handle multiple logouts

js/controllers/login-controller.js

@@ -126,8 +126,14 @@ app.controller('loginCtrl', [
   };
 
   vm.signOut = function () {
-    Auth.signOut();
-    $location.path('/splash-page');
+    // TODO the sign-out url for each account should be fixed.
+    return Auth.signOut().then(function () {
+      if (!Auth.hasSession()) {
+        $location.path('/splash-page');
+        return;
+      }
+      window.alert("You are still logged in with other accounts.");
+    });
   };
 
 }]);

js/services/auth-service.js

@@ -30,7 +30,7 @@ app.factory('Auth', [
 
       localStorage.setItem(dapName, JSON.stringify(session));
       localStorage.setItem(dapSession, dapName);
-      obj[dapName] = true;
+      obj[dapName] = Date.now();
       localStorage.setItem(dapSessions, JSON.stringify(obj));
     }
   , restore: function () {
@@ -54,8 +54,27 @@ app.factory('Auth', [
       return Auth.session;
     }
   , signOut: function () {
-    localStorage.clear();
-  }
+      var session = Auth.session;
+      var dapName = 'dap-' + session.subject + '|' + session.issuer;
+
+      // TODO logout url should be created upon login and remain fixed throughout the duration of the session (or on session restoration)
+      return Auth.oauth3.logout().then(function () {
+        var obj = JSON.parse(localStorage.getItem(dapSessions) || '{}');
+        delete obj[dapName];
+        var newDapName = Object.keys(obj).sort(function (a, b) { return obj[a] - obj[b]; })[0];
+
+        localStorage.setItem(dapSession, newDapName);
+        localStorage.setItem(dapSessions, JSON.stringify(obj));
+        localStorage.removeItem(dapName);
+
+        if (!newDapName) {
+          localStorage.removeItem(dapSession);
+        }
+
+        return Auth.restore();
+      });
+      // localStorage.clear();
+    }
   , sessions: []
   , session: null
   , oauth3: null