-
Robert Knight authored
In order to make API requests, the client needs to fetch a JWT token and then configure 'angular-jwt' to provide it on subsequent HTTP requests to API endpoints. This fairly simple task was complicated by the inclusion of an emulation of the deprecated Mozilla IdentityManager API - see https://developer.mozilla.org/en-US/docs/Web/API/IdentityManager This commit replaces the identity module with a much simpler implementation that only does what we actually need at present: 1. Enable the 'angular-jwt' interceptor which adds 'Authorization: Bearer <Token>' headers to API HTTP requests. 2. Provide the JWT interceptor with a function which fetches JWT tokens and caches them. The new implementation fixes two bugs in the previous implementation: 1. Cached API tokens were not invalidated properly when signing out (#3083). (In the old code, 'authPromise' was set to a rejected promise after signing out, but 'checkAuthentication()' checked for 'authPromise' being _null_ when deciding whether to retrieve a new token. Consequently API requests made immediately after signing in could end up being unauthenticated). 2. The value of $scope.auth.username and session.state.userid could get out of sync (#2924). In the new implementation, $scope.auth.username is always updated whenever the USER_CHANGED event is emitted and that event is always emitted when session.state.userid changes. Fixes #3083 Fixes #2924
e5af8365
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
static | ||
templates/client |