Merge pull request #691 from...

Merge pull request #691 from atmire/w2p-71201_Angular-UI-does-not-properly-logout-when-clicking-logout Angular UI does not properly log out when clicking logout

Merge pull request #691 from...
Merge pull request #691 from atmire/w2p-71201_Angular-UI-does-not-properly-logout-when-clicking-logout Angular UI does not properly log out when clicking logout
c423b474 · Tim Donohue · GitHub · 45247ff0 · 1295e127 · c423b474
Unverified Commit c423b474 authored 4 years ago by Tim Donohue Committed by GitHub 4 years ago
--- a/src/app/core/auth/auth.interceptor.spec.ts
+++ b/src/app/core/auth/auth.interceptor.spec.ts
@@ -48,7 +48,7 @@ describe(`AuthInterceptor`, () => {

  describe('when has a valid token', () => {

-    it('should not add an Authorization header when we’re sending a HTTP request to \'authn\' endpoint', () => {
+    it('should not add an Authorization header when we’re sending a HTTP request to \'authn\' endpoint that is not the logout endpoint', () => {
      service.request(RestRequestMethod.POST, 'dspace-spring-rest/api/authn/login', 'password=password&user=user').subscribe((response) => {
        expect(response).toBeTruthy();
      });
@@ -58,8 +58,19 @@ describe(`AuthInterceptor`, () => {
      const token = httpRequest.request.headers.get('authorization');
      expect(token).toBeNull();
    });
+    it('should add an Authorization header when we’re sending a HTTP request to the\'authn/logout\' endpoint', () => {
+      service.request(RestRequestMethod.POST, 'dspace-spring-rest/api/authn/logout', 'test').subscribe((response) => {
+        expect(response).toBeTruthy();
+      });
+
+      const httpRequest = httpMock.expectOne(`dspace-spring-rest/api/authn/logout`);
+
+      expect(httpRequest.request.headers.has('authorization'));
+      const token = httpRequest.request.headers.get('authorization');
+      expect(token).toBe('Bearer token_test');
+    });

-    it('should add an Authorization header when we’re sending a HTTP request to \'authn\' endpoint', () => {
+    it('should add an Authorization header when we’re sending a HTTP request to a non-\'authn\' endpoint', () => {
      service.request(RestRequestMethod.POST, 'dspace-spring-rest/api/submission/workspaceitems', 'test').subscribe((response) => {
        expect(response).toBeTruthy();
      });

--- a/src/app/core/auth/auth.interceptor.ts
+++ b/src/app/core/auth/auth.interceptor.ts
@@ -221,7 +221,7 @@ export class AuthInterceptor implements HttpInterceptor {
      // Redirect to the login route
      this.store.dispatch(new RedirectWhenTokenExpiredAction('auth.messages.expired'));
      return observableOf(null);
-    } else if (!this.isAuthRequest(req) && isNotEmpty(token)) {
+    } else if ((!this.isAuthRequest(req) || this.isLogoutResponse(req)) && isNotEmpty(token)) {
      // Intercept a request that is not to the authentication endpoint
      authService.isTokenExpiring().pipe(
        filter((isExpiring) => isExpiring))