Commit 0f66a5de authored by Randall Leeds's avatar Randall Leeds

Tighten up the identity and auth interaction

Handle errors, ready notification, cancellations and cleanups.
parent 4fd12f8b
......@@ -5,7 +5,7 @@ class AuthController
success = (data) ->
if $scope.tab is 'forgot' then $scope.tab = 'activate'
if data.userid then $scope.$emit 'session', data
if data.userid then $scope.$emit 'auth', null, data
$scope.model = null
$scope.form?.$setPristine()
......@@ -27,9 +27,10 @@ class AuthController
$scope.model = null
$scope.tab = 'login'
$scope.$on '$destroy', ->
if timeout
$timeout.cancel timeout
$scope.$on 'auth', do ->
preventCancel = $scope.$on '$destroy', ->
if timeout then $timeout.cancel timeout
$scope.$emit 'auth', 'cancel'
$scope.$watchCollection 'model', (value) ->
# Reset the auth forms after five minutes of inactivity
......
......@@ -11,31 +11,36 @@ configure = [
# Use the Pyramid XSRF header name
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token'
identityProvider.checkAuthorization = [
'session',
(session) ->
identityProvider.checkAuthentication = [
'$q', 'session',
($q, session) ->
(authCheck = $q.defer())
.promise.then do ->
session.load().$promise.then (data) ->
authCheck.resolve
certificate: data.csrf
userid: data.userid
]
identityProvider.forgetAuthorization = [
identityProvider.forgetAuthentication = [
'session',
(session) ->
session.logout({}).$promise
]
identityProvider.requestAuthorization = [
identityProvider.requestAuthentication = [
'$q', '$rootScope',
($q, $rootScope) ->
deferred = $q.defer()
$rootScope.$on 'session', (event, data) ->
deferred.resolve
if authCheck then authCheck.reject()
(authCheck = $q.defer())
.promise.finally do ->
$rootScope.$on 'auth', (event, err, data) ->
if err
authCheck.reject(err)
else
authCheck.resolve
certificate: data.csrf
userid: data.userid
deferred.promise
]
]
......
......@@ -200,7 +200,6 @@ class AppController
oncancel = ->
loggedInuser = null
reset()
onlogin = (assertion) ->
# Configure the Auth plugin with the issued assertion as refresh token.
......
......@@ -2,17 +2,20 @@
# @ngdoc provider
# @name identityProvider
# @property {function} checkAuthorization A function to check for a current
# authorization grant. It is expected to return the promise of a grant.
# @property {function} checkAuthentication A function to check for an
# authenticated user. It is expected to return the promise of an authorization
# grant if the user has authorized signing in to the requesting application.
# The function arguments are injected.
#
# @property {function} forgetAuthorization A function to forget the current
# authorization grant. It is expected to return the promise of a grant. If
# the user is successfully logged out the grant should be null or invalid.
# @property {function} forgetAuthentication A function to forget the current
# authentication. The return value, if any, will be resolved as a promise
# before the identity service fires logout callbacks. The identity provider
# should ensure any sessions are cleared. The function arguments are injected.
#
# @property {function} requestAuthorization A function to request that the
# the client begin authenticated the current user. It is expected to return the
# promise of an authorization grant once the user has authenticated and
# authorized signing in to the requesting application.
# @property {function} requestAuthentication A function to request that the
# the user begin authenticating. It is expected to return the promise of an
# authorization grant once the user has authenticated and authorized signing
# in to the requesting application. The function arguments are injected.
#
# @description
# The `identityProvider` is used to configure functions that fulfill
......@@ -28,16 +31,16 @@
# ``userid`` and ``certificate``.
###
identityProvider = ->
checkAuthorization: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#checkAuthorization.'
checkAuthentication: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#checkAuthentication.'
]
forgetAuthorization: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#forgetAuthorization.'
forgetAuthentication: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#forgetAuthentication.'
]
requestAuthorization: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#requestAuthorization.'
requestAuthentication: ['$q', ($q) ->
$q.reject 'Not implemented idenityProvider#requestAuthentication.'
]
###*
......@@ -59,6 +62,7 @@ identityProvider = ->
onlogin = null
onlogout = null
onmatch = null
onready = null
invokeCallbacks = (grant={}) ->
{userid, certificate} = grant
......@@ -97,8 +101,8 @@ identityProvider = ->
# https://developer.mozilla.org/en-US/docs/Web/API/navigator.id.logout
###
logout: ->
result = $injector.invoke(provider.forgetAuthorization, provider)
$q.when(result).finally(-> onlogout?())
result = $injector.invoke(provider.forgetAuthentication, provider)
$q.when(result).finally(invokeCallbacks)
###*
# @ngdoc method
......@@ -108,7 +112,7 @@ identityProvider = ->
###
request: (options={}) ->
{oncancel} = options
result = $injector.invoke(provider.requestAuthorization, provider)
result = $injector.invoke(provider.requestAuthentication, provider)
$q.when(result).then(invokeCallbacks, oncancel)
###*
......@@ -118,9 +122,9 @@ identityProvider = ->
# https://developer.mozilla.org/en-US/docs/Web/API/navigator.id.watch
###
watch: (options) ->
{loggedInUser, onlogin, onlogout, onmatch} = options
result = $injector.invoke(provider.checkAuthorization, provider)
result.then(invokeCallbacks)
{loggedInUser, onlogin, onlogout, onmatch, onready} = options
result = $injector.invoke(provider.checkAuthentication, provider)
$q.when(result).then(invokeCallbacks, null, onready)
]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment