• Robert Knight's avatar
    Simplify API authentication in the client · e5af8365
    Robert Knight authored
    In order to make API requests, the client needs to
    fetch a JWT token and then configure 'angular-jwt'
    to provide it on subsequent HTTP requests to
    API endpoints.
    
    This fairly simple task was complicated by
    the inclusion of an emulation of the deprecated
    Mozilla IdentityManager API - see https://developer.mozilla.org/en-US/docs/Web/API/IdentityManager
    
    This commit replaces the identity module with
    a much simpler implementation that only does
    what we actually need at present:
    
     1. Enable the 'angular-jwt' interceptor which
        adds 'Authorization: Bearer <Token>' headers
        to API HTTP requests.
    
     2. Provide the JWT interceptor with a function
        which fetches JWT tokens and caches them.
    
    The new implementation fixes two bugs in the previous
    implementation:
    
     1. Cached API tokens were not invalidated properly when
        signing out (#3083).
    
        (In the old code, 'authPromise' was set to a rejected promise
         after signing out, but 'checkAuthentication()' checked for
         'authPromise' being _null_ when deciding whether to retrieve
         a new token. Consequently API requests made immediately
         after signing in could end up being unauthenticated).
    
     2. The value of $scope.auth.username and session.state.userid
        could get out of sync (#2924).
    
        In the new implementation, $scope.auth.username is always
        updated whenever the USER_CHANGED event is emitted and that
        event is always emitted when session.state.userid changes.
    
    Fixes #3083
    Fixes #2924
    e5af8365
auth-test.js 2.78 KB