-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ID-1113, ID-1115 Separate Logout Code and Redirect on Logout #4726
Conversation
src/auth/auth-events/signout.test.ts
Outdated
const consoleErrorFn = jest.fn(); | ||
jest.spyOn(console, 'error').mockImplementation(consoleErrorFn); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jest.spyOn
creates and returns a mock, so there's no need to mock it's implementation with a second mock.
Instead, it could be
jest.spyOn(console, 'error').mockImplementation(() => {});
...
expect(console.error).toHaveBeenCalledWith(...);
or
const consoleErrorFn = jest.spyOn(console, 'error').mockImplementation(() => {});
...
expect(consoleErrorFn).toHaveBeenCalledWith(...);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I'll admit it. Copilot wrote this one 😅
src/auth/auth-events/signout.ts
Outdated
|
||
export const signOut = (cause: SignOutCause = 'unspecified'): void => { | ||
// TODO: invalidate runtime cookies https://broadworkbench.atlassian.net/browse/IA-3498 | ||
sendSignOutMetrics(cause); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as we're here, since this has caused problems before, would it be worth adding a comment that sendSignOutMetrics
should not be awaited, since it will fail if the sign out is due to session expiration?
src/pages/Disabled.tsx
Outdated
import React from 'react'; | ||
import { signOut } from 'src/auth/auth-events/signout'; | ||
|
||
export const Disabled: React.FC = () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: convention
export const Disabled: React.FC = () => { | |
export const Disabled = (): ReactNode => { |
src/auth/Logout.tsx
Outdated
export const Logout = () => { | ||
try { | ||
userSignedOut(); | ||
} catch (e) { | ||
console.error(e); | ||
} | ||
Nav.goToPath('root'); | ||
return <div />; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Side effects should go in effect hooks. Also, since we're only interested in the side effect, this doesn't need to render an element.
export const Logout = () => { | |
try { | |
userSignedOut(); | |
} catch (e) { | |
console.error(e); | |
} | |
Nav.goToPath('root'); | |
return <div />; | |
export const Logout = (): ReactNode => { | |
useEffect(() => { | |
try { | |
userSignedOut(); | |
} catch (e) { | |
console.error(e); | |
} | |
Nav.goToPath('root'); | |
}, []); | |
return null; |
Now that Orch is deployed to dev, I pointed my local branch to Dev. It works! |
I'll wait for Orch to go to prod tomorrow before merging this. |
src/auth/signout/sign-out.ts
Outdated
authStore.update((state) => ({ | ||
...state, | ||
signInStatus: 'signedOut', | ||
// TODO: If allowed, this should be moved to the cookie store |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we create a ticket for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ticket created! https://broadworkbench.atlassian.net/browse/ID-1172
I thought we needed to pass in the policy as a query param, like the token endpoint does: terra-ui/src/auth/oidc-broker.ts Line 82 in 95d7fab
|
@samanehsan That policy is specific for billing. We need some additional scopes to get GCP Billing info, so we make them sign in again with a different policy. Its unused to normal sign-in/sign-out. Orchestration inserts the policy when it returns a redirect to Terra-UI, so for sign-in/sign-out, the UI doesn't need to do anything. |
Quality Gate passedIssues Measures |
Jira Ticket: https://broadworkbench.atlassian.net/browse/ID-1114
Summary of changes:
Pulling logout code out of
auth.ts
and into its own file. This allows for much easier testing, as we don't have to manage all the subscriptions defined inauth.ts
.Splitting
signOut
into two functions is the start of a change where we hit B2C during sign out. Before we hit B2C, we might have a valid token. Afterwards, the token will be invalid.signOut
now also redirects to the B2Cend_session_endpoint
(well, actually Orch's newlogout
endpoint), which clears server-side HTTP Only cookies. The user is then redirected back to Terra UI at/#logout
, where post-logout code is executed.I was able to completely unit test this functionality!
What
signOut
code and unit test it. Get code ready for calling out to B2C on logout.Why
HTTP-only
cookies that have caused users to be unable to log in.Testing strategy