No state loss when re-authenticating

Description

Currently, when a user's authentication token expires they loose the state of the application because they are internally re-directed and have their cookies destroyed.

To prevent this, the OpenLMIS-UI application should catch all 401 errors that are returned from the OpenLMIS Server. When this happens, OpenLMIS-UI will open the login screen as a modal window — allowing the user to re-authenticate.

When a user successfully re-authenticates, the HTTP calls that received a 401 error should be retried.

[Angular-http-auth](https://github.com/witoldsz/angular-http-auth) is a library that can implement catching 401 errors and buffering/retrying the failed requests.

The login modal will need to be moved into a bootbox modal.

Acceptance Criteria

Can open deep linked page
(a) Login to OpenLMIS
(b) Navigate to a specific requisition
(c) Copy and paste the URL into another browser
(d) Authenticate in new browser
(e) View same requisition in another browser
Can reauthenticate user to complete a request
(a) Login to OpenLMIS
(b) Open a requisition that is 'submitted'
(c) Invalidate the user's token (see below)
(d) Attempt to authorize the requisition
(e) View login modal, and login (again)
(f) When requests complete, user should see requisition page, with the requisition's state set to 'Authorized'

How to invalidate the user's token

Reset and restart OpenLMIS-Blue server
Delete 'access_token' from the browser's local storage cache

Attachments

09 Dec 2016, 11:34 AM
09 Dec 2016, 11:34 AM
09 Dec 2016, 11:33 AM
09 Dec 2016, 10:52 AM
09 Dec 2016, 10:51 AM
09 Dec 2016, 10:50 AM
09 Dec 2016, 10:50 AM
01 Dec 2016, 07:29 PM

Confluence content

mentioned on

https://openlmis.atlassian.net/wiki/spaces/OP/pages/94339476/Backlog+Grooming+Sprint+14

QAlity Plus - Test Management

Checklists

Activity

Paulina Borowa
December 13, 2016 at 12:45 PM
(edited)

All works.
More information in test case:
https://openlmis.atlassian.net/wiki/x/TIAjBg

Paweł Albecki
December 9, 2016 at 2:44 PM

logging in is working, just modal does not close. If we are on that auth page we don't close modal before we emit different event. This is side effect of complete eliminate reapetable code during review. here is the thing https://github.com/OpenLMIS/openlmis-requisition-refUI/blob/master/src/main/webapp/public/auth/login.service.js#L76

Paweł Gesek
December 9, 2016 at 2:25 PM

I would image this is fairly rare. I wouldn't have that much problem with the double screen in this case, but why does logging in not work when this happens? Seems like indicative of some state transition issue.

Paulina Borowa
December 9, 2016 at 2:18 PM

It's weird but it's possible! eg if someone has set this page as the start page and wanted to go fast to a site with some requisition from the other browser.

Paweł Albecki
December 9, 2016 at 2:03 PM

@Paweł Gesek @Paulina Borowa It's weird deleting url when we are in login page and pasting url before we log in. In current implementation I don't see other way than just block doing that before log in (if we are currently in web app). We are in some state (auth) and as far as I know we can't just leave it and restart our app in browser. When we log in by auth state there are different events and functions called than log in by any other page via modal, that's why modal not hide and we are not redirected to wanted url in situation described above.

Resize issue view side panel

Done

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Paweł Gesek

Reporter

Nick Reid(Deactivated)

Story Points

Original estimate

1w 3d

Time tracking

1w 3d 7h logged

Components

Sprint

None

Fix versions

3.0

Priority

Major

Parent

OLMIS-38 Reference Web User Interface

Time Assistant

Created October 7, 2016 at 8:57 PM

Updated January 20, 2017 at 12:17 PM

Resolved December 13, 2016 at 12:45 PM