Reconfigure unsuccessful login attempt to purge user session

Delete X-Miq-Group header when purging session
ManageIQ · Oct 6, 2017 · f1e54f6 · f1e54f6
1 parent 64b072a
commit f1e54f6
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 43 deletions.
diff --git a/client/app/core/session.service.js b/client/app/core/session.service.js
@@ -55,6 +55,7 @@ export function SessionFactory ($http, $q, $sessionStorage, $cookies, RBAC, Poll
     model.token = null
     model.user = {}
     destroyWsToken()
+    delete $http.defaults.headers.common['X-Miq-Group']
     delete $http.defaults.headers.common['X-Auth-Token']
     delete $sessionStorage.miqGroup
     delete $sessionStorage.selectedMiqGroup

diff --git a/client/app/states/login/login.state.js b/client/app/states/login/login.state.js
@@ -22,19 +22,20 @@ function getStates () {
 }
 
 /** @ngInject */
-function StateController (exception, $state, Text, RBAC, API_LOGIN, API_PASSWORD, AuthenticationApi,
-                         Session, $rootScope, Notifications, Language, ApplianceInfo, $window) {
-  var vm = this
+function StateController (exception, $state, Text, RBAC, API_LOGIN, API_PASSWORD, AuthenticationApi, Session,
+                          $rootScope, Notifications, Language, ApplianceInfo, $window) {
+  const vm = this
 
   vm.text = Text.login
-
   vm.credentials = {
     login: API_LOGIN,
     password: API_PASSWORD
   }
+  vm.onSubmit = onSubmit
 
   if ($window.location.href.includes('?timeout')) {
     Notifications.message('danger', '', __('Your session has timed out.'), true)
+    Session.destroy()
   }
 
   if ($window.location.href.includes('?pause')) {
@@ -45,34 +46,37 @@ function StateController (exception, $state, Text, RBAC, API_LOGIN, API_PASSWORD
 
   if (Session.privilegesError) {
     Notifications.error(__('User does not have privileges to login.'))
+    Session.destroy()
   }
 
-  vm.onSubmit = onSubmit
-
   function onSubmit () {
     Session.timeoutNotified = false
     Session.privilegesError = false
 
     return AuthenticationApi.login(vm.credentials.login, vm.credentials.password)
-      .then(Session.loadUser)
-      .then(Session.requestWsToken)
-      .then(function (response) {
-        if (angular.isDefined(response)) {
-          Language.onLogin(response)
-          ApplianceInfo.set(response)
-          RBAC.setRole(response.identity.role)
-        }
+    .then(Session.loadUser)
+    .then(Session.requestWsToken)
+    .then((response) => {
+      if (angular.isDefined(response)) {
+        Language.onLogin(response)
+        ApplianceInfo.set(response)
+        RBAC.setRole(response.identity.role)
+      }
 
-        if (RBAC.navigationEnabled()) {
-          if (angular.isDefined($rootScope.notifications) && $rootScope.notifications.data.length > 0) {
-            $rootScope.notifications.data.splice(0, $rootScope.notifications.data.length)
-          }
-          $window.location.href = $state.href('dashboard')
-        } else {
-          Session.privilegesError = true
-          Notifications.error(__('You do not have permission to view the Service UI. Contact your administrator to update your group permissions.'))
+      if (RBAC.navigationEnabled()) {
+        if (angular.isDefined($rootScope.notifications) && $rootScope.notifications.data.length > 0) {
+          $rootScope.notifications.data.splice(0, $rootScope.notifications.data.length)
         }
-      })
-      .catch(exception.catch('Login failed, possibly invalid credentials.'))
+        $window.location.href = $state.href('dashboard')
+      } else {
+        Session.privilegesError = true
+        Notifications.error(__('You do not have permission to view the Service UI. Contact your administrator to update your group permissions.'))
+        Session.destroy()
+      }
+    })
+    .catch(() => {
+      exception.catch('Login failed, possibly invalid credentials.')
+      Session.destroy()
+    })
   }
 }
diff --git a/client/app/states/login/login.state.spec.js b/client/app/states/login/login.state.spec.js
@@ -1,29 +1,32 @@
 describe('State: login', () => {
+  let failureNotificationSpy
   beforeEach(() => {
-    module('app.states');
-  });
+    module('app.states')
 
-  describe('controller', () => {
-    let ctrl;
+  })
 
+  describe('controller', () => {
+    let ctrl
     beforeEach(() => {
-      bard.inject('$controller', '$state', '$stateParams', 'Session', '$window', 'API_LOGIN', 'API_PASSWORD');
-
-      ctrl = $controller($state.get('login').controller, {
-        Session: {
-          privilegesError: true
-        }
-      });
-    });
+      bard.inject('$controller', '$state', '$stateParams', 'Session', '$window', 'API_LOGIN', 'API_PASSWORD', 'EventNotifications')
+      failureNotificationSpy = sinon.spy(EventNotifications, 'error')
+      ctrl = $controller($state.get('login').controller, {})
+    })
 
     describe('controller initialization', () => {
       it('is created successfully', () => {
-        expect(ctrl).to.be.defined;
-      });
+        expect(ctrl).to.be.defined
+      })
 
       it('sets app brand', () => {
-        expect(ctrl.text.brand).to.equal('<strong>ManageIQ</strong> Service UI');
-      });
-    });
-  });
-});
+        expect(ctrl.text.brand).to.equal('<strong>ManageIQ</strong> Service UI')
+      })
+
+      it('sets session timeoutNotified and privilegesError', () => {
+        ctrl.onSubmit()
+        expect(Session.timeoutNotified).to.be.false
+        expect(Session.privilegesError).to.be.false
+      })
+    })
+  })
+})