-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MCR-3849 Fix session timeout #2719
Conversation
- inherit from base Modal - create SessionTimeoutModal as own component - simplify styles - removing V2 naming from UnlockResubmitModal
- add to package.json - remove session timeout custom timekeeping, props from AuthContext - add IdleTimer to AuthenticatedRouteWrapper - start to add tests
…incompatible values
372144f
to
57b658c
Compare
@haworku for "logout and continue work across tabs", is this the desired behavior? When I logged out of one tab I was still able to do work in another tab |
@pearl-truss No, that's the buggy behavior that we want to test for and hopefully we don't see it. Can you send me the replication steps you used and which user in the review app you were using (toph currently has shorter session duration) |
I was using aang.
|
@pearl-truss TY for finding this! I added to acceptance testing script under a new section called basic login and logout. FYI from discussion in standup today, looks like this one is an existing bug not a new regression, and not in scope for this ticket. The bug shouldn't block this PR going through. However, I will still look into solving it also on this branch in case I can fix now, will ping you if I do so. If you see any other issues, please raise them – this manual testing is very helpful. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love getting to replace custom code with a solid library. I have some questions about us throwing errors we get from Amplify but otherwise this looks great
// s3 file upload failing could be due to IDM session timeout | ||
// double check the user still has their session, if not, logout to update the React state with their login status | ||
try { | ||
await checkAuth() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why does checkAuth throw instead of return an error?
const [countdownSeconds, setCountdownSeconds]= useState(idleTimer.getRemainingTime() / 1000) | ||
|
||
const handleLogoutSession = async () => { | ||
idleTimer.message({action:'LOGOUT_SESSION'}, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could these actions be constants?
} | ||
} | ||
throw Error('Cognito SignIn error') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like we used to return errors when it was an error we understood and only threw when it was something truly unexpected. I don't love turning this into something that always throws. Honestly I think since writing this we've moved towards just returning un-understood errors as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes agreed I can do that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@macrael Actually looking more at this code - all of cognitoAuth throws for errors. The oddity was returning both Errors and throwing and thats why I moved it to throw to unify it and unify that interface on the frontend. What do you want to do here? Shall I make a ticket to refactor cognitoAuth?
Shall I just change this one still?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's not going to change having to do try/catch in our pages then I don't care if you fix this one or not, but I would like to have a ticket tracking moving this to returning errors instead. My goal is that inside any of our pages/components we never have to call try/catch because anything that can throw has been wrapped up as a dependency
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ended up rewriting cognitoAuth
anyway - but there are other files that have the same issue that I left alone. Looks like we already have a ticket to address this issue - I updated it to also include adding more eslint rules.
@haworku on the review app as soon as I signed in I got a session timeout modal. ETA But I was using toph...let me try with someone else |
@haworku nevermind my other comment! Everything looks good if this is okay: I put my computer to sleep and when I came back to MC-Review the session timeout modal had counted down to 0:00 but stayed on the page without automatically signing me out. |
@pearl-truss Thanks for catching this. It really should be logging out, I see handling in the library for this too. However, I also see open issues about what happens when computer sleep when For now I added handling to modal itself to disable continue and only allow logout in cases where the countdown finishes but for some reason it does not close and logout. What do you think? |
Summary
Address issues with session timeout and re-implement with IdleTimer .
Issues addressed include:
Still in progress
AuthenticatedRouteWrapper
tests for idle timer behaviorsRelated issues
https://jiraent.cms.gov/browse/MCR-3849
Screenshots
Test cases covered
Session Timeout acceptance jam document forthcoming
QA guidance
Please re-test the steps from this comment in Jira.
And also pick a couple of these acceptance jam cases to retest. Keep in mind the timeout for toph in review apps is set to 2min to make things go faster so you won't have to wait as long to verify things.