• Robert Knight's avatar
    Remove auth => session dependency · 444482ec
    Robert Knight authored
    Simplify the "auth" service and remove the dependency on the
    "session" service. This will make it possible to introduce a "store" =>
    "session" dependency in future in order to support fetching the user's
    profile from the access token-authenticated /api/profile endpoint
    instead of the cookie-authenticated /app endpoint.
    
    The 'auth' service depended on 'session' for three things:
    
     - Being able to call `session.load()` in order to retrieve a CSRF
       token. This token is not needed for the `GET /api/token` endpoint
       following https://github.com/hypothesis/h/pull/4322
    
     - Calling `session.logout()`. This is fixed by removing the
       `auth.logout()` endpoint and changing the caller to call
       `session.logout()` directly instead. `session.logout()` in turn
       calls `auth.clearCache()` to clear cached API tokens.
    
     - Determining the current user ID in order to invalidate
       the cached token when that changes. The logic to clear the
       cache has instead been moved to the session service.
    
    This commit also adds additional tests for session logout.
    444482ec
auth.js 1.21 KB