Merged in r2-3184-auth-bug (pull request #7047)

R2-3184 Logout not refreshing session
primeroIMS · Feb 14, 2025 · 2d2b07b · 2d2b07b
2 parents 6a7bbd0 + 2a0a9d9
commit 2d2b07b
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 3 deletions.
diff --git a/app/controllers/api/v2/tokens_controller.rb b/app/controllers/api/v2/tokens_controller.rb
@@ -23,6 +23,9 @@ def respond_to_on_destroy
   end
 
   def create
+    # TODO: This may no longer be needed once we change to store session in the database will need to test
+    warden.logout(resource_name) if !current_user_match_params? && user_name_param.present?
+
     if Rails.configuration.x.idp.use_identity_provider
       create_idp
     else
@@ -40,6 +43,12 @@ def create_idp
     end
   end
 
+  # TODO: This will no longer be needed once we change to store session in the database
+  def destroy
+    session[:expires_at] = 30.minutes.ago
+    super
+  end
+
   def fail_to_authorize!(opts)
     throw(:warden, opts)
   end
@@ -68,4 +77,12 @@ def destroy_action_message
   def current_token
     IdpTokenStrategy.token_from_header(request.headers)
   end
+
+  def user_name_param
+    sign_in_params[resource_class.authentication_keys.first]
+  end
+
+  def current_user_match_params?
+    current_user&.user_name == user_name_param
+  end
 end
diff --git a/app/javascript/components/connectivity/selectors.js b/app/javascript/components/connectivity/selectors.js
@@ -30,3 +30,5 @@ export const getQueueData = state => state.getIn([NAMESPACE, "queueData"], fromJ
 export const hasQueueData = state => !getQueueData(state).isEmpty();
 
 export const selectUserToggleOffline = state => state.getIn([NAMESPACE, "fieldMode"], false);
+
+export const selectPendingUserLogin = state => state.getIn([NAMESPACE, "pendingUserLogin"], false);
diff --git a/app/javascript/components/connectivity/use-connectivity-status.js b/app/javascript/components/connectivity/use-connectivity-status.js
@@ -18,7 +18,8 @@ import {
   selectNetworkStatus,
   selectServerStatusRetries,
   selectQueueStatus,
-  selectUserToggleOffline
+  selectUserToggleOffline,
+  selectPendingUserLogin
 } from "./selectors";
 import { checkServerStatus, setQueueData, setQueueStatus } from "./action-creators";
 import { CHECK_SERVER_INTERVAL, CHECK_SERVER_RETRY_INTERVAL } from "./constants";
@@ -34,6 +35,7 @@ const useConnectivityStatus = () => {
   const currentDialog = useMemoizedSelector(state => selectDialog(state));
   const serverStatusRetries = useMemoizedSelector(state => selectServerStatusRetries(state));
   const browserStatus = useMemoizedSelector(state => selectBrowserStatus(state));
+  const pendingUserLogin = useMemoizedSelector(state => selectPendingUserLogin(state));
 
   const fetchQueue = async () => {
     const queueData = await DB.getAll(DB_STORES.OFFLINE_REQUESTS);
@@ -105,7 +107,7 @@ const useConnectivityStatus = () => {
   }, [online, queueStatus]);
 
   useEffect(() => {
-    const ready = online && authenticated && queueStatus === QUEUE_READY;
+    const ready = online && authenticated && queueStatus === QUEUE_READY && !pendingUserLogin;
 
     const startQueue = async () => {
       Queue.ready = ready;
@@ -121,7 +123,7 @@ const useConnectivityStatus = () => {
     };
 
     startQueue();
-  }, [online, authenticated, queueStatus]);
+  }, [online, authenticated, queueStatus, pendingUserLogin]);
 
   useEffect(() => {
     setConnectionListeners();

diff --git a/app/javascript/middleware/utils/fetch-single-payload.js b/app/javascript/middleware/utils/fetch-single-payload.js
@@ -24,9 +24,23 @@ import handleSuccess from "./handle-success";
 import FetchError from "./fetch-error";
 import getCSRFToken from "./get-csrf-token";
 
+let abortFollowingRequest = false;
+
 const fetchSinglePayload = async (action, store, options) => {
   const controller = new AbortController();
 
+  if (action.type === "user/LOGOUT") {
+    abortFollowingRequest = true;
+  }
+
+  if (["user/LOGIN", "connectivity/SERVER_STATUS"].includes(action.type)) {
+    abortFollowingRequest = false;
+  }
+
+  if (abortFollowingRequest && action.type !== "user/LOGOUT") {
+    return false;
+  }
+
   setTimeout(() => {
     controller.abort();
   }, FETCH_TIMEOUT);
@@ -101,6 +115,8 @@ const fetchSinglePayload = async (action, store, options) => {
         fetchStatus({ store, type }, "FAILURE", json);
 
         if (status === 401) {
+          abortFollowingRequest = true;
+
           if (action.type === userActions.FETCH_USER_DATA) {
             throw new Error(window.I18n.t("error_message.error_401"));
           }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -30,3 +30,5 @@ export const getQueueData = state => state.getIn([NAMESPACE, "queueData"], fromJ
		export const hasQueueData = state => !getQueueData(state).isEmpty();

		export const selectUserToggleOffline = state => state.getIn([NAMESPACE, "fieldMode"], false);

		export const selectPendingUserLogin = state => state.getIn([NAMESPACE, "pendingUserLogin"], false);