ID-1113, ID-1115 Separate Logout Code and Redirect on Logout #4726
Conversation
tlangs
changed the title
src/auth/auth-events/signout.test.ts
Outdated
| const consoleErrorFn = jest.fn(); | ||
| jest.spyOn(console, 'error').mockImplementation(consoleErrorFn); |
There was a problem hiding this comment.
jest.spyOn creates and returns a mock, so there's no need to mock it's implementation with a second mock.
Instead, it could be
jest.spyOn(console, 'error').mockImplementation(() => {});
...
expect(console.error).toHaveBeenCalledWith(...);or
const consoleErrorFn = jest.spyOn(console, 'error').mockImplementation(() => {});
...
expect(consoleErrorFn).toHaveBeenCalledWith(...);There was a problem hiding this comment.
Ok, I'll admit it. Copilot wrote this one 😅
src/auth/auth-events/signout.ts
Outdated
|
|
||
| export const signOut = (cause: SignOutCause = 'unspecified'): void => { | ||
| // TODO: invalidate runtime cookies https://broadworkbench.atlassian.net/browse/IA-3498 | ||
| sendSignOutMetrics(cause); |
There was a problem hiding this comment.
As long as we're here, since this has caused problems before, would it be worth adding a comment that sendSignOutMetrics should not be awaited, since it will fail if the sign out is due to session expiration?
src/pages/Disabled.tsx
Outdated
| import React from 'react'; | ||
| import { signOut } from 'src/auth/auth-events/signout'; | ||
|
|
||
| export const Disabled: React.FC = () => { |
There was a problem hiding this comment.
Nit: convention
| export const Disabled: React.FC = () => { | |
| export const Disabled = (): ReactNode => { |
src/auth/Logout.tsx
Outdated
| export const Logout = () => { | ||
| try { | ||
| userSignedOut(); | ||
| } catch (e) { | ||
| console.error(e); | ||
| } | ||
| Nav.goToPath('root'); | ||
| return <div />; |
There was a problem hiding this comment.
Side effects should go in effect hooks. Also, since we're only interested in the side effect, this doesn't need to render an element.
| export const Logout = () => { | |
| try { | |
| userSignedOut(); | |
| } catch (e) { | |
| console.error(e); | |
| } | |
| Nav.goToPath('root'); | |
| return <div />; | |
| export const Logout = (): ReactNode => { | |
| useEffect(() => { | |
| try { | |
| userSignedOut(); | |
| } catch (e) { | |
| console.error(e); | |
| } | |
| Nav.goToPath('root'); | |
| }, []); | |
| return null; |
|
Now that Orch is deployed to dev, I pointed my local branch to Dev. It works! |
|
I'll wait for Orch to go to prod tomorrow before merging this. |
src/auth/signout/sign-out.ts
Outdated
| authStore.update((state) => ({ | ||
| ...state, | ||
| signInStatus: 'signedOut', | ||
| // TODO: If allowed, this should be moved to the cookie store |
There was a problem hiding this comment.
Should we create a ticket for this?
There was a problem hiding this comment.
Ticket created! https://broadworkbench.atlassian.net/browse/ID-1172
|
I thought we needed to pass in the policy as a query param, like the token endpoint does: terra-ui/src/auth/oidc-broker.ts Line 82 in 95d7fab |
|
@samanehsan That policy is specific for billing. We need some additional scopes to get GCP Billing info, so we make them sign in again with a different policy. Its unused to normal sign-in/sign-out. Orchestration inserts the policy when it returns a redirect to Terra-UI, so for sign-in/sign-out, the UI doesn't need to do anything. |
|
Jira Ticket: https://broadworkbench.atlassian.net/browse/ID-1114
Summary of changes:
Pulling logout code out of
auth.tsand into its own file. This allows for much easier testing, as we don't have to manage all the subscriptions defined inauth.ts.Splitting
signOutinto two functions is the start of a change where we hit B2C during sign out. Before we hit B2C, we might have a valid token. Afterwards, the token will be invalid.signOutnow also redirects to the B2Cend_session_endpoint(well, actually Orch's newlogoutendpoint), which clears server-side HTTP Only cookies. The user is then redirected back to Terra UI at/#logout, where post-logout code is executed.I was able to completely unit test this functionality!
What
signOutcode and unit test it. Get code ready for calling out to B2C on logout.Why
HTTP-onlycookies that have caused users to be unable to log in.Testing strategy