Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-4437

TODO: JavaScript auth: running a second (and invalid) login returns the login response from the first (valid) login

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 1.0.0
    • Fix Version/s: None
    • Component/s: examples
    • Labels:
      None

      Description

      If you do a login with the correct user/passwd and afterwards issue a wrong login (with wrong user/passwd), you get the 'response' from the first (valid) login, since the Cookie value from the previous response (set-cookie header) is used.

      Here is a little test script. You can execute that in the Chrome console against our todoauth app on openshift:

      // create a new auth module:
      var restyAuth = AeroGear.Auth({name: "auty",settings: {agAuth: true,baseURL: "/todo-server/", endpoints : {enroll: "auth/enroll"}}}).modules.auty;
      
      // prepare some JSON for the user/password
      var data = {username: "john", password: "123"};
      
      // do the login, and see a 'JO!!!!!' on the console (-> hopefully)
      restyAuth.login( JSON.stringify( data ), {
          contentType: "application/json",
          dataType: "json",
          success: function( data ) {
              console.log("JO!!!!!");
          }
      })
      
      // Ah, we got the success callback!
      
      
      // NOTE the response from the above got a 'Set-Cookie' header
      
      
      // now let' make up some user name ..... :
      data = {username: "johnnnnyyyyyysdsadsd", password: "johnnnnyyyyyysdsadsd"};
      
      
      // run the login again, with the WRONG user data
      restyAuth.login( JSON.stringify( data ), {
          contentType: "application/json",
          dataType: "json",
          success: function( data ) {
              console.log("JO!!!!!");
          }
      })
      

      The cookie value form the FIRST response is sent to the server when doing the second (invalid) login. There for we see the invocation of the 'success' callback on the second logon as well. Also the received response (on the second login) is the same that we got from the first:

      "{"username":"john","roles":["admin"],"logged":"true"}". 
      

      Because the Cookie from the initial john/123 login was used...

        Attachments

          Activity

            People

            Assignee:
            lholmqui@redhat.com Luke Holmquist
            Reporter:
            mwessend@redhat.com Matthias Wessendorf
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: