idle clients poll for auth expiration

Signed-off-by: Bill Erickson <berick@esilibrary.com>

diff --git a/Open-ILS/web/js/ui/default/staff/services/auth.js b/Open-ILS/web/js/ui/default/staff/services/auth.js
index b513a0c..75ae9ba 100644 (file)
--- a/Open-ILS/web/js/ui/default/staff/services/auth.js
+++ b/Open-ILS/web/js/ui/default/staff/services/auth.js
@@ -6,7 +6,8 @@
 angular.module('egCoreMod')
 
 .factory('egAuth', 
-    ['$q','egNet','egHatch', function($q, egNet, egHatch) {
+       ['$q','$timeout','$rootScope','egNet','egHatch', 
+function($q , $timeout , $rootScope , egNet , egHatch) {
 
     var service = {
         // the currently active user (au) object
@@ -19,6 +20,11 @@ angular.module('egCoreMod')
             return egHatch.getLocalItem('eg.auth.token');
         },
 
+        // authtime in seconds
+        authtime : function() {
+            return egHatch.getLocalItem('eg.auth.time');
+        },
+
         // the currently active workstation name
         // For ws_ou or wsid(), see egAuth.user().ws_ou(), etc.
         workstation : function() {
@@ -42,6 +48,7 @@ angular.module('egCoreMod')
                 if (user && user.classname) {
                     // authtoken test succeeded
                     service._user = user;
+                    service.poll();
                    
                     if (user.wsid()) {
                         // user previously logged in with a workstation. 
@@ -91,8 +98,11 @@ angular.module('egCoreMod')
                     function(evt) {
                         if (evt.textcode == 'SUCCESS') {
                             service.ws = args.workstation; 
+                            service.poll();
                             egHatch.setLocalItem(
                                 'eg.auth.token', evt.payload.authtoken);
+                            egHatch.setLocalItem(
+                                'eg.auth.time', evt.payload.authtime);
                             deferred.resolve();
                         } else {
                             // note: the likely outcome here is a NO_SESION
@@ -109,6 +119,38 @@ angular.module('egCoreMod')
         return deferred.promise;
     };
 
+    /**
+     * Force-check the validity of the authtoken on occasion. 
+     * This allows us to redirect an idle staff client back to the login
+     * page after the session times out.  Otherwise, the UI would stay
+     * open with potentially sensitive data visible.
+     * TODO: What is the practical difference (for a browser) between 
+     * checking auth validity and the ui.general.idle_timeout setting?
+     * Does that setting serve a purpose in a browser environment?
+     */
+    service.poll = function() {
+        if (!service.authtime()) return;
+
+        $timeout(
+            function() {
+                if (!service.authtime()) return;
+                egNet.request(                                                     
+                    'open-ils.auth',                                               
+                    'open-ils.auth.session.retrieve', service.token())   
+                .then(function(user) {
+                    if (user && user.classname) { // all good
+                        service.poll();
+                    } else {
+                        $rootScope.$broadcast('egAuthExpired') 
+                    }
+                })
+            },
+            // add a 5 second delay to give the token plenty of time
+            // to expire on the server.
+            service.authtime() * 1000 + 5000
+        );
+    }
+
     service.logout = function() {
         if (service.token()) {
             egNet.request(
@@ -116,6 +158,7 @@ angular.module('egCoreMod')
                 'open-ils.auth.session.delete', 
                 service.token()); // fire and forget
             egHatch.removeLocalItem('eg.auth.token');
+            egHatch.removeLocalItem('eg.auth.time');
         }
         service._user = null;
     };