Tighten up the identity and auth interaction

Handle errors, ready notification, cancellations and cleanups.

Tighten up the identity and auth interaction
Handle errors, ready notification, cancellations and cleanups.
0f66a5de · Randall Leeds · 4fd12f8b · 0f66a5de · 0f66a5de · 0f66a5de
Commit 0f66a5de authored Oct 03, 2014 by Randall Leeds
4 changed files
--- a/h/static/scripts/auth/auth-controller.coffee
+++ b/h/static/scripts/auth/auth-controller.coffee
@@ -5,7 +5,7 @@ class AuthController
    success = (data) ->
      if $scope.tab is 'forgot' then $scope.tab = 'activate'
-      if data.userid then $scope.$emit 'session', data
+      if data.userid then $scope.$emit 'auth', null, data
      $scope.model = null
      $scope.form?.$setPristine()
@@ -27,9 +27,10 @@ class AuthController
    $scope.model = null
    $scope.tab = 'login'
-    $scope.$on '$destroy', ->
+    $scope.$on 'auth', do ->
-      if timeout
+      preventCancel = $scope.$on '$destroy', ->
-        $timeout.cancel timeout
+        if timeout then $timeout.cancel timeout
+        $scope.$emit 'auth', 'cancel'
    $scope.$watchCollection 'model', (value) ->
      # Reset the auth forms after five minutes of inactivity

--- a/h/static/scripts/auth/auth.coffee
+++ b/h/static/scripts/auth/auth.coffee
@@ -11,31 +11,36 @@ configure = [
    # Use the Pyramid XSRF header name
    $httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token'
-    identityProvider.checkAuthorization = [
+    identityProvider.checkAuthentication = [
-      'session',
+      '$q', 'session',
-      (session) ->
+      ($q,   session) ->
-        session.load().$promise.then (data) ->
+        (authCheck = $q.defer())
-          certificate: data.csrf
+        .promise.then do ->
-          userid: data.userid
+          session.load().$promise.then (data) ->
+            authCheck.resolve
+              certificate: data.csrf
+              userid: data.userid
    ]
-    identityProvider.forgetAuthorization = [
+    identityProvider.forgetAuthentication = [
      'session',
      (session) ->
        session.logout({}).$promise
    ]
-    identityProvider.requestAuthorization = [
+    identityProvider.requestAuthentication = [
      '$q', '$rootScope',
      ($q,   $rootScope) ->
-        deferred = $q.defer()
+        if authCheck then authCheck.reject()
+        (authCheck = $q.defer())
-        $rootScope.$on 'session', (event, data) ->
+        .promise.finally do ->
-          deferred.resolve
+          $rootScope.$on 'auth', (event, err, data) ->
-            certificate: data.csrf
+            if err
-            userid: data.userid
+              authCheck.reject(err)
+            else
-        deferred.promise
+              authCheck.resolve
+                certificate: data.csrf
+                userid: data.userid
    ]
 ]

--- a/h/static/scripts/controllers.coffee
+++ b/h/static/scripts/controllers.coffee
@@ -200,7 +200,6 @@ class AppController
    oncancel = ->
      loggedInuser = null
-      reset()
    onlogin = (assertion) ->
      # Configure the Auth plugin with the issued assertion as refresh token.

--- a/h/static/scripts/identity.coffee
+++ b/h/static/scripts/identity.coffee
@@ -2,17 +2,20 @@
 # @ngdoc provider
 # @name identityProvider
-# @property {function} checkAuthorization A function to check for a current
+# @property {function} checkAuthentication A function to check for an
-# authorization grant. It is expected to return the promise of a grant.
+# authenticated user. It is expected to return the promise of an authorization
+# grant if the user has authorized signing in to the requesting application.
+# The function arguments are injected.
 #
-# @property {function} forgetAuthorization A function to forget the current
+# @property {function} forgetAuthentication A function to forget the current
-# authorization grant. It is expected to return the promise of a grant. If
+# authentication. The return value, if any, will be resolved as a promise
-# the user is successfully logged out the grant should be null or invalid.
+# before the identity service fires logout callbacks. The identity provider
+# should ensure any sessions are cleared. The function arguments are injected.
 #
-# @property {function} requestAuthorization A function to request that the
+# @property {function} requestAuthentication A function to request that the
-# the client begin authenticated the current user. It is expected to return the
+# the user begin authenticating. It is expected to return the promise of an
-# promise of an authorization grant once the user has authenticated and
+# authorization grant once the user has authenticated and authorized signing
-# authorized signing in to the requesting application.
+# in to the requesting application. The function arguments are injected.
 #
 # @description
 # The `identityProvider` is used to configure functions that fulfill
@@ -28,16 +31,16 @@
 # ``userid`` and ``certificate``.
 ###
 identityProvider = ->
-  checkAuthorization: ['$q', ($q) ->
+  checkAuthentication: ['$q', ($q) ->
-    $q.reject 'Not implemented idenityProvider#checkAuthorization.'
+    $q.reject 'Not implemented idenityProvider#checkAuthentication.'
  ]
-  forgetAuthorization: ['$q', ($q) ->
+  forgetAuthentication: ['$q', ($q) ->
-    $q.reject 'Not implemented idenityProvider#forgetAuthorization.'
+    $q.reject 'Not implemented idenityProvider#forgetAuthentication.'
  ]
-  requestAuthorization: ['$q', ($q) ->
+  requestAuthentication: ['$q', ($q) ->
-    $q.reject 'Not implemented idenityProvider#requestAuthorization.'
+    $q.reject 'Not implemented idenityProvider#requestAuthentication.'
  ]
  ###*
@@ -59,6 +62,7 @@ identityProvider = ->
      onlogin = null
      onlogout = null
      onmatch = null
+      onready = null
      invokeCallbacks = (grant={}) ->
        {userid, certificate} = grant
@@ -97,8 +101,8 @@ identityProvider = ->
      # https://developer.mozilla.org/en-US/docs/Web/API/navigator.id.logout
      ###
      logout: ->
-        result = $injector.invoke(provider.forgetAuthorization, provider)
+        result = $injector.invoke(provider.forgetAuthentication, provider)
-        $q.when(result).finally(-> onlogout?())
+        $q.when(result).finally(invokeCallbacks)
      ###*
      # @ngdoc method
@@ -108,7 +112,7 @@ identityProvider = ->
      ###
      request: (options={}) ->
        {oncancel} = options
-        result = $injector.invoke(provider.requestAuthorization, provider)
+        result = $injector.invoke(provider.requestAuthentication, provider)
        $q.when(result).then(invokeCallbacks, oncancel)
      ###*
@@ -118,9 +122,9 @@ identityProvider = ->
      # https://developer.mozilla.org/en-US/docs/Web/API/navigator.id.watch
      ###
      watch: (options) ->
-        {loggedInUser, onlogin, onlogout, onmatch} = options
+        {loggedInUser, onlogin, onlogout, onmatch, onready} = options
-        result = $injector.invoke(provider.checkAuthorization, provider)
+        result = $injector.invoke(provider.checkAuthentication, provider)
-        result.then(invokeCallbacks)
+        $q.when(result).then(invokeCallbacks, null, onready)
  ]