Remove auth => session dependency
Simplify the "auth" service and remove the dependency on the "session" service. This will make it possible to introduce a "store" => "session" dependency in future in order to support fetching the user's profile from the access token-authenticated /api/profile endpoint instead of the cookie-authenticated /app endpoint. The 'auth' service depended on 'session' for three things: - Being able to call `session.load()` in order to retrieve a CSRF token. This token is not needed for the `GET /api/token` endpoint following https://github.com/hypothesis/h/pull/4322 - Calling `session.logout()`. This is fixed by removing the `auth.logout()` endpoint and changing the caller to call `session.logout()` directly instead. `session.logout()` in turn calls `auth.clearCache()` to clear cached API tokens. - Determining the current user ID in order to invalidate the cached token when that changes. The logic to clear the cache has instead been moved to the session service. This commit also adds additional tests for session logout.
Showing
Please register or sign in to comment