Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added test for missing authentication token #5450

Merged
merged 8 commits into from
Feb 17, 2023
Merged

Added test for missing authentication token #5450

merged 8 commits into from
Feb 17, 2023

Conversation

klakhov
Copy link
Contributor

@klakhov klakhov commented Dec 12, 2022

Motivation and context

Related #5331
Added test, changed fix because of temporary solutions in #5344

How has this been tested?

Checklist

License

  • I submit my code changes under the same MIT License that covers the project.
    Feel free to contact the maintainers if that's a concern.

bsekachev
bsekachev previously approved these changes Dec 13, 2022
View reviewed changes
@bsekachev bsekachev dismissed their stale review December 13, 2022 08:25

CI failed

@bsekachev
Copy link
Member

Test looks fine, but can you look at other tests? Something wrong with them.
And what with test when Authentification by URL? As far as I remember you told we have it .. ?

@klakhov klakhov changed the title Added test for missing authentication token [WIP] Added test for missing authentication token Dec 13, 2022
@Marishka17
Copy link
Contributor

/check

@github-actions
Copy link
Contributor

github-actions bot commented Dec 14, 2022
edited
Loading

❌ Some checks failed
📄 See logs here

@klakhov klakhov mentioned this pull request Dec 20, 2022
Closed
2 tasks
@klakhov klakhov mentioned this pull request Feb 10, 2023
Merged
7 tasks
@klakhov klakhov changed the title [WIP] Added test for missing authentication token Added test for missing authentication token Feb 15, 2023
@klakhov klakhov requested review from bsekachev and removed request for azhavoro February 15, 2023 09:51
@bsekachev
Copy link
Member

@klakhov

There is one failed test: actions_users/issue_1810_login_logout.js

bsekachev
bsekachev reviewed Feb 15, 2023
View reviewed changes
cvat-core/src/server-proxy.ts Outdated Show resolved Hide resolved
cvat-core/src/server-proxy.ts Outdated
// At first we check if authentication token is present
// Request in getSelf will provide correct authentication cookies
if (!store.get('token')) {
await logout();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just remoive cookies?
There is one big difference between server logout and removing cookies from the client.
In the first case we also logout all the authorized sessions on the server. Do you think it is expected behaviour?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't just remove cookies. sessionid is protected by HttpOnly flag which prevents browser from reading/writing this cookie.
But I would agree that server logout is overkill in that situation, even if we cant remove cookie we can still redirect user to login page, so if he logins once again his session would be restored and no logout needed.

tests/cypress/e2e/actions_users/issue_1810_login_logout.js
@@ -18,7 +18,6 @@ context('When clicking on the Logout button, get the user session closed.', () =
}

before(() => {
// TMP fix for login tests, need to change login logic with sessions
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we remove also:

cy.clearAllCookies();
        cy.clearAllLocalStorage();

???

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That paticular test depends on const task. Prepare to testing logins and creates task, and then user is loggined, and we cant login once again without logout, so we need to clear data before it. Frankly, im not sure why this test was passing before.

tests/cypress/e2e/issues_prs/pr_5331_missing_authentication_data.js Outdated Show resolved Hide resolved
tests/cypress/e2e/issues_prs/pr_5331_missing_authentication_data.js Outdated Show resolved Hide resolved
@klakhov klakhov changed the title Added test for missing authentication token [WIP] Added test for missing authentication token Feb 15, 2023
@klakhov klakhov changed the title [WIP] Added test for missing authentication token Added test for missing authentication token Feb 17, 2023
@klakhov
Copy link
Contributor Author

klakhov commented Feb 17, 2023

@bsekachev Could you look on this once again?

@bsekachev bsekachev merged commit 55c613a into develop Feb 17, 2023
@bsekachev bsekachev deleted the kl/add-force-logout-test branch March 1, 2023 09:28
mikhail-treskin pushed a commit to retailnext/cvat that referenced this pull request Jul 1, 2023
@klakhov @Marishka17 @mikhail-treskin
Added test for missing authentication token (cvat-ai#5450)
ec5d026 
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md)
guide. -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Related cvat-ai#5331 
Added test, changed fix because of temporary solutions in cvat-ai#5344 
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [ ] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md)
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation)
accordingly
- [ ] I have added tests to cover my changes
- [ ] I have linked related issues ([read github docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning)
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))

### License

- [ ] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.

---------

Co-authored-by: Maya <maya17grd@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsekachev bsekachev bsekachev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@klakhov @bsekachev @Marishka17