Skip to content

Commit

Permalink
fix(login): ensure $locationChange respects login
Browse files Browse the repository at this point in the history
This commit fixes a critical bug introduced throughout the `ui-router`
upgrade that allows users to access any page without logging in to the
application.  This has been patched so that $locationChange does not
even begin if the user session does not exist.

Finally, informative messages have been added to tell the user exactly
what is going on and what to do next when the session exists, doesn't
exist, or otherwise.
  • Loading branch information
jniles committed May 5, 2016
1 parent f360025 commit 2a40636
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 6 deletions.
4 changes: 3 additions & 1 deletion client/src/i18n/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@
"LOGIN_PLACEHOLDER_USERNAME" : "Enter your username",
"TOO_MANY_TRYS" : "Forgot your username or password? Please ask the system administrator to reset it.",
"WELCOME" : "Welcome to bhima!",
"GOODBYE" : "Thank you for using bhima. Come back soon!"
"GOODBYE" : "Thank you for using bhima. Come back soon!",
"UNAUTHENTICATED" : "You have been logged off. Please sign back in to resume using the application.",
"CANNOT_RETURN_TO_LOGIN" : "You are currently logged in. To return to the login page, please log out using the settings page."
},
"BILLING_SERVICES": {
"BTN": {
Expand Down
31 changes: 26 additions & 5 deletions client/src/js/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -937,11 +937,32 @@ function localeConfig(tmhDynamicLocaleProvider) {
}

// redirect to login if not signed in.
function startupConfig($rootScope, $location, SessionService, amMoment) {
$rootScope.$on('$stateChangeStart', function (event, next) {
if (!SessionService.user) {
$location.url('/login');
function startupConfig($rootScope, $state, SessionService, amMoment, Notify) {

// make sure the user is logged in and allowed to access states when
// navigating by URL. This is pure an authentication issue.
$rootScope.$on('$locationChangeStart', function (event, next) {

var isLoggedIn = !!SessionService.user;
var isLoginState = next.indexOf('#/login') !== -1;

// if the user is logged in and trying to access the login state, deny the
// attempt with a message "Cannot return to login. Please log out from the
// Settings Page."
if (isLoggedIn && isLoginState) {
event.preventDefault();
Notify.warn('AUTH.CANNOT_RETURN_TO_LOGIN');

// if the user is not logged in and trying to access any other state, deny
// the attempt with a message that their session expired and redirect them
// to the login page.
} else if (!isLoggedIn && !isLoginState) {
event.preventDefault();
Notify.warn('AUTH.UNAUTHENTICATED');
$state.go('login', {}, { notify : false });
}

// else, the user is free to continue as they wish
});

// make sure $stateChangeErrors are emitted to the console.
Expand Down Expand Up @@ -994,4 +1015,4 @@ bhima.config(['$httpProvider', httpConfig]);
bhima.config(['$animateProvider', animateConfig]);

// run the application
bhima.run(['$rootScope', '$location', 'SessionService', 'amMoment', startupConfig]);
bhima.run(['$rootScope', '$state', 'SessionService', 'amMoment', 'NotifyService', startupConfig]);

0 comments on commit 2a40636

Please sign in to comment.