Commit 0e8e035f authored by Robert Knight's avatar Robert Knight Committed by GitHub

Merge pull request #216 from hypothesis/dont-delete-cached-oauth-access-token

Don't delete cached OAuth access token
parents 480e1bae dbf5d781
......@@ -59,8 +59,11 @@ function auth($http, settings) {
}
}
// clearCache() isn't implemented (or needed) yet for OAuth.
// In the future, for example when OAuth-authenticated users can login and
// logout of the client, this clearCache() will need to clear the access
// token and cancel any scheduled refresh token requests.
function clearCache() {
cachedToken = null;
}
return {
......
......@@ -59,6 +59,16 @@ function session($http, $resource, $rootScope, annotationUI, auth,
var lastLoad;
var lastLoadTime;
// Return the authority from the first service defined in the settings.
// Return null if there are no services defined in the settings.
function getAuthority() {
if (Array.isArray(settings.services) && settings.services.length > 0) {
return settings.services[0].authority;
}
return null;
}
/**
* @name session.load()
* @description Fetches the session data from the server.
......@@ -79,10 +89,7 @@ function session($http, $resource, $rootScope, annotationUI, auth,
// the /app endpoint.
lastLoadTime = Date.now();
lastLoad = retryUtil.retryPromiseOperation(function () {
var authority;
if (Array.isArray(settings.services) && settings.services.length > 0) {
authority = settings.services[0].authority;
}
var authority = getAuthority();
if (authority) {
return store.profile.read({authority: authority}).then(update);
} else {
......@@ -138,7 +145,9 @@ function session($http, $resource, $rootScope, annotationUI, auth,
lastLoadTime = Date.now();
if (userChanged) {
auth.clearCache();
if (!getAuthority()) {
auth.clearCache();
}
$rootScope.$broadcast(events.USER_CHANGED, {
initialLoad: isInitialLoad,
......
......@@ -90,16 +90,4 @@ describe('oauth auth', function () {
});
});
});
describe('#clearCache', function () {
it('should clear cached tokens', function () {
return auth.tokenGetter().then(function () {
fakeHttp.post.reset();
auth.clearCache();
return auth.tokenGetter();
}).then(function () {
assert.calledOnce(fakeHttp.post);
});
});
});
});
......@@ -263,6 +263,17 @@ describe('session', function () {
id: 'anne',
});
});
it('does not clear the access token when the host page provides a grant token', function () {
fakeSettings.services = [{
authority: 'publisher.org',
grantToken: 'a.jwt.token',
}];
session.update({userid: 'different-user', csrf: 'dummytoken'});
assert.notCalled(fakeAuth.clearCache);
});
});
describe('#dismissSidebarTutorial()', function () {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment