Added test for missing authentication token (#5450)

### Motivation and context  Related #5331 Added test, changed fix because of temporary solutions in #5344 ### How has this been tested?  ### Checklist  - [ ] I submit my changes into the `develop` branch - [ ] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file - [ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly - [ ] I have added tests to cover my changes - [ ] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [ ] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning)) ### License - [ ] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. --------- Co-authored-by: Maya <maya17grd@gmail.com>
cvat-ai · Feb 17, 2023 · 55c613a · 55c613a
1 parent ba97625
commit 55c613a
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 40 deletions.
diff --git a/cvat-core/src/server-proxy.ts b/cvat-core/src/server-proxy.ts
@@ -42,11 +42,6 @@ function configureStorage(storage: Storage, useDefaultLocation = false): Partial
     };
 }
 
-function removeToken() {
-    Axios.defaults.headers.common.Authorization = '';
-    store.remove('token');
-}
-
 function waitFor(frequencyHz, predicate) {
     return new Promise<void>((resolve, reject) => {
         if (typeof predicate !== 'function') {
@@ -236,6 +231,27 @@ if (token) {
     Axios.defaults.headers.common.Authorization = `Token ${token}`;
 }
 
+function setAuthData(response) {
+    if (response.headers['set-cookie']) {
+        // Browser itself setup cookie and header is none
+        // In NodeJS we need do it manually
+        const cookies = response.headers['set-cookie'].join(';');
+        Axios.defaults.headers.common.Cookie = cookies;
+    }
+
+    if (response.data.key) {
+        token = response.data.key;
+        store.set('token', token);
+        Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    }
+}
+
+function removeAuthData() {
+    Axios.defaults.headers.common.Authorization = '';
+    store.remove('token');
+    token = null;
+}
+
 async function about() {
     const { backendAPI } = config;
 
@@ -334,6 +350,7 @@ async function register(username, firstName, lastName, email, password, confirma
                 'Content-Type': 'application/json',
             },
         });
+        setAuthData(response);
     } catch (errorData) {
         throw generateError(errorData);
     }
@@ -349,7 +366,7 @@ async function login(credential, password) {
         .join('&')
         .replace(/%20/g, '+');
 
-    removeToken();
+    removeAuthData();
     let authenticationResponse = null;
     try {
         authenticationResponse = await Axios.post(`${config.backendAPI}/auth/login`, authenticationData, {
@@ -359,16 +376,7 @@ async function login(credential, password) {
         throw generateError(errorData);
     }
 
-    if (authenticationResponse.headers['set-cookie']) {
-        // Browser itself setup cookie and header is none
-        // In NodeJS we need do it manually
-        const cookies = authenticationResponse.headers['set-cookie'].join(';');
-        Axios.defaults.headers.common.Cookie = cookies;
-    }
-
-    token = authenticationResponse.data.key;
-    store.set('token', token);
-    Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    setAuthData(authenticationResponse);
 }
 
 async function loginWithSocialAccount(
@@ -378,7 +386,7 @@ async function loginWithSocialAccount(
     process?: string,
     scope?: string,
 ) {
-    removeToken();
+    removeAuthData();
     const data = {
         code,
         ...(process ? { process } : {}),
@@ -395,17 +403,15 @@ async function loginWithSocialAccount(
         throw generateError(errorData);
     }
 
-    token = authenticationResponse.data.key;
-    store.set('token', token);
-    Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    setAuthData(authenticationResponse);
 }
 
 async function logout() {
     try {
         await Axios.post(`${config.backendAPI}/auth/logout`, {
             proxy: config.proxy,
         });
-        removeToken();
+        removeAuthData();
     } catch (errorData) {
         throw generateError(errorData);
     }
@@ -481,13 +487,16 @@ async function getSelf() {
 
 async function authorized() {
     try {
+        // In CVAT app we use two types of authentication
+        // At first we check if authentication token is present
+        // Request in getSelf will provide correct authentication cookies
+        if (!store.get('token')) {
+            removeAuthData();
+            return false;
+        }
         await getSelf();
     } catch (serverError) {
         if (serverError.code === 401) {
-            // In CVAT app we use two types of authentication,
-            // So here we are forcing user have both credential types
-            // First request will fail if session is expired, then we check
-            // for precense of token
             await logout();
             return false;
         }

