endpoint_url: ${cf:ui-${self:custom.stage}.ApplicationEndpointUrl}
+  application_signout_url: "${self:custom.application_endpoint_url}postLogout"
+  signout_redirect_url: ${env:POST_SIGNOUT_REDIRECT, ssm:/configuration/${self:custom.stage}/cognito/redirectSignout, ssm:/configuration/default/cognito/redirectSignout}
   s3Sync:
     - bucketName: ${self:custom.ui_s3_bucket_name}
       localDir: ./build
@@ -63,7 +65,8 @@ custom:
         export COGNITO_USER_POOL_CLIENT_ID=${self:custom.cognito_user_pool_client_id}
         export COGNITO_USER_POOL_CLIENT_DOMAIN=${self:custom.cognito_user_pool_client_domain}
         export COGNITO_REDIRECT_SIGNIN=${self:custom.application_endpoint_url}
-        export COGNITO_REDIRECT_SIGNOUT=${self:custom.application_endpoint_url}
+        export COGNITO_REDIRECT_SIGNOUT=${self:custom.application_signout_url}
+        export POST_SIGNOUT_REDIRECT=${self:custom.signout_redirect_url}
         export S3_ATTACHMENTS_BUCKET_REGION=${self:custom.s3_attachments_bucket_region}
         export S3_ATTACHMENTS_BUCKET_NAME=${self:custom.s3_attachments_bucket_name}
         export LOCAL_LOGIN=false

services/ui-src/src/App.js

@@ -1,6 +1,7 @@
 import React from "react";
-import { BrowserRouter as Router } from "react-router-dom";
+import { BrowserRouter as Router, Route } from "react-router-dom";
 import { UserProvider } from "./hooks/authHooks";
+import { PostLogoutRedirect } from "./components/layout/PostLogoutRedirect";
 import AppRoutes from "./AppRoutes";
 import "font-awesome/css/font-awesome.min.css";
 import "./styles/app.scss";
@@ -10,7 +11,8 @@ function App() {
     <div id="app-wrapper">
       <Router>
         <UserProvider>
-          <AppRoutes />
+          <Route path="/" component={AppRoutes} />
+          <Route path="/postLogout" component={PostLogoutRedirect} />
         </UserProvider>
       </Router>
     </div>

services/ui-src/src/components/layout/PostLogoutRedirect.js

@@ -0,0 +1,7 @@
+import React from "react";
+import config from "../../config";
+
+export const PostLogoutRedirect = () => {
+  window.location.href = config.POST_SIGNOUT_REDIRECT;
+  return <></>;
+};

services/ui-src/src/config.js

@@ -23,6 +23,7 @@ export const configToExport = {
     REDIRECT_SIGNIN: window.env.COGNITO_REDIRECT_SIGNIN,
     REDIRECT_SIGNOUT: window.env.COGNITO_REDIRECT_SIGNOUT,
   },
+  POST_SIGNOUT_REDIRECT: window.env.POST_SIGNOUT_REDIRECT,
   currentReportingYear: "2021",
 };
 

services/ui-src/src/hooks/authHooks/userProvider.js

@@ -1,5 +1,5 @@
 import React, { useCallback, useEffect, useMemo, useState } from "react";
-import { useHistory, useLocation } from "react-router-dom";
+import { useLocation } from "react-router-dom";
 import { Auth } from "aws-amplify";
 import { UserContext } from "./userContext";
 import { AppRoles, IdmRoles } from "../../types";
@@ -15,7 +15,6 @@ const authenticateWithIDM = () => {
 };
 
 export const UserProvider = ({ children }) => {
-  const history = useHistory();
   const location = useLocation();
   const isProduction =
     window.location.origin === cartsProdDomain ||
@@ -33,10 +32,17 @@ export const UserProvider = ({ children }) => {
     } catch (error) {
       console.log("error signing out: ", error); // eslint-disable-line no-console
     }
-    history.push("/");
-  }, [history]);
+    window.location.href = config.POST_SIGNOUT_REDIRECT;
+  }, []);
 
   const checkAuthState = useCallback(async () => {
+    // Allow Post Logout flow alongside user login flow
+    if (location?.pathname.toLowerCase() === "/postlogout") {
+      window.location.href = config.POST_SIGNOUT_REDIRECT;
+      return;
+    }
+
+    // Authenticate
     try {
       const session = await Auth.currentSession();
       const payload = session.getIdToken().payload;
@@ -62,7 +68,7 @@ export const UserProvider = ({ children }) => {
         setShowLocalLogins(true);
       }
     }
-  }, [isProduction]);
+  }, [isProduction, location]);
 
   // single run configuration
   useEffect(() => {

tests/cypress/cypress.json

@@ -14,5 +14,6 @@
   "downloadsFolder": "downloads",
   "supportFile": "support/index.js",
   "defaultCommandTimeout": 15000,
-  "types": ["cypress", "cypress-axe"]
+  "types": ["cypress", "cypress-axe"],
+  "chromeWebSecurity": false
 }

tests/cypress/support/commands.js

@@ -65,6 +65,7 @@ Cypress.Commands.add("logout", () => {
   cy.get(headerDropdownMenu).click();
   cy.get(logoutButton).click();
   cy.wait(3000); // let logout settle
+  cy.visit("/");
 });
 
 Cypress.Commands.add("ensureAvailableReport", () => {

tests/cypress/tests/integration/login.spec.js

@@ -12,12 +12,16 @@ describe("CARTS Login Integration Tests", () => {
     cy.authenticate("stateUser");
     cy.get(headerDropdownMenu).click();
     cy.get(logoutButton).click();
+    cy.wait(3000); // let logout settle
+    cy.visit("/");
   });
 
   it("Should authenticate as Admin User", () => {
     cy.authenticate("adminUser");
     cy.get(headerDropdownMenu).click();
     cy.get(logoutButton).click();
+    cy.wait(3000); // let logout settle
+    cy.visit("/");
   });
 
   it("Should display Login screen after logging out", () => {