1

If a User is not authenticated, I redirect him to a corporate login page: 

https://super-secret-gateway/authorization.oauth2?client_id=XXXX&redirect_uri=http://localhost:4200/callback&response_type=token&scope=profile%20openid

Once he is authenticated after entering his username and password, he is redirected back with the following URL

https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState

I can't figure out how to use authenticateSession test helper in this case. The ESA docs have no detailed example about that and the way I do it is not working:

module('Acceptance | Dashboard', function(hooks) {
  setupWindowMock(hooks);
  setupApplicationTest(hooks);
  setupMirageTest(hooks);

  test('Authenticated users can visit /dashboard', async function(assert) {
    let shop = this.server.create('shop');
    this.server.create('user', { shop });

    await authenticateSession({
      token: 'abcdDEF',
      token_type: 'Bearer'
    });

    await visit('/dashboard');

    assert.equal(currentURL(), '/dashboard', 'user is on dashboard page');
  });
});

It seems like the problem is due to the use of window.location.replace in my index route:

export default Route.extend(UnauthenticatedRouteMixin, { session: service('session'), routeIfAlreadyAuthenticated: 'dashboard',

  beforeModel: function() {
    this._super(...arguments);
    if (!this.get('session.isAuthenticated')) {
      let oauthUrl = config.oauthUrl;
      let clientId = config.clientID;
      let redirectURI = `${window.location.origin}/callback`;
      let responseType = `token`;
      let scope = `profile%20openid`;
      window.location.replace(oauthUrl
                            + `?client_id=${clientId}`
                            + `&redirect_uri=${redirectURI}`
                            + `&response_type=${responseType}`
                            + `&scope=${scope}`
      );
    }
  }

To get around this problem, I have to use ember-window-mock add-on. But event in this case, the problem is still there. The point is when I use this assertion:

assert.equal(window.location.href, '/dashboard', 'user is on dashboard page');

the test displays the difference of window.location.href pointing to the login page instead of /dashboard. If I use this assertion:

assert.equal(currentURL(), '/dashboard', 'user is on dashboard page');

the difference is:

Expected:|"/dashboard"|
|Result:|"/"|

What am I missing? Thank you.

belgoros
  • 3,590
  • 7
  • 38
  • 76
  • Are you sure the redirect works? That has been the cause of all our trouble with that kind of authentication workflow. – Bracke Feb 13 '19 at 07:43
  • @Bracke: first, I had to change `token` to `access_token`, that's what ESA sends back, unfortunately, the official README has no mentions about that. Another point is if I put a breakpoint in `index.js`, I'll update the post in several seconds, the value of the condition `if (!this.get('session.isAuthenticated'))` is true and I'm still redirected to the external login page. – belgoros Feb 13 '19 at 08:13
  • What does `this.get('session.data')` result in? – Bracke Feb 13 '19 at 10:15
  • @Bracke If I add `console.log` to `index` route just before the `if` clause, it sends `[object Object]` – belgoros Feb 13 '19 at 10:23
  • Right. how about `this.get('session.data.authenticated')`? According to http://ember-simple-auth.com/api/classes/SessionService.html it should contain "the session data that the authenticator resolved with when the session was authenticated (see authenticate) and that will be cleared when the session is invalidated." – Bracke Feb 13 '19 at 10:27
  • @Bracke when running the app, it sends correctly `{authenticator: "authenticator:oauth2-implicit-grant", access_token: "eyJhbGciOiJSUzI1NiIsImtpZCSI…", token_type: "Bearer", expires_in: "7199"}`. In tests it is just empty. – belgoros Feb 13 '19 at 10:31
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/188336/discussion-between-belgoros-and-bracke). – belgoros Feb 13 '19 at 10:32

0 Answers0