1122- No state loss when re-authenticating

Owned by Paulina Borowa (Unlicensed)
Last updated: Dec 13, 2016
3 min read
Test Case #:1122

Test Case Name:No state loss when re-authenticating

System: OpenLMIS

Subsystem: blue

Test case designed by: Paulina Borowa

Design Date:08.12.2016

Short description

Currently, when a user's authentication token expires they loose the state of the application because they are internally re-directed and have their cookies destroyed.

To prevent this, the OpenLMIS-UI application should catch all 401 errors that are returned from the OpenLMIS Server. When this happens, OpenLMIS-UI will open the login screen as a modal window — allowing the user to re-authenticate.

When a user successfully re-authenticates, the HTTP calls that received a 401 error should be retried.

Angular-http-auth(https://github.com/witoldsz/angular-http-auth) is a library that can implement catching 401 errors and buffering/retrying the failed requests.

The login modal will need to be moved into a bootbox modal.

Acceptance Criteria

  • Can open deep linked page
    (a) Login to OpenLMIS
    (b) Navigate to a specific requisition
    (c) Copy and paste the URL into another browser
    (d) Authenticate in new browser
    (e) View same requisition in another browser
  • Can reauthenticate user to complete a request
    (a) Login to OpenLMIS
    (b) Open a requisition that is 'submitted'
    (c) Invalidate the user's token (see below)
    (d) Attempt to authorize the requisition
    (e) View login modal, and login (again)
    (f) When requests complete, user should see requisition page, with the requisition's state set to 'Authorized'

How to invalidate the user's token

  • Reset and restart OpenLMIS-Blue server
  • Delete 'access_token' from the browser's local storage cache

                                                                                                                                                   

Pre – conditions:

                                                                                                                                                                                                                                                       



Step

Action

Expected system response

Comment

1

 Login to OpenLMIS 

                                                                                                                            

                                                 

2

Navigate to a specific requisition

eg http://test.openlmis.org/public/#/requisition/6167e65c-6f56-4aeb-bff5-fdfe84e01a21/fullSupply

Chrome:


3

Copy and paste the URL into another browser


4

Authenticate in new browser = View same requisition in another browser

http://test.openlmis.org/public/#/requisition/6167e65c-6f56-4aeb-bff5-fdfe84e01a21/fullSupply

Firefox after login same view as in chrome:



5

Login to OpenLMIS



6

Open a requisition that is eg 'initiated'

7Invalidate the user's token
  • Reset and restart OpenLMIS-Blue server
  • Delete 'access_token' from the browser's local storage cache
8Attempt to submit the requisition

9View login modal, and login (again)

10When requests complete, user should see requisition page, with the requisition's state set to 'Authorized'appears success notification



OpenLMIS: the global initiative for powerful LMIS software