EP-2362 - Okta #1080
EP-2362 - Okta #1080
Conversation
|
Doesn't seem to like |
| @@ -388,6 +389,11 @@ class ProductConfigFormController { | |||
| this.$window.location = url | |||
| } | |||
| } | |||
|
|
|||
| shouldShowForcedUserToLogoutError() { | |||
There was a problem hiding this comment.
Tell me more about this new function
There was a problem hiding this comment.
On adding an item to the cart, we check to see if the user has a public role, is logged into Okta and has no items in their account. If so, we automatically force the user to logout.
This was happening before, but when it was logging out, it didn't require a refresh. Okta requires a refresh since we send the user to the Okta site to clear Okta's session data and then return to the Give site.
We handle this here src/common/services/api/cart.service.js - Lines 164 - 181
On the sessionService.oktaSignOut we pass a prop which tells session data to store a prop called forcedUserToLogout. We also ensure Okta returns the user to the same page.
src/common/services/session/session.service.js Lines 317 - 322
Onsrc/app/productConfig/productConfigForm/productConfigForm.component.js, we watch for the forcedUserToLogout session data and show the warning to the user if present.
src/common/components/signUpActivationModal/signUpActivationModal.tpl.html
Outdated
Show resolved
Hide resolved
dr-bizz
added
the
On Staging
|
the |
|
Not sure if the latest has been merged to stage yet or not, but something is still sending me to the home page when hitting branded checkout. You can test by going to https://give-stage2.cru.org/branded-checkout.html |
|
Here is a test branded checkout page that is not on give itself, we'll need to make sure the Okta logout works on pages like this as well. |
src/common/components/signUpActivationModal/signUpActivationModal.tpl.html
Outdated
Show resolved
Hide resolved
src/common/components/signUpActivationModal/signUpActivationModal.tpl.html
Outdated
Show resolved
Hide resolved
src/common/components/registerAccountModal/registerAccountModal.tpl.html
Outdated
Show resolved
Hide resolved
src/common/components/registerAccountModal/registerAccountModal.component.js
Outdated
Show resolved
Hide resolved
src/common/components/registerAccountModal/registerAccountModal.component.js
Outdated
Show resolved
Hide resolved
src/common/components/registerAccountModal/registerAccountModal.component.js
Outdated
Show resolved
Hide resolved
| if (angular.isDefined(this.verificationServiceSubscription)) this.verificationServiceSubscription.unsubscribe() | ||
| this.verificationServiceSubscription = this.verificationService.postDonorMatches().subscribe({ | ||
| next: () => { this.stateChanged('user-match') }, // Donor match success, Proceed to step 5. | ||
| error: () => { this.onCancel() } // Donor Match failed, Register Account workflow failed |
There was a problem hiding this comment.
I wonder if we should handle timeouts (503 response) differently. It currently brings the donor back to the home page with no indication that something went wrong. Probably out of scope for this PR since it is handling it the same way as before.
src/common/components/signUpModal/signUpModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/signUpModal/signUpModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/signUpModal/signUpModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/signUpModal/signUpModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/userMatchModal/userMatchModal.component.js
Outdated
Show resolved
Hide resolved
src/common/components/userMatchModal/userMatchModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/userMatchModal/userMatchModal.component.spec.js
Outdated
Show resolved
Hide resolved
src/app/thankYou/accountBenefits/accountBenefits.component.spec.js
Outdated
Show resolved
Hide resolved
| this.sessionHandleOktaRedirectService.errorMessageSubject.subscribe((errorMessage) => { | ||
| this.errorMessage = errorMessage | ||
| }) |
There was a problem hiding this comment.
Logging the err to the this.errorMessage variable was in the original version of this file, so I've added it, but nowhere uses errorMessage so we can take it out unless you think we could use it in the future.
There was a problem hiding this comment.
I'm not seeing this in the master branch. If it fails, it redirects to the home page. However, I do see $ctrl.errorMessage being used on the sign in form. Would that show this error message?
| this.sessionHandleOktaRedirectService.errorMessageSubject.subscribe((errorMessage) => { | ||
| this.errorMessage = errorMessage | ||
| }) |
There was a problem hiding this comment.
Here again with the errorMessage I've added it in, but since we don't use errorMessage we can remove it.
There was a problem hiding this comment.
I would think the signInForm would inherit this error message
| } | ||
|
|
||
| $onInit () { | ||
| if (includes([Roles.identified, Roles.registered], this.sessionService.getRole())) { |
There was a problem hiding this comment.
| if (includes([Roles.identified, Roles.registered], this.sessionService.getRole())) { | |
| if (this.sessionService.getRole() !== 'PUBLIC')) { |
There was a problem hiding this comment.
This is probably fine since we aren't planning to add more roles anytime soon I think.
| if (this.unverifiedAccount.email) { | ||
| this.initialLoading = false | ||
| } |
There was a problem hiding this comment.
Test if we need this in If statement or if we should wrap the whole this.sessionService.checkCreateAccountStatus in the email If statement.
| if (!this.donorDetails.name['given-name'] && angular.isDefined(this.sessionService.session.first_name)) { | ||
| this.donorDetails.name['given-name'] = this.sessionService.session.first_name | ||
| } | ||
| if (!this.donorDetails.name['family-name'] && angular.isDefined(this.sessionService.session.last_name)) { | ||
| this.donorDetails.name['family-name'] = this.sessionService.session.last_name | ||
| } | ||
| if (angular.isUndefined(this.donorDetails.email) && angular.isDefined(this.sessionService.session.email)) { | ||
| this.donorDetails.email = this.sessionService.session.email |
There was a problem hiding this comment.
We should do all these the same. angular.isUndefined or !this.donorDetails...
| it('does not broadcast an event if not registered/new', () => { | ||
| $ctrl.sessionEnforcerService.mock.calls[0][1]['change'](Roles.registered, 'COMPLETED') | ||
| expect($ctrl.$rootScope.$broadcast).not.toHaveBeenCalled() | ||
| it('should call onHandleOktaRedirect', () => { |
There was a problem hiding this comment.
Is this not just a duplicate of the one above now (it('should call onHandleOktaRedirect onInit')?
|
|
||
| expect($log.error).toHaveBeenCalledWith('Failed to redirect from Okta', 'ERROR_MESSAGE') | ||
| sessionHandleOktaRedirectService.errorMessageSubject.subscribe((errorMessage) => { | ||
| expect(errorMessage).toEqual('generic') |
There was a problem hiding this comment.
Does this actually get called?
| expect(sessionService.updateCurrentProfile).toHaveBeenCalled() | ||
| expect($rootScope.$broadcast).toHaveBeenCalledWith(LoginOktaOnlyEvent, 'register-account') | ||
| }) | ||
| }); |
| @@ -189,7 +189,7 @@ describe('signUpActivationModal', function () { | |||
| expect ($ctrl.unverifiedAccount).toEqual({ | |||
| ...createAccountDataCookieData, | |||
| ...checkCreateAccountStatusData, | |||
| status: 'Awaiting Admin approval' | |||
| status: 'Sending Activation Email' | |||
There was a problem hiding this comment.
Here is a case where it would have been helpful to have a constant that we reference instead of hard-coding the language in multiple places.
| this.sessionHandleOktaRedirectService.errorMessageSubject.subscribe((errorMessage) => { | ||
| this.errorMessage = errorMessage | ||
| }) |
There was a problem hiding this comment.
I'm not seeing this in the master branch. If it fails, it redirects to the home page. However, I do see $ctrl.errorMessage being used on the sign in form. Would that show this error message?
| this.sessionHandleOktaRedirectService.errorMessageSubject.subscribe((errorMessage) => { | ||
| this.errorMessage = errorMessage | ||
| }) |
There was a problem hiding this comment.
I would think the signInForm would inherit this error message
| } | ||
|
|
||
| $onInit () { | ||
| if (includes([Roles.identified, Roles.registered], this.sessionService.getRole())) { |
There was a problem hiding this comment.
This is probably fine since we aren't planning to add more roles anytime soon I think.
|
I noticed the last commit didn't make it to stage, maybe due to being out of sync |
Note: Do not use the authClient to logout, just have cortex gateway delete the cookies. This matches the current site experience, and also keeps us from having to add a separate logout uri for every branded checkout page.
| <div> | ||
| <loading> | ||
| <p><translate>Successfully logged out.</translate></p> | ||
| <p><translate>Redirecting to your previous page...</translate></p> |
There was a problem hiding this comment.
This should be dynamic language based on the logic in the controller.
src/app/thankYou/accountBenefits/accountBenefits.component.spec.js
Outdated
Show resolved
Hide resolved
src/app/thankYou/accountBenefits/accountBenefits.component.spec.js
Outdated
Show resolved
Hide resolved
src/common/components/accountBenefitsModal/accountBenefitsModal.component.js
Outdated
Show resolved
Hide resolved
src/common/components/userMatchModal/userMatchModal.component.js
Outdated
Show resolved
Hide resolved
[EP-2362] Save contact info after sign up
[EP-2362] Remove session modal's signup modal
…ger needed the changes that we made.
…d redirect them back to their page prior to login. I've also updated a variable in sessionService and ensure that this page works, which is why a few other files have changed.
src/common/components/registerAccountModal/registerAccountModal.component.js
Outdated
Show resolved
Hide resolved
[EP-2362] Improvements to register account modal
Description
Replacing our login/logout functionality with Okta. This PR allows users to login and create an account with Okta.
Sign in
To sign, it's very much like other applications where the user gets redirected to Okta and brought back to the redirect URL.
We no longer maintain login/session data on our local storage or session storage. This is now stored via Okta.
Register
The user enters their email, first name and last name. On submit, we do a post request to create an account on Okta while keeping the user on the Give site.
Once that is complete, they go into the next phase of activating their email. Once activated it will automatically update the modal to send the user to the next step.
Jira