diff --git a/tests/cypress/e2e/actions_objects2/case_15_group_features.js b/tests/cypress/e2e/actions_objects2/case_15_group_features.js
@@ -1,5 +1,5 @@
 // Copyright (C) 2020-2022 Intel Corporation
-// Copyright (C) 2022 CVAT.ai Corporation
+// Copyright (C) 2022-2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -61,18 +61,9 @@ context('Group features', () => {
     const trackSidebarItemArray = ['#cvat-objects-sidebar-state-item-3', '#cvat-objects-sidebar-state-item-4'];
 
     before(() => {
-        cy.clearLocalStorageSnapshot();
         cy.openTaskJob(taskName);
     });
 
-    beforeEach(() => {
-        cy.restoreLocalStorage();
-    });
-
-    afterEach(() => {
-        cy.saveLocalStorage();
-    });
-
     function testGroupObjects(objectsArray, cancelGrouping) {
         cy.get('.cvat-group-control').click();
         for (const shapeToGroup of objectsArray) {

diff --git a/tests/cypress/e2e/actions_organizations/case_113_new_organization_pipeline.js b/tests/cypress/e2e/actions_organizations/case_113_new_organization_pipeline.js
@@ -1,4 +1,5 @@
 // Copyright (C) 2022 Intel Corporation
+// Copyright (C) 2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -114,6 +115,10 @@ context('New organization pipeline.', () => {
         }
     });
 
+    beforeEach(() => {
+        cy.clearLocalStorage('currentOrganization');
+    });
+
     after(() => {
         cy.logout(thirdUserName);
         cy.getAuthKey().then((authKey) => {

diff --git a/tests/cypress/e2e/actions_users/issue_1810_login_logout.js b/tests/cypress/e2e/actions_users/issue_1810_login_logout.js
@@ -1,5 +1,5 @@
 // Copyright (C) 2020-2022 Intel Corporation
-// Copyright (C) 2022 CVAT.ai Corporation
+// Copyright (C) 2022-2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -18,7 +18,6 @@ context('When clicking on the Logout button, get the user session closed.', () =
     }
 
     before(() => {
-        // TMP fix for login tests, need to change login logic with sessions
         cy.clearAllCookies();
         cy.clearAllLocalStorage();
         cy.visit('auth/login');

diff --git a/tests/cypress/e2e/issues_prs/pr_5331_missing_authentication_data.js b/tests/cypress/e2e/issues_prs/pr_5331_missing_authentication_data.js
@@ -0,0 +1,34 @@
+// Copyright (C) 2023 CVAT.ai Corporation
+//
+// SPDX-License-Identifier: MIT
+
+/// <reference types="cypress" />
+
+context('Check behavior in case of missing authentification data', () => {
+    const prId = '5331';
+
+    before(() => {
+        cy.visit('auth/login');
+    });
+
+    describe(`Testing pr "${prId}"`, () => {
+        it('Auto logout if authentication token is missing', () => {
+            cy.login();
+            cy.clearLocalStorage('token');
+            cy.reload();
+            cy.get('.cvat-login-form-wrapper').should('exist');
+        });
+
+        it('Cookies are set correctly if only token is present', () => {
+            cy.login();
+            cy.get('.cvat-tasks-page').should('exist');
+            cy.clearCookies();
+            cy.getCookies()
+                .should('have.length', 0)
+                .then(() => {
+                    cy.reload();
+                    cy.get('.cvat-tasks-page').should('exist');
+                });
+        });
+    });
+});
diff --git a/tests/cypress/support/commands.js b/tests/cypress/support/commands.js
@@ -41,9 +41,6 @@ Cypress.Commands.add('logout', (username = Cypress.env('user')) => {
     cy.visit('/auth/login');
     cy.url().should('not.include', '?next=');
     cy.contains('Sign in').should('exist');
-    // TMP fix for multi-user tests, need to change login logic with sessions
-    cy.clearAllCookies();
-    cy.clearAllLocalStorage();
 });
 
 Cypress.Commands.add('userRegistration', (firstName, lastName, userName, emailAddr, password) => {