Fix authentication method retrieval after Tomcat restart

[ybnd]

References

Add references/links to any related issues or PRs. These may include:

• Fixes Authentication check can't deal with a token that is invalid but not expired #4662

Description

This PR ensures that authentication methods are retrieved when the current authentication cookie hasn't expired yet, but is invalid for other reasons (such as Tomcat having restarted)

• The AuthenticatedAction fired when a token appears valid is marked with checkAgain: true
• If the authentication status indicates that we aren't authenticated, we'll now fire a CheckAuthenticationTokenCookieAction
• When we fire AuthenticatedAction after parsing an authentication response, we mark it with checkAgain: false to make sure that we don't keep re-checking the cookie forever

Instructions for Reviewers

Confirm that the bug described in the linked issue can no longer be replicated.

Confirm that the following scenarios are still handled correctly:

• Opening the app without authenticating (no cookie)
• Logging in (with password, Shibboleth, ...)
• Refreshing while authenticated
• Logging out
• Getting logged out when the authentication token expires

Checklist

This checklist provides a reminder of what we are going to look for when reviewing your PR. You do not need to complete this checklist prior creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!

• My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
• My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
• My PR passes ESLint validation using npm run lint
• My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
• My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
• My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
• My PR aligns with Accessibility guidelines if it makes changes to the user interface.
• My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
• My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
• If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
• If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
• If my PR fixes an issue ticket, I've linked them together.

[toniprieto]

Thanks, @ybnd ! I've been using this change on a dev instance and it fixes the linked issue. Very helpful! I've run the basic tests with password authentication and haven't detected any problems.

@tdonohue I noticed that the PR isn’t added to any board

[tdonohue]

Temporarily closing & reopening to trigger an updated test run. Apologies for the delay in getting to this, but I'm hoping to get it merged soon,