Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication error (401) causes undefined object error while tries to call invalidateSession() #9315

Closed
werdy77 opened this issue Nov 29, 2023 · 1 comment
Closed

Authentication error (401) causes undefined object error while tries to call invalidateSession() #9315

werdy77 opened this issue Nov 29, 2023 · 1 comment
Labels
bug

Comments

@werdy77
Copy link

werdy77 commented Nov 29, 2023
edited
Loading

Type of issue:

- [ ] New feature request
- [x] Bug  
- [ ] Support request

Current behavior:
When a session has timed out (or the ticket has been invalidated), AlfrescoApi catches the error (401) and tries to invalidate the session. But AlfrescoApi.contentAuth object is undefined, so when the AlfrescoApi.errorHandler() calls this.invalidateSession() and this.contentAuth.invalidateSession(), it cause js undefined error.

ERROR TypeError: Cannot read properties of undefined (reading 'invalidateSession')
    at AlfrescoApi.invalidateSession (alfrescoApi.js:397:30)
    at AlfrescoApi.errorHandler (alfrescoApi.js:164:18)
    at ContentClient.<anonymous> (alfrescoApi.js:153:18)
    at ContentClient.emit (index.js:97:9)
    at alfresco-adf-core-api.mjs:300:30
    at catchError.js:10:39
    at OperatorSubscriber._error (OperatorSubscriber.js:23:21)
    at OperatorSubscriber.error (Subscriber.js:40:18)
    at OperatorSubscriber._error (Subscriber.js:64:30)
    at OperatorSubscriber.error (Subscriber.js:40:18)

It seems AlfrescoApi.contentAuth is initialized in AlfrescoApi.initAuth(), but it is called only if this.config.oauthInit is true (what is false on basic authentication).

Expected behavior:
At authentication error (401) AlfrescoApi.invalidateSession() should be called without error and invalidate the session (delete the ticket). Without this ADF LoginComponent detects, that the session is valid and redirects from the login screen.

Steps to reproduce the issue:

  1. Authenticate with an ADF application, which uses AlfrescoApi (like Alfresco Content Application).
  2. Find stored Alfresco ticket in the ADF app browser developer tool/local storage under ticket-ECM name.
  3. Invalidate ticket with authentication API DELETE call:
alfresco/api/-default-/public/authentication/versions/1/tickets/-me-?alf_ticket=TICKET_216825fcb1b7a17daa939518b06bc5c49b48c6c2
  1. Initiate an Alfresco REST API call from the ADF application.

Node version (for build issues):
v18.17.1
@werdy77 werdy77 changed the title Authentication error (401) cause undefined object error while tries to call invalidateSession() Authentication error (401) causes undefined object error while tries to call invalidateSession() Nov 29, 2023
@DenysVuika DenysVuika added the bug label Jan 30, 2024
@DenysVuika DenysVuika transferred this issue from Alfresco/alfresco-js-api Feb 8, 2024
@MichalKinas
Copy link
Contributor

Fixed by #9152

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DenysVuika @werdy77 @MichalKinas