[ZEPPELIN-1125] Application does not logout user when authcBasic and ./grunt serve is used

[prabhjyotsingh]

What is this PR for?

Creating this issue from this comment, Application does not logout user when authcBasic is used and process was running with grunt serve

What type of PR is it?

[Bug Fix]

What is the Jira issue?

• ZEPPELIN-1125

How should this be tested?

Run web-app as grunt serve and configure shiro auth to use authcBasic, and then try to logout.

Screenshots (if appropriate)

Questions:

• Does the licenses files need update? no
• Is there breaking changes for older versions? no
• Does this needs documentation? no

[prabhjyotsingh]

@corneadoug, have made a fix for #1071 (comment). Can you please review.

[corneadoug]

@prabhjyotsingh Thanks, I will test that

[r-kamath]

LGTM

[anthonycorbacho]

Any reason to change logout from POST to GET? I dont think its aligned with HTTP standard.

[corneadoug]

@prabhjyotsingh I got it fixed by only replacing the logout function in the front-end with:

$http.post(logoutURL)
    .error(function(response) {
      console.log('logout error %o', response);
    })
    .success(function(response) {
      $rootScope.userName = response.body.principal;
      $rootScope.ticket.principal = response.body.principal;
      $rootScope.ticket.ticket = response.body.ticket;
      $rootScope.ticket.roles = response.body.role;
      BootstrapDialog.show({
        message: 'Logout Success'
      });
      setTimeout(function() {
        window.location.replace('/');
      }, 1000);
    });

This could probably use some ngToast when error

[prabhjyotsingh]

@corneadoug I tried your approach, it didn't worked for me, rest other review comments are implemented.

[corneadoug]

@prabhjyotsingh Let me try again

[corneadoug]

@prabhjyotsingh You are calling $http.post twice instead of once.
Also, could you reverse the response message UNAUTHORIZED to OK, so that we can keep a success catch event when logout succeed?

I tried both Chrome and Firefox

[prabhjyotsingh]

Yes, basic-auth was not getting logout on first call, hence I had to call it twice.
Advantage of keeping UNAUTHORIZED is that we don't have to bother about $http.post's success, since just after that we are redirecting page to "/" where all the init variables will be re-set.

[prabhjyotsingh]

@corneadoug Shall I merge this, if it works for you ?

[corneadoug]

@prabhjyotsingh Basic Auth is getting logout after only one call.

Advantage of keeping UNAUTHORIZED is that we don't have to bother about $http.post's success, since just after that we are redirecting page to "/" where all the init variables will be re-set.

I don't see your point, you still have to handle an action after getting the message from the API, whether it is UNAUTHORIZED or OK.

If the API action is successful, it should be OK.

[prabhjyotsingh]

Basic Auth is getting logout after only one call.

Kind of strange it, doesn't work for me. Have attached gif's where in console, first I'm trying to call it once, then twice, and on calling it twice, it logout.

chrome-gif

firefox-gif

Also after making API return OK instead of UNAUTHORIZED, ./grunt serve stops working, guess this would be this reason.
http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication/233551#233551

[corneadoug]

@prabhjyotsingh I made a test PR with gif of Chrome, Firefox, Safari #1159

[prabhjyotsingh]

@corneadoug should we merge this, so that, grunt serve starts working, and tune this later ?

[corneadoug]

@prabhjyotsingh LGTM