clean up oidc client integration (relates to #1)

d41023b5 · jackie / Andrea Ida Malkah Klaura · 37cac932 · 37cac932 · 37cac932 · d41023b5
Commit d41023b5 authored 4 years ago by jackie / Andrea Ida Malkah Klaura
--- a/public/oidc-client.js
+++ b/public/oidc-client.js
--- a/public/oidc_callback_popupRenew.html
+++ b/public/oidc_callback_popupRenew.html
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta charset="UTF-8">
-  <title>Waiting...</title>
-</head>
-
-<body>
-  <script src="js/oidc-client.min.js"></script>
-  <script>
-    var mgr = new Oidc.UserManager()
-    mgr.signinPopupCallback()
-  </script>
-</body>
-
-</html>
--- a/src/store/modules/auth.js
+++ b/src/store/modules/auth.js
@@ -5,11 +5,9 @@ import handleApiError from '../handleApiError'
 const oidcmgr = new oidc.UserManager({
  userStore: new oidc.WebStorageStateStore(),
  authority: process.env.VUE_APP_API_STEERING_OIDC_URI,
-  // the client id has to be a string, therefore we add the + ''
  client_id: process.env.VUE_APP_OIDC_CLIENT_ID,
  redirect_uri: process.env.VUE_APP_API_STEERING_OIDC_REDIRECT_URI,
-  silent_redirect_uri: 'http://localhost:8080/oidc_callback_silentRenew.html',
-  popup_redirect_uri: 'http://localhost:8080/oidc_callback_popupRenew.html',
+  silent_redirect_uri: process.env.VUE_APP_API_STEERING_OIDC_REDIRECT_URI_SILENT,
  accessTokenExpiringNotificationTime: process.env.VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION,
  response_type: 'id_token token',
  scope: 'openid profile email username aura_shows',
@@ -127,12 +125,14 @@ const actions = {
    oidcmgr.events.addAccessTokenExpiring(() => {
      this.$log.debug('Starting silent access_token renewal')
      oidcmgr.signinSilent().then(user => {
+        this.$log.debug('Renewed access token:', user.access_token)
        ctx.commit('setAccessToken', user.access_token)
-        this.$log.debug('Access token:', ctx.state.user.access_token)
      }).catch(err => {
        this.$log.error(err)
        alert('Your OpenID access token could not be renewed automatically.\n' +
-          'You will be logged out in ' + process.env.VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION + ' seconds.')
+          'You will be logged out in ' +
+          process.env.VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION +
+          ' seconds.\nFor details check the console.')
      })
    })

@@ -145,33 +145,42 @@ const actions = {
      if (user == null) {
        ctx.commit('clearUserProperties')
      } else {
-        // TODO: check user.expires_at
-        // if token already expired try to get a new one or mark the user as logged out
-        ctx.commit('setUserProperties', user)
-        ctx.dispatch('fetchSteeringUser')
-        // TODO: remove debug info after thorough testing
-        this.$log.debug(new Date(user.expires_at * 1000).toString())
-        this.$log.debug(new Date(user.expires_at * 1000).toUTCString())
-        this.$log.debug(user.access_token)
-
-        let uri = process.env.VUE_APP_TANK + 'auth/session'
-        let payload = {
-          backend: "oidc",
-          arguments: {
-            access_token: user.access_token,
-            token_type: "Bearer"
-          }
+        let expiry = new Date(user.expires_at * 1000)
+        // if token we have a token but it has already expired, log out the user
+        if (expiry <= new Date()) {
+          this.$log.debug('Token has already expired:', expiry.toString())
+          this.$log.debug('Logging out the user locally')
+          ctx.dispatch('signoutRedirect')
        }
-        axios.post(uri, payload , {
-          headers: {
-            'Authorization': 'Bearer ' + user.access_token,
+        // only if the token is still valid we use the existing user info
+        // and establish a session with tank
+        else {
+          ctx.commit('setUserProperties', user)
+          ctx.dispatch('fetchSteeringUser')
+          // TODO: remove debug info after thorough testing
+          this.$log.debug('Token will expire at:', expiry.toString())
+          this.$log.debug('Access token', user.access_token)
+
+          // now that we have a valid token, we can create a session with tank
+          let uri = process.env.VUE_APP_TANK + 'auth/session'
+          let payload = {
+            backend: "oidc",
+            arguments: {
+              access_token: user.access_token,
+              token_type: "Bearer"
+            }
          }
-        }).then(response => {
-          this.$log.debug('tank session token:', response.data.token)
-          ctx.commit('setTankToken', response.data.token)
-        }).catch(error => {
-          handleApiError(this, error, 'could not get a session with tank')
-        })
+          axios.post(uri, payload , {
+            headers: {
+              'Authorization': 'Bearer ' + user.access_token,
+            }
+          }).then(response => {
+            this.$log.debug('tank session token:', response.data.token)
+            ctx.commit('setTankToken', response.data.token)
+          }).catch(error => {
+            handleApiError(this, error, 'could not get a session with tank')
+          })
+        }
      }
    }).catch(err => {
      this.$log.debug(err)