From 6e2758a61048703e8c4ee0621d3c1fcad968c371 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Thu, 5 Jun 2014 10:23:59 -0400 Subject: [PATCH] idle clients poll for auth expiration Signed-off-by: Bill Erickson --- Open-ILS/web/js/ui/default/staff/services/auth.js | 45 ++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/Open-ILS/web/js/ui/default/staff/services/auth.js b/Open-ILS/web/js/ui/default/staff/services/auth.js index b513a0cb85..75ae9ba3f8 100644 --- a/Open-ILS/web/js/ui/default/staff/services/auth.js +++ b/Open-ILS/web/js/ui/default/staff/services/auth.js @@ -6,7 +6,8 @@ angular.module('egCoreMod') .factory('egAuth', - ['$q','egNet','egHatch', function($q, egNet, egHatch) { + ['$q','$timeout','$rootScope','egNet','egHatch', +function($q , $timeout , $rootScope , egNet , egHatch) { var service = { // the currently active user (au) object @@ -19,6 +20,11 @@ angular.module('egCoreMod') return egHatch.getLocalItem('eg.auth.token'); }, + // authtime in seconds + authtime : function() { + return egHatch.getLocalItem('eg.auth.time'); + }, + // the currently active workstation name // For ws_ou or wsid(), see egAuth.user().ws_ou(), etc. workstation : function() { @@ -42,6 +48,7 @@ angular.module('egCoreMod') if (user && user.classname) { // authtoken test succeeded service._user = user; + service.poll(); if (user.wsid()) { // user previously logged in with a workstation. @@ -91,8 +98,11 @@ angular.module('egCoreMod') function(evt) { if (evt.textcode == 'SUCCESS') { service.ws = args.workstation; + service.poll(); egHatch.setLocalItem( 'eg.auth.token', evt.payload.authtoken); + egHatch.setLocalItem( + 'eg.auth.time', evt.payload.authtime); deferred.resolve(); } else { // note: the likely outcome here is a NO_SESION @@ -109,6 +119,38 @@ angular.module('egCoreMod') return deferred.promise; }; + /** + * Force-check the validity of the authtoken on occasion. + * This allows us to redirect an idle staff client back to the login + * page after the session times out. Otherwise, the UI would stay + * open with potentially sensitive data visible. + * TODO: What is the practical difference (for a browser) between + * checking auth validity and the ui.general.idle_timeout setting? + * Does that setting serve a purpose in a browser environment? + */ + service.poll = function() { + if (!service.authtime()) return; + + $timeout( + function() { + if (!service.authtime()) return; + egNet.request( + 'open-ils.auth', + 'open-ils.auth.session.retrieve', service.token()) + .then(function(user) { + if (user && user.classname) { // all good + service.poll(); + } else { + $rootScope.$broadcast('egAuthExpired') + } + }) + }, + // add a 5 second delay to give the token plenty of time + // to expire on the server. + service.authtime() * 1000 + 5000 + ); + } + service.logout = function() { if (service.token()) { egNet.request( @@ -116,6 +158,7 @@ angular.module('egCoreMod') 'open-ils.auth.session.delete', service.token()); // fire and forget egHatch.removeLocalItem('eg.auth.token'); + egHatch.removeLocalItem('eg.auth.time'); } service._user = null; }; -- 2.11.0