[IA-4620] invalidate cookies on sign out (#4494)

Co-authored-by: jdcanas <jcanas@broadinstitute.com>

src/auth/auth.ts

@@ -12,6 +12,7 @@ import {
   OidcUser,
   revokeTokens,
 } from 'src/auth/oidc-broker';
+import { cookieProvider } from 'src/components/CookieProvider';
 import { cookiesAcceptedKey } from 'src/components/CookieWarning';
 import { Ajax } from 'src/libs/ajax';
 import { fetchOk } from 'src/libs/ajax/ajax-common';
@@ -27,9 +28,7 @@ import {
   asyncImportJobStore,
   AuthState,
   authStore,
-  azureCookieReadyStore,
   azurePreviewStore,
-  cookieReadyStore,
   getTerraUser,
   MetricState,
   metricStore,
@@ -101,18 +100,17 @@ export const sendAuthTokenDesyncMetric = () => {
   Ajax().Metrics.captureEvent(Events.user.authToken.desync, {});
 };
 
-export const signOut = (cause: SignOutCause = 'unspecified'): void => {
+export const signOut = async (cause: SignOutCause = 'unspecified') => {
   sendSignOutMetrics(cause);
   if (cause === 'expiredRefreshToken' || cause === 'errorRefreshingAuthToken') {
     notify('info', sessionTimedOutErrorMessage, sessionTimeoutProps);
   }
-  // TODO: invalidate runtime cookies https://broadworkbench.atlassian.net/browse/IA-3498
-  cookieReadyStore.reset();
-  azureCookieReadyStore.reset();
-  getSessionStorage().clear();
+
   azurePreviewStore.set(false);
 
-  revokeTokens();
+  await cookieProvider.invalidateCookies();
+  getSessionStorage().clear();
+  await revokeTokens();
 
   const { cookiesAccepted } = authStore.get();
 

src/components/CookieProvider.test.ts

@@ -0,0 +1,44 @@
+import { cookieProvider } from 'src/components/CookieProvider';
+import { Ajax } from 'src/libs/ajax';
+import { RuntimesAjaxContract } from 'src/libs/ajax/leonardo/Runtimes';
+import { asMockedFn } from 'src/testing/test-utils';
+
+jest.mock('src/libs/ajax');
+
+/**
+ * local test utility - mocks the Ajax super-object and the subset of needed multi-contracts it
+ * returns with as much type-safety as possible.
+ *
+ * @return collection of key contract sub-objects for easy
+ * mock overrides and/or method spying/assertions
+ */
+type AjaxContract = ReturnType<typeof Ajax>;
+type RuntimesNeeds = Pick<RuntimesAjaxContract, 'invalidateCookie'>;
+interface AjaxMockNeeds {
+  Runtimes: RuntimesNeeds;
+}
+
+const mockAjaxNeeds = (): AjaxMockNeeds => {
+  const partialRuntimes: RuntimesNeeds = {
+    invalidateCookie: jest.fn(),
+  };
+  const mockRuntimes = partialRuntimes as RuntimesAjaxContract;
+
+  asMockedFn(Ajax).mockReturnValue({ Runtimes: mockRuntimes } as AjaxContract);
+
+  return {
+    Runtimes: partialRuntimes,
+  };
+};
+describe('CookieProvider', () => {
+  it('calls the leo endpoint on invalidateCookie', async () => {
+    const ajaxMock = mockAjaxNeeds();
+
+    // Act
+    await cookieProvider.invalidateCookies();
+
+    // Assert
+    expect(Ajax).toBeCalledTimes(1);
+    expect(ajaxMock.Runtimes.invalidateCookie).toBeCalledTimes(1);
+  });
+});

src/components/CookieProvider.ts

@@ -0,0 +1,18 @@
+import { Ajax } from 'src/libs/ajax';
+import { AbortOption } from 'src/libs/ajax/data-provider-common';
+import { azureCookieReadyStore, cookieReadyStore } from 'src/libs/state';
+
+export interface CookieProvider {
+  invalidateCookies: (options?: AbortOption) => Promise<void>;
+}
+
+export const cookieProvider: CookieProvider = {
+  invalidateCookies: async (options: AbortOption = {}) => {
+    const { signal } = options;
+    // TODO: call azure invalidate cookie once endpoint exists, https://broadworkbench.atlassian.net/browse/IA-3498
+    await Ajax(signal).Runtimes.invalidateCookie();
+
+    cookieReadyStore.reset();
+    azureCookieReadyStore.reset();
+  },
+};

src/components/CookieWarning.js

@@ -3,13 +3,13 @@ import { useEffect, useRef, useState } from 'react';
 import { aside, div, h } from 'react-hyperscript-helpers';
 import { Transition } from 'react-transition-group';
 import { ButtonPrimary, ButtonSecondary, Link } from 'src/components/common';
-import { Ajax } from 'src/libs/ajax';
+import { cookieProvider } from 'src/components/CookieProvider';
 import { getEnabledBrand } from 'src/libs/brand-utils';
 import { getSessionStorage } from 'src/libs/browser-storage';
 import colors from 'src/libs/colors';
 import * as Nav from 'src/libs/nav';
 import { useCancellation, useStore } from 'src/libs/react-utils';
-import { authStore, azureCookieReadyStore, cookieReadyStore } from 'src/libs/state';
+import { authStore } from 'src/libs/state';
 
 export const cookiesAcceptedKey = 'cookiesAccepted';
 
@@ -22,10 +22,10 @@ const transitionStyle = {
 
 const CookieWarning = () => {
   const animTime = 0.3;
-  const signal = useCancellation();
   const [showWarning, setShowWarning] = useState(false);
   const { cookiesAccepted } = useStore(authStore);
   const timeout = useRef();
+  const signal = useCancellation();
   const brand = getEnabledBrand();
 
   const acceptCookies = (acceptedCookies) => {
@@ -45,23 +45,9 @@ const CookieWarning = () => {
   }, [cookiesAccepted]);
 
   const rejectCookies = async () => {
-    const cookies = document.cookie.split(';');
-    acceptCookies(false);
-    // TODO: call azure invalidate cookie once endpoint exists, https://broadworkbench.atlassian.net/browse/IA-3498
-    await Ajax(signal)
-      .Runtimes.invalidateCookie()
-      .catch(() => {});
-    // Expire all cookies
-    _.forEach((cookie) => {
-      // Find an equals sign and uses it to grab the substring of the cookie that is its name
-      const eqPos = cookie.indexOf('=');
-      const cookieName = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
-      document.cookie = `${cookieName}=;expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-    }, cookies);
-
-    cookieReadyStore.reset();
-    azureCookieReadyStore.reset();
+    await cookieProvider.invalidateCookies({ signal });
     getSessionStorage().clear();
+    acceptCookies(false);
   };
 
   return h(

src/libs/ajax/leonardo/Runtimes.ts

@@ -178,7 +178,7 @@ export const Runtimes = (signal: AbortSignal) => {
     },
 
     invalidateCookie: () => {
-      return fetchLeo('proxy/invalidateToken', _.merge(authOpts(), { signal }));
+      return fetchLeo('proxy/invalidateToken', _.merge(authOpts(), { signal, credentials: 'include' }));
     },
 
     setCookie: () => {