Merge branch '124-logout' into 'develop'

Resolve "Improve logout and ensure we don't leak logged in state after logout" Closes #124 and #155 See merge request funkwhale/funkwhale!146
2018-04-19 20:17:58 +00:00 · 2018-04-19 20:17:58 +00:00 · b27312648c
commit b27312648c
--- a/changes/changelog.d/124.bugfix
+++ b/changes/changelog.d/124.bugfix
@ -0,0 +1 @@
+Reset all sensitive front-end data on logout (#124)
--- a/changes/changelog.d/155.bugfix
+++ b/changes/changelog.d/155.bugfix
@ -0,0 +1 @@
+Fixed broken playlist modal after login (#155)
--- a/front/src/components/Sidebar.vue
+++ b/front/src/components/Sidebar.vue
@ -35,7 +35,7 @@
        <router-link class="item" v-if="$store.state.auth.authenticated" :to="{name: 'logout'}"><i class="sign out icon"></i> Logout</router-link>
        <router-link class="item" v-else :to="{name: 'login'}"><i class="sign in icon"></i> Login</router-link>
        <router-link class="item" :to="{path: '/library'}"><i class="sound icon"> </i>Browse library</router-link>
-        <router-link class="item" :to="{path: '/favorites'}"><i class="heart icon"></i> Favorites</router-link>
+        <router-link class="item" v-if="$store.state.auth.authenticated" :to="{path: '/favorites'}"><i class="heart icon"></i> Favorites</router-link>
        <a
          @click="$store.commit('playlists/chooseTrack', null)"
          v-if="$store.state.auth.authenticated"
--- a/front/src/store/auth.js
+++ b/front/src/store/auth.js
@ -19,6 +19,14 @@ export default {
    }
  },
  mutations: {
+    reset (state) {
+      state.authenticated = false
+      state.profile = null
+      state.username = ''
+      state.token = ''
+      state.tokenData = {}
+      state.availablePermissions = {}
+    },
    profile: (state, value) => {
      state.profile = value
    },
@ -53,8 +61,6 @@ export default {
      return axios.post('token/', credentials).then(response => {
        logger.default.info('Successfully logged in as', credentials.username)
        commit('token', response.data.token)
-        commit('username', credentials.username)
-        commit('authenticated', true)
        dispatch('fetchProfile')
        // Redirect to a specified route
        router.push(next)
@ -64,19 +70,25 @@ export default {
      })
    },
    logout ({commit}) {
-      commit('authenticated', false)
+      let modules = [
+        'auth',
+        'favorites',
+        'player',
+        'playlists',
+        'queue',
+        'radios'
+      ]
+      modules.forEach(m => {
+        commit(`${m}/reset`, null, {root: true})
+      })
      logger.default.info('Log out, goodbye!')
      router.push({name: 'index'})
    },
    check ({commit, dispatch, state}) {
      logger.default.info('Checking authentication...')
      var jwt = state.token
-      var username = state.username
      if (jwt) {
-        commit('authenticated', true)
-        commit('username', username)
        commit('token', jwt)
-        logger.default.info('Logged back in as ' + username)
        dispatch('fetchProfile')
        dispatch('refreshToken')
      } else {
@ -88,6 +100,7 @@ export default {
      return axios.get('users/users/me/').then((response) => {
        logger.default.info('Successfully fetched user profile')
        let data = response.data
+        commit('authenticated', true)
        commit('profile', data)
        commit('username', data.username)
        dispatch('favorites/fetch', null, {root: true})
--- a/front/src/store/favorites.js
+++ b/front/src/store/favorites.js
@ -20,6 +20,10 @@ export default {
        }
      }
      state.count = state.tracks.length
+    },
+    reset (state) {
+      state.tracks = []
+      state.count = 0
    }
  },
  getters: {
--- a/front/src/store/player.js
+++ b/front/src/store/player.js
@ -15,6 +15,10 @@ export default {
    looping: 0 // 0 -> no, 1 -> on  track, 2 -> on queue
  },
  mutations: {
+    reset (state) {
+      state.errorCount = 0
+      state.playing = false
+    },
    volume (state, value) {
      value = parseFloat(value)
      value = Math.min(value, 1)
--- a/front/src/store/playlists.js
+++ b/front/src/store/playlists.js
@ -17,6 +17,11 @@ export default {
    },
    showModal (state, value) {
      state.showModal = value
+    },
+    reset (state) {
+      state.playlists = []
+      state.modalTrack = null
+      state.showModal = false
    }
  },
  actions: {
--- a/front/src/store/queue.js
+++ b/front/src/store/queue.js
@ -10,6 +10,12 @@ export default {
    previousQueue: null
  },
  mutations: {
+    reset (state) {
+      state.tracks = []
+      state.currentIndex = -1
+      state.ended = true
+      state.previousQueue = null
+    },
    currentIndex (state, value) {
      state.currentIndex = value
    },
--- a/front/src/store/radios.js
+++ b/front/src/store/radios.js
@ -26,6 +26,10 @@ export default {
    }
  },
  mutations: {
+    reset (state) {
+      state.running = false
+      state.current = false
+    },
    current: (state, value) => {
      state.current = value
    },
--- a/front/test/unit/specs/store/auth.spec.js
+++ b/front/test/unit/specs/store/auth.spec.js
@ -89,7 +89,12 @@ describe('store/auth', () => {
        action: store.actions.logout,
        params: {state: {}},
        expectedMutations: [
-          { type: 'authenticated', payload: false }
+          { type: 'auth/reset', payload: null, options: {root: true} },
+          { type: 'favorites/reset', payload: null, options: {root: true} },
+          { type: 'player/reset', payload: null, options: {root: true} },
+          { type: 'playlists/reset', payload: null, options: {root: true} },
+          { type: 'queue/reset', payload: null, options: {root: true} },
+          { type: 'radios/reset', payload: null, options: {root: true} }
        ]
      }, done)
    })
@ -107,8 +112,6 @@ describe('store/auth', () => {
        action: store.actions.check,
        params: {state: {token: 'test', username: 'user'}},
        expectedMutations: [
-          { type: 'authenticated', payload: true },
-          { type: 'username', payload: 'user' },
          { type: 'token', payload: 'test' }
        ],
        expectedActions: [
@ -132,8 +135,6 @@ describe('store/auth', () => {
        payload: {credentials: credentials},
        expectedMutations: [
          { type: 'token', payload: 'test' },
-          { type: 'username', payload: 'bob' },
-          { type: 'authenticated', payload: true }
        ],
        expectedActions: [
          { type: 'fetchProfile' }
@ -175,6 +176,7 @@ describe('store/auth', () => {
      testAction({
        action: store.actions.fetchProfile,
        expectedMutations: [
+          { type: 'authenticated', payload: true },
          { type: 'profile', payload: profile },
          { type: 'username', payload: profile.username },
          { type: 'permission', payload: {key: 'admin', status: true} }
--- a/front/test/unit/specs/store/queue.spec.js
+++ b/front/test/unit/specs/store/queue.spec.js
@ -326,7 +326,7 @@ describe('store/queue', () => {
        action: store.actions.shuffle,
        params: {state: {currentIndex: 1, tracks: tracks}},
        expectedMutations: [
-          { type: 'player/currentTime', payload: 0 , options: {root: true}},
+          { type: 'player/currentTime', payload: 0, options: {root: true}},
          { type: 'tracks', payload: [] }
        ],
        expectedActions: [
				`@ -0,0 +1 @@`
				`Reset all sensitive front-end data on logout (#124)`
				`@ -0,0 +1 @@`
				`Fixed broken playlist modal after login (#155)`