diff --git a/public/apps/account/test/plugin.test.tsx b/public/apps/account/test/plugin.test.tsx index a792eea30..f3e7d4a76 100644 --- a/public/apps/account/test/plugin.test.tsx +++ b/public/apps/account/test/plugin.test.tsx @@ -13,15 +13,39 @@ * permissions and limitations under the License. */ +import { LOGIN_PAGE_URI } from '../../../../common'; import { interceptError } from '../../../utils/logout-utils'; import { setShouldShowTenantPopup } from '../../../utils/storage-utils'; -import { LOGIN_PAGE_URI } from '../../../../common'; jest.mock('../../../utils/storage-utils', () => ({ setShouldShowTenantPopup: jest.fn(), })); +interface LooseObject { + [key: string]: any; +} + +// Mock sessionStorage +const sessionStorageMock = (() => { + let store = {} as LooseObject; + return { + clear() { + store = {}; + }, + }; +})(); + +Object.defineProperty(window, 'sessionStorage', { value: sessionStorageMock }); + describe('Intercept error handler', () => { + beforeEach(() => { + jest.spyOn(window.sessionStorage, 'clear'); + }); + + afterEach(() => { + jest.restoreAllMocks(); + }); + const fakeError401 = { response: { status: 401, @@ -34,15 +58,28 @@ describe('Intercept error handler', () => { }, }; - it('Intercept error handler Should call setShouldShowTenantPopup on session timeout', () => { + it('Intercept error handler should call setShouldShowTenantPopup on session timeout', () => { const sessionTimeoutFn = interceptError(LOGIN_PAGE_URI, window); sessionTimeoutFn(fakeError401, null); expect(setShouldShowTenantPopup).toBeCalledTimes(1); + expect(sessionStorage.clear).toBeCalledTimes(1); + }); + + it('Intercept error handler should clear the session', () => { + const sessionTimeoutFn = interceptError(LOGIN_PAGE_URI, window); + sessionTimeoutFn(fakeError401, null); + expect(sessionStorage.clear).toBeCalledTimes(1); }); - it('Intercept error handler Should not call setShouldShowTenantPopup on session timeout', () => { + it('Intercept error handler should not call setShouldShowTenantPopup on session timeout', () => { const sessionTimeoutFn = interceptError(LOGIN_PAGE_URI, window); sessionTimeoutFn(fakeError400, null); expect(setShouldShowTenantPopup).toBeCalledTimes(0); }); + + it('Intercept error handler should not clear the session', () => { + const sessionTimeoutFn = interceptError(LOGIN_PAGE_URI, window); + sessionTimeoutFn(fakeError400, null); + expect(sessionStorage.clear).toBeCalledTimes(0); + }); }); diff --git a/public/apps/account/utils.tsx b/public/apps/account/utils.tsx index b970ff4c7..b4146e7f4 100644 --- a/public/apps/account/utils.tsx +++ b/public/apps/account/utils.tsx @@ -14,11 +14,11 @@ */ import { HttpStart } from 'opensearch-dashboards/public'; -import { API_AUTH_LOGOUT, OPENID_AUTH_LOGOUT, SAML_AUTH_LOGOUT } from '../../../common'; +import { API_AUTH_LOGOUT } from '../../../common'; +import { setShouldShowTenantPopup } from '../../utils/storage-utils'; +import { httpGet, httpGetWithIgnores, httpPost } from '../configuration/utils/request-utils'; import { API_ENDPOINT_ACCOUNT_INFO } from './constants'; import { AccountInfo } from './types'; -import { httpGet, httpGetWithIgnores, httpPost } from '../configuration/utils/request-utils'; -import { setShouldShowTenantPopup } from '../../utils/storage-utils'; export function fetchAccountInfo(http: HttpStart): Promise { return httpGet(http, API_ENDPOINT_ACCOUNT_INFO); @@ -40,19 +40,6 @@ export async function logout(http: HttpStart, logoutUrl?: string): Promise logoutUrl || `${http.basePath.serverBasePath}/app/login?nextUrl=${nextUrl}`; } -export async function samlLogout(http: HttpStart): Promise { - // This will ensure tenancy is picked up from local storage in the next login. - setShouldShowTenantPopup(null); - window.location.href = `${http.basePath.serverBasePath}${SAML_AUTH_LOGOUT}`; -} - -export async function openidLogout(http: HttpStart): Promise { - // This will ensure tenancy is picked up from local storage in the next login. - setShouldShowTenantPopup(null); - sessionStorage.clear(); - window.location.href = `${http.basePath.serverBasePath}${OPENID_AUTH_LOGOUT}`; -} - export async function externalLogout(http: HttpStart, logoutEndpoint: string): Promise { // This will ensure tenancy is picked up from local storage in the next login. setShouldShowTenantPopup(null); diff --git a/public/utils/logout-utils.tsx b/public/utils/logout-utils.tsx index a0cb6529a..87bb9d967 100644 --- a/public/utils/logout-utils.tsx +++ b/public/utils/logout-utils.tsx @@ -13,19 +13,21 @@ * permissions and limitations under the License. */ -import { setShouldShowTenantPopup } from './storage-utils'; import { HttpInterceptorResponseError, HttpStart, IHttpInterceptController, } from '../../../../src/core/public'; -import { CUSTOM_ERROR_PAGE_URI, LOGIN_PAGE_URI, API_ENDPOINT_AUTHTYPE } from '../../common'; +import { API_ENDPOINT_AUTHTYPE, CUSTOM_ERROR_PAGE_URI, LOGIN_PAGE_URI } from '../../common'; import { httpGet } from '../apps/configuration/utils/request-utils'; +import { setShouldShowTenantPopup } from './storage-utils'; export function interceptError(logoutUrl: string, thisWindow: Window): any { return (httpErrorResponse: HttpInterceptorResponseError, _: IHttpInterceptController) => { if (httpErrorResponse.response?.status === 401) { setShouldShowTenantPopup(null); + // Clear everything in the sessionStorage since they can contain sensitive information + sessionStorage.clear(); if ( !( thisWindow.location.pathname.toLowerCase().includes(LOGIN_PAGE_URI) ||